Infrastructure

12:25 PM
Mike Powell, Thomson Reuters
Mike Powell, Thomson Reuters
Commentary
50%
50%

Safe haven: Why Managed Services are a Natural Fit for an Evolving Financial Industry

Despite the security concerns that get raised around managed services, bank CIOs, IT directors and market data managers would reveal a reassuring and possibly surprising picture, writes Mike Powell of Thomson Reuters.

A recent whitepaper by TABB Group has predicted that by 2016, 50 percent of financial institutions will be using managed services to outsource the management of their IT infrastructure. In addition, the Technology Services Industry Association’s (TSIA) annual survey states that spending for managed services continues to rise at a double-digit rate. So what are the realities of moving to a managed services environment and how are firms tackling fundamental issues such as security and control?

So far the upward trend in managed services adoption has largely been driven by financial concerns, with cost control, lower TCO and shifting IT spend from significant, up front capital investment, to more predictable monthly operational expense, being prime objectives. However TABB notes that it is accompanying benefits such as increased flexibility, agility and IT responsiveness, faster time-to-market for growth products and tighter security and GRC adherence that will see the model really move into the mainstream.

Market data management is becoming an increasingly complex environment, further exacerbated by the complexity of new derivatives and indexes as well as tighter regulations. Therefore the business case for transferring responsibility for system management to companies that specialize in this area is compelling. However, during a recent webinar hosted by TABB Group and Thomson Reuters, the audience of 100 were polled on what challenges and concerns would limit their transition to a managed service environment. 53 percent cited security as their biggest concern in this regard.

Clearly there remain a number of perceived risks around areas such as control and security. But what are the realities? And is there still a case to answer for managed service providers?

Managed service providers have made it their business to be on top of security concerns. Delivering a managed service is not about doing things cheaper, it is about removing from banks the complexity and headaches that come with managing sophisticated and constantly evolving infrastructures and this includes making security a non-issue. Without this covered, the model simply does not work. The opportunity for managed service providers is to manage systems at scale and drive the economies that then make the offering so compelling.

By looking under the surface of what managed providers have in place to manage security, bank CIOs, IT directors and market data managers would reveal a reassuring and possibly surprising picture.

Mike Powell, Thomson Reuters
Mike Powell, Thomson Reuters

Downtime and outages within market data systems can be costly, and have a significant impact on revenues. With built-in layers of redundancy and instantaneous recovery, managed service providers can develop offerings to ensure that downtime simply does not happen for the client. Should a problem occur with the system the customer would not even know it, as back-up systems take over instantly to ensure service is continuous.

Along with system uptime, ensuring secure and auditable access to data at the enterprise, group and individual level is crucial to organisations to protect their own intellectual property and ensure sensitive data is only accessed when and by who it should be. A common misconception is that managed services are ‘in the cloud’ and therefore not secure and that cost benefits are derived from sharing of resources and infrastructure. But this is not the case. For mission-critical managed services, each customer needs to have a completely dedicated environment that provides full separation from other customer deployments. This is so that no other customer within the data centre has any access to another customer’s environment. On top of this, a high level of tailoring is required, with providers working closely with customers to align to corporate policy and ensure that access to systems by employee groups and individuals are managed through secure authentication processes. This needs to be based on a strict information security framework that complements the physical security restrictions and provides key functionality such as access control, password management and strict data classification. It is also important that access across all of these layers is fully auditable by the administrator, offering full transparency to the customer.

External threats and attacks are another area of concern for all IT managers, with the potential to slow or, even worse, crash systems and lose data. Securing data traffic via a multi-layered security architecture including routers, firewalls and intrusion detection systems ensures such threats are also prevented, with systems able to proactively detect and block any internal or external malicious transactions, and secure the data traffic of any sensitive customer data. In addition, government security certifications such as FISMA (Federal Information Security Management Act) and FedRAMP (Federal Risk and Authorization Management Program) are offering more formal recognition of the high standards managed service providers must meet. They also provide standards for compliance controls to meet SSAE 16 (Statement on Standards for Attestation Engagement), a written assertion to auditors that systems and operating activities accurately perform the services they are designed to provide. The certification from regulators offers further reassurances that managed services can offer the most secure path to market data system management.

The competitive advantage that may have once existed for financial institutions building their own advanced proprietary systems is a thing of the past. Technology is now often out of date before it has been fully implemented and the cost of continuous innovation in an area that is not a core business is prohibitive. When experts in managing market data systems are building scalable offerings that are delivering the highest quality systems, at a lower total cost of ownership and with the highest levels of security, there is a natural fit with the market needs we see today. TABB predicts that by 2016 adoption of managed services will hit 50 percent, but the growth will not stop there. By outsourcing technology innovation to the companies that specialize in it, financial institutions can return to focus on the things they do best – creating market opportunities and making money.

—Mike Powell is head of enterprise services at Thomson Reuters.

Comment  | 
Print  | 
More Insights
More Commentary
Data Integrity: A Necessity, Not an Option
Financial institutions that have taken on the data integrity task in the past now have to spend more money on hardware, software, and people just to keep up with the demand.
What Colombia’s New IT Campaign Means for Latin American Tech Investment
Colombia’s campaign is the latest example of how Latin America is trying to edge into the global technology space.
Initial Margin: When Does More Turn Out to Be Less?
Changing margin regulations are set to affect the OTC derivative market, including initial margin risk models for non-cleared OTCs.
The Mainframe Innovation Drag
It may be time for a consortium of firms motivated around the objective of eliminating the mainframe. What if every self-clearing firm decided to participate in building a modern, back-office system as an open-source, cloud-based project?
Big Data DIY
Now that we have passed the initial hype phase of big data, companies are searching for real business value from their investments. Consultants can play a part, but only if financial firms insist on a new partnership model.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.