Broadgate Predictions for 2015

Posted on : 29-12-2014 | By : richard.gale | In : Innovation

Tags: , , , , , , , , , , , ,

1

We’ve had a number of lively discussions in the office and here are our condensed predictions for the coming year.  Most of our clients work with the financial services sector so we have focused on predictions in these areas.  It would be good to know your thoughts on these and your own predictions.

 

Cloud becomes the default

There has been widespread resistance to the cloud in the FS world. We’ve been promoting the advantages of demand based or utility computing for years and in 2014 there seemed to be acceptance that cloud (whether external applications such as SalesForce or on demand platforms such as Azure) can provide advantages over traditional ‘build and deploy’ set-ups. Our prediction is that cloud will become the ‘norm’ for FS companies in 2015 and building in-house will become the exception and then mostly for integration.

Intranpreneur‘ becomes widely used (again)

We first came across the term Intranpreneur in the late ’80s in the Economist magazine. It highlighted some forward thinking organisations attempt to change culture, to foster,  employ and grow internal entrepreneurs, people who think differently and have a start-up mentality within large firms to make them more dynamic and fast moving. The term came back into fashion in the tech boom of the late ’90s, mainly by large consulting firms desperate to hold on to their young smart workforce that was being snapped up by Silicon Valley. We have seen the resurgence of that movement with banks competing with tech for the top talent and the consultancies trying to find enough people to fulfil their client projects.

Bitcoins or similar become mainstream

Crypto-currencies are fascinating. Their emergence in the last few years has only really touched the periphery of finance, starting as an academic exercise, being used by underground and cyber-criminals, adopted by tech-savvy consumers and firms. We think there is a chance a form of electronic currency may become more widely used in the coming year. There may be a trigger event – such as rapid inflation combined with currency controls in Russia – or a significant payment firm, such as MasterCard or Paypal, starts accepting it.

Bitcoins or similar gets hacked so causing massive volatility

This is almost inevitable. The algorithms and technology mean that Bitcoins will be hacked at some point. This will cause massive volatility, loss of confidence and then their demise but a stronger currency will emerge. The reason why it is inevitable is that the tech used to create Bitcoins rely on the speed of computer hardware slowing their creation. If someone works around this or utilises a yet undeveloped approach such as quantum computing then all bets are off. Also, perhaps more likely, someone will discover a flaw or bug with the creation process, short cut the process or just up the numbers in their account and become (virtually) very rich very quickly.

Mobile payments, via a tech company, become mainstream

This is one of the strongest growth areas in 2015. Apple, Google, Paypal, Amazon, the card companies and most of the global banks are desperate to get a bit of the action. Whoever gets it right, with trust, easy to use great products will make a huge amount of money, tie consumers to their brand and also know a heck of a lot more about them and their spending habits. Payments will only be the start and banking accounts and lifestyle finance will follow. This one product could transform technology companies (as they are the ones that are most likely to succeed) beyond recognition and make existing valuations seem miniscule compared to their future worth.

Mobile payments get hacked

Almost as inevitable as bitcoins getting hacked. Who knows when or how but it will happen but will not impact as greatly as it will on the early crypto-currencies.

Firms wake up to the value of Data Science over Big Data

Like cloud many firms have been talking up the advantages of big data in the last couple of years. We still see situations where people are missing the point. Loading large amounts of disparate information into a central store is all well and good but it is asking the right questions of it and understanding the outputs is what it’s all about. If you don’t think about what you need the information for then it will not provide value or insight to your business. We welcome the change in thinking from Big Data to Data Science.

The monetisation of an individual’s personal data results in a multi-billion dollar valuation an unknown start-up

Long Sentence… but the value of people’s data is high and the price firms currently pay for it is low to no cost. If someone can start to monetise that data it will transform the information industry. There are companies and research projects out there working on approaches and products. One or more will emerge in 2015 to be bought by one of the existing tech players or become that multi-billion dollar firm. They will have the converse effect on Facebook, Google etc that rely on that free information to power their advertising engines.

Cyber Insurance becomes mandatory for firms holding personal data (OK maybe 2016)

It wouldn’t be too far fetched to assume that all financial services firms are currently compromised, either internally or externally. Most firms have encountered either direct financial or indirect losses in the last few years. Cyber or Internet security protection measures now form part of most companies’ annual reports. We think, in addition to the physical, virtual and procedural protection there will be a huge growth in Cyber-Insurance protection and it may well become mandatory in some jurisdictions especially with personal data protection. Insurance companies will make sure there are levels of protection in place before they insure so forcing companies to improve their security further.

Regulation continues to absorb the majority of budgets….

No change then.

We think 2015 is going to be another exciting year in technology and financial services and are really looking forward to it!

 

Cyber Warfare: Protection is vital but it’s how you respond

Posted on : 23-12-2014 | By : john.vincent | In : Cyber Security

Tags: , , , , , , , , , ,

0

Last month we wrote an article entitle “Are we heading for a new Cyber Cold war?” – with a focus on the emerging threat from Russia and the fact they are investing some $500m in recruiting a new online army.

The events since then involving the cancelled release of a film by Sony Pictures, following what the US described as an alleged state sponsored act of “cybervandalism”by North Korea, have certainly elevated the narrative to a new level. It will take months for Sony to assess the complete financial impact. Of course there is the obvious loss of revenue by not releasing  the film (it was expected to gross $30m in the first weekend) and millions on marketing wasted…but the most difficult will be the potential cost of a reported 50,000 employees who are suing Sony over leaked personal information.

Whilst President Obama stopped short of calling the attack an act of war, he did label “very costly”, and could land Pyongyang back on the administration’s terror list, a designation lifted by the Bush administration in 2008 during nuclear talks.

To balance the argument, we must point to the fact that the infosec world is somewhat wary of the FBI’s accusations that North Korea was to blame for the attack against Sony. In an interview with The Register, the renowned security commentator Bruce Schneier stated;

“I’ve been very sceptical throughout and now I have no idea,” adding that the evidence the Feds had presented so far was “flimsy at best”.

However, putting the “who did what to who” question to one side, what the whole event has highlighted is the importance for all parties, whether nation state or commercial, to have a clearly defined, understood and rehearsed Incident Response process.

On the positive side, unlike some organisations, Sony Pictures Entertainment (SPE) do have a Global Security Incident Response Team (GSIRT) which monitors systems across the business for indicators of compromise. That said, leaked files related to a security audit show that Sony was having to cope with a significant number of potential breaches, with 193 incidents escalated between September 1st 2013 and 30th June 2014. Also, it reported that out of total number of 869 systems some 149 were not being monitored, stating;

“As a result, security incidents impacting these network or infrastructure devices may not be detected or resolved timely,”….“In addition, procedures have not been developed to reconcile the population of security devices that are being monitored by GSIRT to the actual SPE security devices that should be monitored to validate accuracy and completeness.”

So, what should organisations look at in terms of their readiness to deal with the increasing cyber threat? Mandiant, the leading security response organisation (and part of FireEye), identify a number of areas that companies need to assess, including;

  1. Regulatory Compliance: Do your response strategies support applicable regulatory and legal requirements? This is an increasingly important consideration across all industries. As new regulation emerges to protect customer data off the back of high profile breaches, we can only expect more rigour and oversight moving to the board level.
  2. Organisation: Are staff organised effectively and do they clearly understand their roles and responsibilities during an attack? This is vital. During significant data breaches all staff need to have clarity on how to respond, what the governance process is, who is leading and coordinating activities and very importantly, what the communication channels are.
  3. Training: Do staff have the training they need to respond effectively and efficiently when incidents arise? We take time to ensure that staff are trained on the technical aspects of their job, but we also need to ensure that education of the incident response process is not only performed but also reinforced at regular intervals.  
  4. Incident Detection: Does the organisation have the mechanisms in place to rapidly detect an incident? The statistics vary a little, but it is generally accepted that the average time between infiltration and detection is still over 200 days. More importantly, it is estimated that it takes an average of 32 days to respond to a data breach with the majority actually being notified by their customers! 
  5. Processes: Do you have a clear process for rapidly responding to potential data breaches? We’ve spent many years testing and rehearsing our business continuity and disaster recovery processes for dealing with external threats or infrastructure failures. Organisations need to ensure that the various cyber threat scenarios are added and tested at regular intervals.
  6. Technology: Does the organisation have the necessary hardware and software to respond across your enterprise? Sadly, whilst often breaches are inevitable, there is much that can be done to ensure that the security mechanisms implemented at the technology level are as robust as possible. Indeed, the systems and software to do this have evolved significantly from traditional firewall and perimeter defences. It’s an ongoing process, so if you haven’t assessed your own controls recently then it’s time to do so!

Recent incidents have highlighted how important it is for companies to really understand the risk posed by cyber threats, specifically in terms of what are the “crown jewels”, and the fact that they should be central to any operational risk strategy. We believe it is only a matter of time before companies are required to disclose all breaches and include in the annual reports (we also expect to see a rise in cyber insurance and a need to demonstrate that adequate controls are in place).

So, as we move into 2015 we can only expect to see more focus on combating the cyber threat.

 

Broadgate Consultants work with clients to assess their security readiness – if you would like to find out more please contact:

jo.rose@broadgateconsultants.com.

 

Highlights of 2014 and some Predictions for 2015 in Financial Technology

Posted on : 22-12-2014 | By : richard.gale | In : Innovation

Tags: , , , , , , , , , , ,

0

A number of emerging technology trends have impacted financial services in 2014. Some of these will continue to grow and enjoy wider adoption through 2015 whilst additional new concepts and products will also appear.

Financial Services embrace the Start-up community

What has been apparent, in London at least, is the increasing connection between tech and FS. We have been pursuing this for a number of years by introducing great start-up products and people to our clients and the growing influence of TechMeetups, Level39 etc within the financial sector follows this trend. We have also seen some interesting innovation with seemingly legacy technology  – Our old friend Lubo from L3C offers mainframe ‘on demand’ and cut-price, secure Oracle databases an IBM S3 in the cloud! Innovation and digital departments are the norm in most firms now staffed with clever, creative people encouraging often slow moving, cumbersome organisations to think and (sometimes) act differently to embrace different ways of thinking. Will FS fall out of love with Tech in 2015 – we don’t think so. There will be a few bumps along the way but the potential, upside and energy of start-ups will start to move deeper into large organisations.

Cloud Adoption

FS firms are finally facing up to the cloud. Over the last five years we have bored too many people within financial services talking about the advantages of the cloud. Our question ‘why have you just built a £200m datacentre when you are a bank not an IT company?’ was met with many answers but two themes were ‘Security’ and ‘We are an IT company’…. Finally, driven by user empowerment (see our previous article on ‘user frustration vs. empowerment) banks and over financial organisations are ’embracing’ the cloud mainly with SaaS products and IaaS using private and public clouds. The march to the cloud will accelerate over the coming years. Looking back from 2020 we see massively different IT organisations within banks. The vast majority of infrastructure will be elsewhere, development will take place by the business users and the ‘IT department’ will be a combination of rocket scientist data gurus and procurement experts managing and tuning contracts with vendors and partners.

Mobile Payments

Mobile payments have been one of the discussed subjects of the past year. Not only do mobile payments enable customers to pay without getting their wallets out but using a phone or wearable will be the norm in the future. With new entrants coming online every day, offering mobile payment solutions that are faster and cheaper than competitors is on every bank’s agenda. Labelled ‘disruptors’ due to the disruptive impact they are having on businesses within the financial service industry (in particular banks), many of these new entrants are either large non-financial brands with a big customer-base or start-up companies with fresh new solutions to existing issues.

One of the biggest non-financial companies to enter the payments sector in 2014 was Apple. Some experts believe that Apple Pay has the power to disrupt the entire sector. Although Apple Pay has 500 banks signed up and there is competition from card issuers to get their card as the default card option under Apple devices, some banks are still worried that Apple Pay and other similar service will make their branches less important. If Apple chose to go into retail banking seriously by offering current accounts then the banks would have plenty more to worry them.

Collaboration

The fusion of development, operations and business teams to provide agile, focussed solutions has been one of the growth areas in 2014. The ‘DevOps’ approach has transformed many otherwise slow, ponderous IT departments into talking to their business & operational consumers of their systems and providing better, faster and closer-fit applications and processes. This trend is only going to grow and 2015 maybe the year it really takes off. The repercussions for 2016 are that too many projects will become ‘DevOpped’ and start failing through focussing on short term solutions rather than long term strategy.

Security

Obviously the Sony Pictures hack is on everyone’s mind at the moment but protection against cyber attack from countries with virtually unlimited will, if not resources, is a threat that most firms cannot protect against. Most organisations have had a breach of some type this year (and the others probably don’t know it’s happened). Security has risen up to the boardroom and threat mitigation is now published on most firms annual reports. We see three themes emerging to combat this.

– More of the same, more budget and resource is focussed on organisational protection (both technology and people/process)
– Companies start to mitigate with the purchase of Cyber Insurance
– Governments start to move from defence/inform to attacking the main criminal or political motivated culprits

We hope you’ve enjoyed our posts over the last few years and we’re looking forward to more in 2015.

Twitter.com/broadgateview