Security

12:25 PM
Andrew Waxman
Andrew Waxman
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Managing Mobile Risk in the Cloud

Firms should assess their apps and data being exposed to the cloud for the level of security, privacy robustness, and frequency of development updates they require.

With firms increasingly dependent on mobile computing platforms for everything from customer apps to enterprise process management, there’s been an upswing in software development and management activity taking place in the cloud. Jumping on the mobile trend also means that potential for exposure to hackers, malware, and plain old code errors is higher than before. Yet the ever-increasing importance of speed-to-market makes it more and more likely that data security and data privacy will be neglected. With firms focused on critical state-of-the-art trading and payment apps, how to make sure they are not?

Few research studies have been completed on the success rate of major cloud implementations. However, it should not be a complete surprise that while companies will publicly assert confidence in their cloud implementations, in private they may have more doubts and issues to deal with. This is not surprising. First, like any other project, implementations of cloud-based applications are subject to execution failure. Second, in many ways, the opportunities for failure are greater than in traditional projects. As we shall see, the iterative development process and rapid speed-to-market demanded in this market require new ways of working and planning. The result of poor planning and execution is often the failure of critical business applications.

The demand for mobile and remote access capabilities is generally linked to a requirement for cloud computing. Cloud is key to delivering mobile and remote access to customers and employees along with an ability to provide and upgrade apps on the fly. This enables firms to test quickly and put out new versions of apps and software at a premium.

Iterative and agile software development methodologies and tools are the buzzwords of the moment because they capture how software developers are ideally working in this environment. Perfection will not be achieved before code is released, but at the same time certain minimum standards of data security and privacy, as well as release objectives, need to be met. This can be done, but certain preconceptions about the cloud need to be overcome in order to do so. The most important misconception about the cloud is that it necessarily exposes apps and data to the outside world. However, this is not so. Remote space that is purely for use by a single company provides the convenience and cost efficiencies of the cloud along with the ability to protect data and provide privacy to the required level. Known as private clouds, most banks will likely need to deploy this capability to meet their regulatory and customer obligations for privacy and security.

The typical business is not going to be making this journey above the clouds alone. It is going to be working with a partner with expertise and real estate up there. In some ways, this is somewhat similar to Web 1.0, when many new firms were quick to emerge with expertise in website development. These firms came to the fore and enjoyed rapid growth because they had expertise that few traditional providers appeared to have.

Similarly today, many new vendors are emerging to claim leadership in cloud computing. The differences between Web 1.0 and today, however, are significant, and enterprises employing the services of cloud providers should pay attention. In the Web 1.0 development cycle, firms were often simply looking to obtain a presence on the web and were not looking to build out critical and core functions. Today, since firms are looking to host core functions on the cloud and, with that, some of their most sensitive data, they can ill afford errors to occur in core business processes, nor for gaps in security and privacy to be exposed inadvertently or exploited intentionally.  While few companies will acknowledge such failures, they do occur. So how to avoid such a scenario?

First, firms should assess their apps and data being exposed to the cloud for the level of security, privacy robustness, and frequency of development update they require. It’s now become an imperative to easily control, manage, and secure where data and apps reside. Second, they should map their assessment to the type of cloud solution required -- public, private, or hybrid -- as well as vendor capability in solving for rapid development and testing scenarios. Paramount is creating the right environment.  

Third, firms should select cloud computing providers that provide development platforms and testing solutions that are always available with tools suited to rapid and agile software development, including the ability to ensure the constant availability of a testing platform and that access to the development layer is tightly controlled. These capabilities enable institutions to quickly integrate existing and new services and data to drive new innovations.

Cloud computing has proven to be a valuable tool for marrying a financial institution’s existing infrastructure with new cloud workloads driven by trends such as the rise of data, mobile, and social. Companies just need to ensure they are taking advantage of what is an appropriate environment for them at the mobile, social, and traditional computing levels.

Andrew Waxman writes on operational risk in capital markets and financial services. Andrew is a consultant in IBM's US financial risk services and compliance group. The views expressed her are those of his own. As an operational risk manager, Andrew has worked at some of the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
8/20/2014 | 3:36:12 PM
Re: Mostly private cloud
We are seeing that in insurance as well. One of the biggest global insurers is planning a major private cloud rollout over the next couple years.
andrewbw
50%
50%
andrewbw,
User Rank: Author
8/4/2014 | 12:39:10 PM
Re: Mostly private cloud
Great observations Greg, Owing to a highly regulated environment, private cloud will always be important in financial services but hybrid solutions are likely to gather momentum with greater experience and availability of cost saving opportunities. Depending on the sensitivity of the app and related data, different solutions should be considered.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
8/4/2014 | 8:18:15 AM
Mostly private cloud
It seems that in financial services, most cloud deployments are private, with a few using hybrid for less sensitive information. Do you see privacy and security improving? Will public cloud become an option for FS mobile applications?

smithwills654
50%
50%
smithwills654,
User Rank: Apprentice
8/2/2014 | 1:32:44 AM
List of issues
Security is one of the most major issue considered in cloud, next comes lack of compatibility. We can see much compliance on cloud. We could facing monitoring issue in could, it would be highly difficult for monitoring.

Saran,

Mobile application development company
More Commentary
Interactive Data Launches Continuous Fixed Income Pricing Service
Independent intra-day FI pricing is helping to shine light on the opaque fixed income market.
Gartner: 75% of Mobile Apps Will Fail Security Tests Through 2015
The rise of BYOD means enterprises must implement security testing and containment solutions, according to new Gartner research.
Chip & Pain, EMV Will Not Solve Payment Card Fraud
Switching to EMV cards will lower retail fraud, but it's not enough. Here's the good, the bad, and the ugly.
With UCITS V, $9T Isnít as Easy as It Used to Be
With UCITS V's restrictive remuneration rules and hidden costs, going global may get a little less attractive.
Banks to Increase IT Spend on Big Data Challenges, Finds Aite Report
Big data has presented the greatest challenges and dissatisfaction for banks, yet it is the most likely to see upward spending in the next two years.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video