| Balancing tight security with data storage demands |
Back |
| Balancing the need for a tight internet security network with data storage demands means financial services companies face a must walk a tight rope amongst thieves. Jim Martin believes outsourcing is the only solution in a market where IT professionals are thin on the ground. |
A journalist visiting the Worldport Dublin facility a little while ago asked one of our security team if hacker attacks or attempts were really all that frequent. ‘We see one on average about every 16 minutes’ was the reply. ‘Mostly it’s like a casual opportunistic rattling of a door handle, but all too often it is a serious and highly sophisticated cyber attack.’
That is today’s reality. Every organisation with an Internet-connected server is in a threat environment, and of course there are particular threats, which are more prevalent in specific sectors, including financial services. Bluntly, they are out to steal or to do damage. Their objective may be to steal money or market information - yours or your clients’ - or to cause breakdown, data loss or corruption or other harm at systems level. Greed we can at least understand. The motivations of those who wish to cause damage cover the spectrum, but certainly range from simply wanting to show it can be done, that sophisticated systems can be cracked, to a desire to wreak havoc on financial and business systems.
It is impossible now to think or write about such matters without remembering the heinous tragedy of 11 September last. But as professionals who must carry on our own responsibilities, it is as important for us as for enterprise management and IT departments to think through and combat the implications and the lessons for data protection, against dangerous viruses, electricity outages, national disasters. All financial services companies are potential targets as elements of the global economic and financial community. It is unlikely that would-be cyber criminals would make any geographic distinction.
Security has to be built into every element in IT and communications systems and security awareness has to become an integral part of our daily business culture. The foundation of systems security is that protection must be incorporated in every device, network and application. Until recently we might have confined that to every element that is Internet facing. But in practice in today’s world of Intranets and Extranets, virtual private networks and more and more teleworking, we have to regard every part of our systems as potentially under threat.
That is one of the reasons why security has to become an intrinsic part of our business culture. In financial services especially, risk management has to be a daily concern from board level all the way to the front line customer care people and back office administrators. The key concepts are:
• Confidentiality - to prevent unauthorized access to the system and its data
• Integrity - to ensure that data has not been changed without authority or corrupted
• Availability - to ensure that the data is available and the system operational at all times.
The next step is to establish a ‘protection profile’ a scheme or model that identifies what exactly requires protection and in what order of priority. What are the likely or possible threats? Armed with the defined profile, it can be applied across all of the areas of the business to define the risks to be managed and the methods required for implementation. It probably should be stressed that not all of those protection methods will be technology-based. The system can rigorously implement access rules, for example, but management has to decide and constantly review the rules for levels of access and authority.
Now we come to the crunch issue: how do we implement the smart security that is needed and make it a 100 per cent fit with our current and future data storage needs, with our market needs for availability, network speeds and our strategic growth plans? For financial services as for other industries in Europe which are embracing the new economy, the standard business considerations of investment cost/benefit are joined by two other major factors - the short life cycles of new technologies and the IT skills shortage. Europe is well placed in every sense to take advantage of the new Web world, but the demand for the skills to exploit it - actually, to gain a strategic market foothold in what all experts agree is the first generation of a new economy - is already outstripping supply.
So although my case for strategic IT outsourcing in the critical areas of data hosting and high level security is based on quite orthodox cost/benefit measurements, it is important to point to the skills issue because it is in large measure the only real problem area. We are talking about top level expertise at enterprise level and close to state-of-the-art military level technical security. These are rare people. If your organisation cannot find them, or recruit them in a very competitive environment, your route forward in the new economy is blocked.
Every company’s case and circumstances differ, not least as regards where they already are in deployment of technology. But all of the research shows that the first benefit of outsourcing to the new breed of data centres is containment of costs. A Forrester Research report says straightforwardly: ‘Enterprises can save 25 per cent to 80 per cent of their Web infrastructure costs by turning their sites completely to a Web Hoster.’ Another highly respected research firm, Morgan Stanley Dean Witter, places the emphasis slightly differently when it says: ‘Through outsourced hosting, firms can reduce downtime by close to 90 per cent and lower costs by a similar amount.’
‘Let the specialists look after what they are expert at while we get on with our core competencies in running our business towards our objectives.’ That is a standard and nonetheless valid argument for all outsourcing. Where it gains particular force in the IT field is in the rarified technology and skills involved in doing e-business on an international scale. My company offers state-of-the-art facilities, technologies from the best vendors across everything from super-fast servers to ultra-secure data storage to massive bandwidth to disaster recovery solutions beyond the current preparedness of most of the world leading financial institutions. So our clients know everything will work every time, all the time, 24x365. Because that’s our business.
But we also have competition in this industry and the standards all round are very high, very professional. What has happened surprisingly rapidly is that simple data hosting and co-location has become, effectively, a commodity service. The basic benefits of the outsourcing model have become clear to business and now what we are seeing is a move towards long-term, complex, managed service solutions. The competitive arena for our industry today is in sophisticated value added services. This is where we manage and develop solutions for our clients’ needs offering, as one very good example, a speed to market with their new products/services that they could not realistically achieve with in-house resources.
The financial services industry is rapidly changing. With mergers and acquisitions happening daily there will be more pressure on internal teams for IT integration. There is increasing customer demand for storage solutions and security requirements to face the changing market conditions. The growing field of application service providers also offers new market opportunities. This is where outsourcing can help. We can provide a ready-made infrastructure. |
Jim Martin is president and chief operating officer of Worldport’s European operations based in Blanchardstown Corporate Park in Dublin.
|
| Article appeared in the October 2001 issue.
|
|
|
