Security

12:25 PM
Andrew Waxman
Andrew Waxman
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Managing Mobile Risk in the Cloud

Firms should assess their apps and data being exposed to the cloud for the level of security, privacy robustness, and frequency of development updates they require.

With firms increasingly dependent on mobile computing platforms for everything from customer apps to enterprise process management, there’s been an upswing in software development and management activity taking place in the cloud. Jumping on the mobile trend also means that potential for exposure to hackers, malware, and plain old code errors is higher than before. Yet the ever-increasing importance of speed-to-market makes it more and more likely that data security and data privacy will be neglected. With firms focused on critical state-of-the-art trading and payment apps, how to make sure they are not?

Few research studies have been completed on the success rate of major cloud implementations. However, it should not be a complete surprise that while companies will publicly assert confidence in their cloud implementations, in private they may have more doubts and issues to deal with. This is not surprising. First, like any other project, implementations of cloud-based applications are subject to execution failure. Second, in many ways, the opportunities for failure are greater than in traditional projects. As we shall see, the iterative development process and rapid speed-to-market demanded in this market require new ways of working and planning. The result of poor planning and execution is often the failure of critical business applications.

The demand for mobile and remote access capabilities is generally linked to a requirement for cloud computing. Cloud is key to delivering mobile and remote access to customers and employees along with an ability to provide and upgrade apps on the fly. This enables firms to test quickly and put out new versions of apps and software at a premium.

Iterative and agile software development methodologies and tools are the buzzwords of the moment because they capture how software developers are ideally working in this environment. Perfection will not be achieved before code is released, but at the same time certain minimum standards of data security and privacy, as well as release objectives, need to be met. This can be done, but certain preconceptions about the cloud need to be overcome in order to do so. The most important misconception about the cloud is that it necessarily exposes apps and data to the outside world. However, this is not so. Remote space that is purely for use by a single company provides the convenience and cost efficiencies of the cloud along with the ability to protect data and provide privacy to the required level. Known as private clouds, most banks will likely need to deploy this capability to meet their regulatory and customer obligations for privacy and security.

The typical business is not going to be making this journey above the clouds alone. It is going to be working with a partner with expertise and real estate up there. In some ways, this is somewhat similar to Web 1.0, when many new firms were quick to emerge with expertise in website development. These firms came to the fore and enjoyed rapid growth because they had expertise that few traditional providers appeared to have.

Similarly today, many new vendors are emerging to claim leadership in cloud computing. The differences between Web 1.0 and today, however, are significant, and enterprises employing the services of cloud providers should pay attention. In the Web 1.0 development cycle, firms were often simply looking to obtain a presence on the web and were not looking to build out critical and core functions. Today, since firms are looking to host core functions on the cloud and, with that, some of their most sensitive data, they can ill afford errors to occur in core business processes, nor for gaps in security and privacy to be exposed inadvertently or exploited intentionally.  While few companies will acknowledge such failures, they do occur. So how to avoid such a scenario?

First, firms should assess their apps and data being exposed to the cloud for the level of security, privacy robustness, and frequency of development update they require. It’s now become an imperative to easily control, manage, and secure where data and apps reside. Second, they should map their assessment to the type of cloud solution required -- public, private, or hybrid -- as well as vendor capability in solving for rapid development and testing scenarios. Paramount is creating the right environment.  

Third, firms should select cloud computing providers that provide development platforms and testing solutions that are always available with tools suited to rapid and agile software development, including the ability to ensure the constant availability of a testing platform and that access to the development layer is tightly controlled. These capabilities enable institutions to quickly integrate existing and new services and data to drive new innovations.

Cloud computing has proven to be a valuable tool for marrying a financial institution’s existing infrastructure with new cloud workloads driven by trends such as the rise of data, mobile, and social. Companies just need to ensure they are taking advantage of what is an appropriate environment for them at the mobile, social, and traditional computing levels.

Andrew Waxman writes on operational risk in capital markets and financial services. Andrew is a consultant in IBM's US financial risk services and compliance group. The views expressed her are those of his own. As an operational risk manager, Andrew has worked at some of the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
smithwills654
50%
50%
smithwills654,
User Rank: Apprentice
8/2/2014 | 1:32:44 AM
List of issues
Security is one of the most major issue considered in cloud, next comes lack of compatibility. We can see much compliance on cloud. We could facing monitoring issue in could, it would be highly difficult for monitoring.

Saran,

Mobile application development company
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
8/4/2014 | 8:18:15 AM
Mostly private cloud
It seems that in financial services, most cloud deployments are private, with a few using hybrid for less sensitive information. Do you see privacy and security improving? Will public cloud become an option for FS mobile applications?

andrewbw
50%
50%
andrewbw,
User Rank: Author
8/4/2014 | 12:39:10 PM
Re: Mostly private cloud
Great observations Greg, Owing to a highly regulated environment, private cloud will always be important in financial services but hybrid solutions are likely to gather momentum with greater experience and availability of cost saving opportunities. Depending on the sensitivity of the app and related data, different solutions should be considered.
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
8/20/2014 | 3:36:12 PM
Re: Mostly private cloud
We are seeing that in insurance as well. One of the biggest global insurers is planning a major private cloud rollout over the next couple years.
More Commentary
The Art of Leveraging Governance, Risk & Compliance Technology Tools
Eliminating compliance risk across information channels is a constantly transforming task. Ongoing auditing and auto-corrective technology can increase trust, accountability, and transparency.
The FSB's Swaps Data Aggregation Report, a Technical Review
The Report discusses legal, technological, and regulatory issues to be resolved in order to obtain a complete view of swap transactions around the world.
Raising the Data Management Stakes
Data management can get firms only so far. Advanced data analytics is needed for all business lines and for calculating risk, especially with BCBS 239 on the horizon.
Asia/Pacific Challenged by T+2 European Settlement Cycle
A survey commissioned by Omgeo shows market participants in Asia/Pacific are ill prepared for Europe's T+2 settlement deadline in October.
The Future of the CIO
Today’s chief information officers are no longer hardcore technologists. And they aren’t pure business leaders either. They need to have excellent business and technology acumen to succeed.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video