||Add To My Personal Library
May 8, 2009
Vol.31 Issue 14|
Page(s) 24 in print issue
Mergers, Regulations & Sophisticated Threats Are Keeping Financial IT Managers On Their Toes
From Enron to Madoff, headlines have screamed tales of widespread financial scams and scandal in recent years. Not only have these tales forced increased regulatory scrutiny upon data centers at financial institutions, but they also serve to remind would-be criminals that there remains plenty of illegitimate money to be made through theft in this sector. Banks, credit unions, financial advisers, investment houses, and other entities are perpetually under the gun to provide the highest levels of security and stability for their customers, and their data centers face unique challenges to ensure those levels are met.
• Financial data centers face more sophisticated attacks than other data centers, so they must always assume they are under attack—or will be soon.
• Consolidation and mergers in the financial sector often lead to disarray in the data center, but management can work to ensure clear lines of authority are in place.
• Regulations put stringent demands on financial data centers in terms of uptime and recovery, but virtualization can help.
Coping With Consolidation
In a down economy, many businesses find themselves as acquisition and merger targets—especially those in the financial industry. According to Phil Lieberman, founder and CEO of Lieberman Software (www.liebsoft.com), financial institutions that have grown through acquisitions can have unmanageable infrastructures of legacy systems. Further, mergers can rattle the consistency of their systems security.
“We have seen an unwillingness to seriously evaluate and adopt best-of-breed security and operational solutions, sticking instead to old and ineffective—[or] sometimes nonexistent—security policies. In essence, in a rush to become bigger and more efficient, many institutions have become vulnerable and unwilling to make investments to improve their security posture,” Lieberman says.
When mergers and acquisitions occur, an emerging danger can appear within IT organizations that are blending with other departments and infrastructures. Lieberman points to the potential loss of institutional knowledge due to IT staff members who leave as a result of the changes. “We have seen paralysis take over the staff of IT in these merged organizations to the degree that no decisions are made. Effectively, everyone is scared of losing their jobs in the merger phase due to a bad decision,” he says.
One solution, Lieberman suggests, is to move back-office processing to outsourced data and operation centers that are more apt to keep pace with current technology and emerging threats. He also recommends that the management of merged data centers see consolidation as an opportunity to delineate clear lines of authority in IT management and security and possibly make new and significant investments for more efficient and secure IT organizations.
Not So Transparent
As customers grapple with a rotten economy and Wall Street endures continuing criticism over recent failures, the financial services industry is facing overwhelming scrutiny from all angles. David Sherriff, chief operating officer at Microgen (www.microgen.com), says that financial executives are at least partially responsible for the unraveling in this sector, but many didn’t have a clear view of the risks bearing down on their organizations.
“Traditionally, information regarding financial products, transactions, and the underlying numbers have been kept in separate silos, allowing for little to no visibility across different offices, regions, or areas of business. At the same time, the people who manage data and those who manage financial transactions and products operate very separately, making a clear view of how, when, and why data moves from one place to another across an organization nearly impossible,” Sherriff explains.
To remedy this lack of transparency, Sherriff recommends that data center managers ensure that the proper tools are in place to provide a better view of how the information they manage relates to financial and risk management.
The Uptime Challenge
Financial data centers are no strangers to the constant pressure of regulations and the unique challenges they pose. But as the volume and complexity of data grows, these data centers can have an increasingly difficult time maintaining data in ways that satisfy regulatory bodies and customers alike, particularly when they’re expected to be running 24/7.
“The regulations around the recovery times are very tight—these institutions often have to complete recovery within five minutes,” says Jim O’Connor, director of product marking at Bus-Tech (www.bustech.com). “Non-financial services institutions do not have the same stringent requirements around data as the financial services industry does. As a result, often their recovery times and mandates are much more flexible.”
O’Connor recommends that financial data centers regularly re-evaluate recovery times to ensure they’re up-to-date and as fast as possible. He says that virtualization and the tools that support it can make a significant difference in keeping recovery times within regulatory requirements because virtualization helps speed up recoveries.
Dealing With The Divide
There is a new strategic role for managers at financial data centers that is vital, but it must be earned. So says Microgen’s Sherriff, who notes that at many organizations, there is a divide between IT and business users—real or perceived—that must be torn down to make data management a critical part of business success in the financial services sector.
“Data center managers must first align themselves with champions within the business—users and managers who understand the importance of effective data management to address risk and financial management challenges,” Sherriff says. “Ultimately, the data center will evolve to play a crucial role in holistic business process management rather than living in a silo within one part of the IT department. With this approach, data center managers can begin to shift back-office solutions to the front of the priority list by demonstrating their importance in addressing strategic business issues.”
by Christian Perry
Top Issue: Fending Off Attacks |
There’s no denying that financial institutions are a huge target for hackers and other criminals. Phil Lieberman, founder and CEO of Lieberman Software (www.liebsoft.com), notes that given the size of a potential criminal payoff, these institutions are targeted with serious and sophisticated attacks that reach a quasi-government level of sophistication. Data centers at commercial entities also face security threats, but Lieberman says they are rarely subjected to high-level, sophisticated attacks unless thieves identify a specific political or financial value there.
“There is enough money at stake that criminals will make significant investments in recruiting the best and brightest in computer science in order to break into financial institutions and their infrastructure—ATMs, online banking, credit cards, debit cards,” Lieberman says.
As a result, Lieberman stresses the need for financial data centers to be both vigilant and paranoid about internal and external threats, because the assumption always exists that their infrastructures have been—or will soon be—compromised. He recommends thoroughly considering all of the methods by which an attacker might disrupt or overtake their systems and being able to recognize the telltale signs of a breach.
“Additionally, they need to put procedures and physical blocks in place to isolate damage should or when it occurs,” he says. “We see the use of dual-factor authentication, compartmentalization, limited access, and least privilege implemented. Firewall and network sensors are in place, as is a full-blown IT security department that receives funding and constant training. We also see the use of outside consultants to keep things shored up.”