Is it time to reconnect offshore?

Posted on : 15-01-2020 | By : john.vincent | In : General News, Innovation

Tags: , , , , , , ,

0

At the end of last year I travelled to India to assess the capability of a potential supplier for our clients. Over the years I have always both enjoyed and been impressed with my trips India. The culture, capability of the people I meet, their client focus and general level of friendliness have always made my trips ones that I look forward to.

This trip was no different and reconfirmed my views. However, I did return with one nagging question;

Why do many corporations not extend their technology services operating model to include partnerships with offshore providers?

Our Broadsheet publication has discussed the changing face of sourcing models many times over the years. Through the late 90’s and over the subsequent 20 or so years much of the focus was on cost reduction. As the efficiency agenda bit into available budgets, many leaders looked towards the labour arbitrage benefits that India could offer, either through their own captive operations, or via sourcing partners to help address the squeeze.

Offshoring business cases often paid lip service to the potential added benefits in areas such as access to skills, quality of delivery or agility, and innovation was often not mentioned at all

So companies transformed their operating model to offshore delivery models throughout this period. Initially the focus was on Business Process Outsourcing (“BPO”) and Information Technology (“ITO”) with back office operations roles and development forming the lion share of the skills transfer. As the model matured, more sophisticated roles in each were shifted offshore in more “value add” areas such as research development and production, as well as infrastructure operations to manage the emerging cloud delivery models through Google, Amazon and Microsoft platforms.

However, with the acceleration in technology innovation over the last few years in areas such as Artificial Intelligence, Machine Learning and Automation, there does appear to be a huge opportunity to harness the talent that the offshore providers have developed?

The first movers in the India offshore business have both an advantage and disadvantage in the new digital  economy. Labour arbitrage largely fuelled wave one of the model, enabling companies like TCS, Infosys, Cognizant and HCL to grow their workforce dramatically (TCS now employ c.425k staff at the top end and HCL have c.120k at the lower). However, whilst this is growth has been good on one hand it also means that these organisations will have a difficult transformation to go through with their own operating model through areas such as automation. Their capability is without question, but they now face the same challenges as their clients in how to introduce the new technology without eroding their core business.

So let’s look at the next tier of offshore providers. Here we find companies such as MindTree, UST Global and Zensar, all of which still have significant staff numbers, but sub 30k. Naturally these providers have focused their service offerings around digital rather than increasing headcount.

In my view, this puts them at a significant advantage when it comes to engaging with clients for the delivery of new disruptive technology. By building new platforms to automate operations they can take on new clients without the need to hire at the rate required by the previous Indian offshore pioneers, thus limiting the challenge of what to do with what may become a significant surplus of skills.

So what about tapping into this capability for new technology? Offshoring is something that still divides opinions a lot. Yes, there are probably as many tales of woe as there are of delight. However, this is something that we also find with the more traditional onshore models. In truth, when both sides enter into the model as a partnership and understanding what needs to change in the engagement, roles and responsibilities, strengths and weakness and a shared ambition, then it can really benefit both the client and offshore partner tremendously.

One of the key success factors is to set up the operating model with a common shared interest, irrespective of organisational and geographic boundaries

One of the things that struck me on my visit was just the depth and scale of the talent in new technology, not only within the providers I visited, but also in the very visible growth for big name companies, consultancies and technology mainstays. AI, Dev Ops, Cloud and ML are core to this revolutionary growth.

In our view, the next few years will bring opportunities to develop partnerships, or even new “captive” type models, with those organisations that are on the pioneering end of the digital growth. Organisations should ask themselves “Why build the capability themselves?”. Often the answer to this question has been coloured by the perceived overhead of managing service provider delivery, through vendor management, security oversight, service delivery management etc.

However, organisations should take a “green field” thought approach to tapping into the offshore provider capability. Core platforms can be delivered by technology and service providers with business services layered on top. Also, this should not be structured as a linear end-to-end service chain, coupled together with hand-offs between the parties, but through a Joint Product Led team. This helps to drive efficiencies, a more agile delivery and an end product aligned more closely with expected business outcomes.

We should say something about the wider macro considerations to using Indian offshore talent. Firstly, from a security perspective there is a noticeable increase in the level of physical security when entering almost all establishments (in response to events over the last 10-15 years). This used to be consigned mainly to corporate access, but this is now visible at hotels, shopping malls and the like. Not an issue, just an observation.

Secondly, India is under pressure to retain its offshore status not just from the nearshore providers, but also from areas such as the Philippines and most notably China. However, this is simply a natural evolution and the competition will provide more choices.

It certainly seems like this decade will bring further opportunities to tap into this offshore digital talent for those that chose to look for it.

Do you believe that your legacy systems are preventing digital transformation?

Posted on : 14-03-2019 | By : richard.gale | In : Data, Finance, FinTech, Innovation, Uncategorized

Tags: , , , , , , , ,

0

According to the results of our recent Broadgate Futures Survey more than half of our clients agreed that digital transformation within their organisation was being hampered by legacy systems. Indeed, no one “strongly disagreed” confirming the extent of the problem.

Many comments suggested that this was not simply a case of budget constraints, but the sheer size, scale and complexity of the transition had deterred organisations in fear of the fact that they were not adequately equipped to deliver successful change.

Legacy systems have a heritage going back many years to the days of the mega mainframes of the 70’s and 80’s. This was a time when banks were the masters of technological innovation. We saw the birth of ATMs, BACS and international card payments. It was an exciting time of intense modernisation. Many of the core systems that run the finance sector today are the same ones that were built back then. The only problem is that, although these systems were built to last they were not built for change.

The new millennium experienced another significant development with the introduction of the internet, an opportunity the banks could have seized and considered developing new, simpler, more versatile systems. However, instead they decided to adopt a different strategy and modify their existing systems, in their eyes there was no need to reinvent the wheel. They made additions and modifications as and when required. As a result, most financial organisations have evolved over the decades into organisations of complex networks, a myriad of applications and an overloaded IT infrastructure.

The Bank of England itself has recently been severely reprimanded by a Commons Select Committee review who found the Bank to be drowning in out of date processes in dire need of modernisation. Its legacy systems are overly complicated and inefficient, following a merger with the PRA in 2014 their IT estate comprises of duplicated systems and extensive data overload.

Budget, as stated earlier is not the only factor in preventing digital transformation, although there is no doubt that these projects are expensive and extremely time consuming. The complexity of the task and the fear of failure is another reason why companies hold on to their legacy systems. Better the devil you know! Think back to the TSB outage (there were a few…), systems were down for hours and customers were unable to access their accounts following a system upgrade. The incident ultimately led to huge fines from the Financial Conduct Authority and the resignation of the Chief Executive.

For most organisations abandoning their legacy systems is simply not an option so they need to find ways to update in order to facilitate the connection to digital platforms and plug into new technologies.

Many of our clients believe that it is not the legacy system themselves which are the barrier, but it is the inability to access the vast amount of data which is stored in its infrastructure.  It is the data that is the key to the digital transformation, so accessing it is a crucial piece of the puzzle.

“It’s more about legacy architecture and lack of active management of data than specifically systems”

By finding a way to unlock the data inside these out of date systems, banks can decentralise their data making it available to the new digital world.

With the creation of such advancements as the cloud and API’s, it is possible to sit an agility layer between the existing legacy systems and newly adopted applications. HSBC has successfully adopted this approach and used an API strategy to expand its digital and mobile services without needing to replace its legacy systems.

Legacy systems are no longer the barrier to digital innovation that they once were. With some creative thinking and the adoption of new technologies legacy can continue to be part of your IT infrastructure in 2019!

https://www.finextra.com/newsarticle/33529/bank-of-england-slammed-over-outdated-it-and-culture

What will the IT department look like in the future?

Posted on : 29-01-2019 | By : john.vincent | In : Cloud, Data, General News, Innovation

Tags: , , , , , , , , , ,

0

We are going through a significant change in how technology services are delivered as we stride further into the latest phase of the Digital Revolution. The internet provided the starting pistol for this phase and now access to new technology, data and services is accelerating at breakneck speed.

More recently the real enablers of a more agile and service-based technology have been the introduction of virtualisation and orchestration technologies which allowed for compute to be tapped into on demand and removed the friction between software and hardware.

The impact of this cannot be underestimated. The removal of the needed to manually configure and provision new compute environments was a huge step forwards, and one which continues with developments in Infrastructure as Code (“IaC”), micro services and server-less technology.

However, whilst these technologies continually disrupt the market, the corresponding changes to the overall operating models has in our view lagged (this is particularly true in larger organisations which have struggled to shift from the old to the new).

If you take a peek into organisation structures today they often still resemble those of the late 90’s where capabilities in infrastructure were organised by specialists such as data centre, storage, service management, application support etc. There have been changes, specifically more recently with the shift to devops and continuous integration and development, but there is still a long way go.

Our recent Technology Futures Survey provided a great insight into how our clients (290) are responding to the shifting technology services landscape.

“What will your IT department look like in 5-7 years’ time?”

There were no surprises in the large majority of respondents agreeing that the organisation would look different in the near future. The big shift is to a more service focused, vendor led technology model, with between 53%-65% believing that this is the direction of travel.

One surprise was a relatively low consensus on the impact that Artificial Intelligence (“AI”) would have on management of live services, with only 10% saying it would be very likely. However, the providers of technology and services formed a smaller proportion of our respondents (28%) and naturally were more positive about the impact of AI.

The Broadgate view is that the changing shape of digital service delivery is challenging previous models and applying tension to organisations and providers alike.  There are two main areas where we see this;

  1. With the shift to cloud based and on-demand services, the need for any provider, whether internal or external, has diminished
  2. Automation, AI and machine learning are developing new capabilities in self-managing technology services

We expect that the technology organisation will shift to focus more on business products and procuring the best fit service providers. Central to this is AI and ML which, where truly intelligent (and not just marketing), can create a self-healing and dynamic compute capability with limited human intervention.

Cloud, machine learning and RPA will remove much of the need to manage and develop code

To really understand how the organisation model is shifting, we have to look at the impact that technology is having the on the whole supply chain. We’ve long outsourced the delivery of services. However, if we look the traditional service providers (IBM, DXC, TCS, Cognizant etc.) that in the first instance acted as brokers to this new digital technology innovations we see that they are increasingly being disintermediated, with provisioning and management now directly in the hands of the consumer.

Companies like Microsoft, Google and Amazon have superior technical expertise and they are continuing to expose these directly to the end consumer. Thus, the IT department needs to think less about how to either build or procure from a third party, but more how to build a framework of services which “knits together” a service model which can best meet their business needs with a layered, end-to-end approach. This fits perfectly with a more business product centric approach.

We don’t see an increase for in-house technology footprints with maybe the exception of truly data driven organisations or tech companies themselves.

In our results, the removal of cyber security issues was endorsed by 28% with a further 41% believing that this was a possible outcome. This represents a leap of faith given the current battle that organisations are undertaking to combat data breaches! Broadgate expect that organisations will increasingly shift the management of these security risks to third party providers, with telecommunication carriers also taking more responsibilities over time.

As the results suggest, the commercial and vendor management aspects of the IT department will become more important. This is often a skill which is absent in current companies, so a conscious strategy to develop capability is needed.

Organisations should update their operating model to reflect the changing shape of technology services, with the closer alignment of products and services to technology provision never being as important as it is today.

Indeed, our view is that even if your model serves you well today, by 2022 it is likely to look fairly stale. This is because what your company currently offers to your customers is almost certain to change, which will require fundamental re-engineering across, and around, the entire IT stack.

GDPR – The Countdown Conundrum

Posted on : 30-01-2018 | By : Tom Loxley | In : Cloud, compliance, Cyber Security, data security, Finance, GDPR, General News, Uncategorized

Tags: , , , , , , , , , , , , ,

0

Crunch time is just around the corner and yet businesses are not prepared, but why?

General Data Protection Regulation (GDPR) – a new set of rules set out from the European Union which aims to simplify data protection laws and provide citizens across all member states with more control over their personal data”

It is estimated that just under half of businesses are unaware of incoming data protection laws that they will be subject to in just four months’ time, or how the new legislation affects information security.

Following a government survey, the lack of awareness about the upcoming introduction of GDPR has led to the UK government to issue a warning to the public over businesses shortfall in preparation for the change. According to the Digital, Culture, Media and Sport secretary Matt Hancock:

“These figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill”

GDPR comes into force on 25 May 2018 and potentially huge fines face those who are found to misuse, exploit, lose or otherwise mishandle personal data. This can be as much as up to four percent of company turnover. Organisations could also face penalties if they’re hacked and attempt to hide what happened from customers.

There is also a very real and emerging risk of a huge loss of business. Specifically, 3rd-party compliance and assurance is common practice now and your clients will want to know that you are compliant with GDPR as part of doing business.

Yet regardless of the risks to reputation, potential loss of business and fines with being non-GDPR compliant, the government survey has found that many organisations aren’t prepared – or aren’t even aware – of the incoming legislation and how it will impact on their information and data security strategy.

Not surprisingly, considering the ever-changing landscape of regulatory requirements they have had to adapt to, finance and insurance sectors are said to have the highest awareness of the incoming security legislation. Conversely, only one in four businesses in the construction sector is said to be aware of GDPR, awareness in manufacturing also poor. According to the report, the overall figure comes in at just under half of businesses – including a third of charities – who have subsequently made changes to their cybersecurity policies as a result of GDPR.

If your organisation is one of those who are unsure of your GDPR compliance strategy, areas to consider may include;

  • Creating or improving new cybersecurity procedures
  • Hiring new staff (or creating new roles and responsibilities for your additional staff)
  • Making concentrated efforts to update security software
  • Mapping your current data state, what you hold, where it’s held and how it’s stored

In terms of getting help, this article is a great place to start: What is GDPR? Everything you need to know about the new general data protection regulations

However, if you’re worried your organisation is behind the curve there is still have time to ensure that you do everything to be GDPR compliant. The is an abundance of free guidance available from the National Cyber Security Centre and the on how to ensure your corporate cybersecurity policy is correct and up to date.

The ICO suggests that, rather than being fearful of GDPR, organisations should embrace GDPR as a chance to improve how they do business. The Information Commissioner Elizabeth Denham stated:

“The GDPR offers a real opportunity to present themselves on the basis of how they respect the privacy of individuals, and over time this can play more of a role in consumer choice. Enhanced customer trust and more competitive advantage are just two of the benefits of getting it right”

If you require pragmatic advice on the implementation of GDPR data security and management, please feel free to contact us for a chat. We have assessed and guided a number of our client through the maze of regulations including GDPR. Please contact Thomas.Loxley@broadgateconsultants.com in the first instance.

 

A few tips to securing data in the cloud

Posted on : 30-11-2016 | By : john.vincent | In : Cloud, Cyber Security, Data, Uncategorized

Tags: , , , , , , , , , , ,

0

In our view, we’ve finally reached the point where the move from internally built and managed technology to cloud based applications, platforms and compute services is now the norm. There are a few die hard “remainers” but the public has chosen – the only question now is one of pace.

Cloud platform adoption brings a host of benefits, from agility in deployment, cost efficiency, improved productivity and collaboration amongst others. Of course, the question of security is at the forefront, and quite rightly so. As I write this the rolling data breach news continues, with today being that of potentially compromised accounts at the National Lottery.

We are moving to a world where the governance of cloud based services becomes increasingly complex. For years organisations have sought to find, capture or shutdown internal pockets of “shadow IT”, seeing them as a risk to efficiency and increasing risk. In todays new world however, these shadows are more fragmented, with services and data being very much moving towards the end user edge of the corporate domain.

So with more and more data moving to the cloud, how do we protect against malicious activity, breaches, fraud or general internal misuse? Indeed, regarding the last point, the Forrsights Security Survey stated:

“Authorised users inadvertently exposing sensitive information was the most common cause of data beaches in the past 12 months.”

We need to think of the challenge in terms of people, process and technology. Often, we have a tendency to jump straight to an IT solution, so let’s come to that later. Firstly, organisations need to look at few fundamental pillars of good practice;

  1. Invest in User Training and Awareness – it is important that all users throughout and organisation understand that security is a collective responsibility. The gap between front and back office operations is often too wide, but in the area of security organisations must instil a culture of shared accountability. Understanding and educating users on the risks, in a collaborative way rather than merely enforcing policy, is probably the top priority for many organisations.
  2. Don’t make security a user problem – we need to secure the cloud based data and assets of an organisation in a way that balances protection with the benefits that cloud adoption brings. Often, the tendency can be to raise the bar to a level that both constrains user adoption and productivity. We often hear that IT are leading the positioning of the barrier irrespective of the business processes or outcomes. This tends to lead to an approach of being overly risk adverse without the context of disruption to business processes. The result? Either a winding back of the original solution or users taking the path of least resistance, which often increases risks.

On the technology side, there are many approaches to securing data in the cloud.  Broadly, these solutions have been bundled in the category of Cloud Access Security Broker (CASB), which is software or a tool that sits in between the internal on-premise infrastructure and the cloud provider, be that software, platform or other kind of as-a-service. The good thing about these solutions is that they can enforce controls and policies without the need to revert to the old approach of managing shadow IT functions, effectively allowing for a more federated model.

Over recent years, vendors have come to market to address the issue through several approaches. One of the techniques is through implementing gateways that either use encryption or tokenisation to ensure secure communication of data between internal users and cloud based services. However, with these the upfront design and scalability can be a challenge given the changing scope and volume of cloud based applications.

Another solution is to use an API based approach, such as that of Cloudlock (recently purchased by Cisco). This platform uses a programmatic approach to cloud security on the key SaaS platforms such as  to address areas such as Data Loss Prevention, Compliance and Threat Protection with User and Entity Behaviour Analytics (UEBA). The last of these users machine learning to detect anomalies in cloud activities and access.

Hopefully some food for though in the challenge of protecting data in the cloud, whichever path you take.

Cloud computing. Where does the responsibility for security lie?

Posted on : 31-10-2016 | By : michael.wells | In : Uncategorized

Tags: , , , , ,

1

It is rare for a firm these days, NOT to have a cloud strategy. Whether it be software as a service, a platform or infrastructure. Our clients’ views have changed radically over the last few years from a ‘no cloud’ to fully embracing on-demand computing services. One of the main previous challenges was that organisations did not feel their data was secure in the ‘cloud’, it was outside their control and so felt the likelihood of loss/breaches were heightened. Now a comment we often hear is ‘these guys can do security better than us’ they are Google with a security team of thousands!

Are companies becoming too complacent? Yes – Microsoft does have a great security model, It protects the datacentres, infrastructure and platforms extremely well. But… it does not protect your data. This is still your responsibility and we are identifying a gap between responsibilities of the cloud provider and the client.

One of the biggest cyber security risks facing business today is the loss of data and cloud services face similar challenges. A cloud environment is subject to the same risks as the traditional corporate network. In fact, cloud providers are more attractive targets for the hackers due to the vast volumes of data they hold in a sometimes all too easily accessible environment. Cloud providers do, of course, claim to offer a secure environment, and a high level of security for the aspects of the cloud service they take responsibility for. It is the customer’s responsibility to ensure that their data is protected. Business often assumes that by outsourcing their data to a third-party cloud service provider that the security has been covered, but business should never assume this to be the case.  Every business must accept that they are ultimately responsible for their date where ever it is stored.

AWS has been quoted as saying “we are not the owners or custodians of the data; we just supply the resources. We don’t control how customer data is protected, customers do”

The bottom line for any enterprise looking to move to a cloud technology model is that they must undertake extensive due diligence to understand the risks they are facing by adopting this model and how the engagement of a third-party supplier to provide this service will exacerbate the risk.  In simple terms storing data in the cloud is the same as storing your data on someone else’s computer.

So, what are the biggest threats facing cloud service users?

User Error: Cloud applications are excellent for file sharing amongst multiple users. Research shows that 23% of files in cloud apps are broadly shared and 12% of those contain sensitive information. Without adequate security controls in place which track with whom, how and when a file and content are shared users are unable to track where their data is travelling and to whom.  This makes it easier for data to be lost by accident or for hackers to intercept without being noticed.

Hackers Attack: Hackers force attacks and use malware to break into cloud application accounts. In the first 6 months of 2016, 37% of abnormal cloud application activity indicated attempts to take over cloud accounts and 63% of abnormal cloud activity indicated attempts to steal data.

There are steps business can take to increase the security of their data in the cloud:

  • Encryption and key management- Data should be encrypted when it travels back and forth over the internet and when it is hosted in the cloud provider’s environment.
  • Identity and Access Management – Cloud providers are user innovative multi factor authentication technology.
  • Monitoring and reporting – What access controls have been set on your cloud environment. Do these breach internal controls? E.G. has someone ‘shared to public’ a Office365 SharePoint directory so exposing confidential data to the world?

Security firms are waking up to the gap in responsibilities. For example, PaloAlto now utilises tools to analyse your O365 environment for security discrepancies allowing a higher degree of monitoring and control.

As cloud computing becomes more popular, it will become the target of more malicious attacks. No single environment is safe and every infrastructure must be controlled with set policies in place.

 

 

Investment Management in the Cloud – Is it Time to Move?

Posted on : 29-01-2016 | By : Jack.Rawden | In : Cloud, Finance

Tags: , , ,

0

One of Broadgate’s key predictions for 2016 is the continued acceleration of cloud technologies within organisations. Finance, often the trailblazers for new technologies, have been slow to adapt to this technology for a variety of reasons (discussed later). As the technology matures, the arguments to not move toward the cloud become less and less. In this article we will discuss a few of the major reasons, based off discussions with our clients, as to why there has been slow cloud adoption in investment management.

Security is at the forefront of a CIO looking to move to the cloud. The perceived loss of control and ownership of data plus concerns about how a service provider might secure your data can be a worry.  There is also the risk of interception of data whilst it is being transferred. The counter argument of this is simple. Often we find SaaS firms have a bigger budgets associated to cyber security – plus as specialist providers and holders of multiple organisations data they have a greater exposure if a breach were to occur. If they were to lose your data, would you renew your contract with them? Probably not.

Due to this the level of security is often dramatically improved from that of a traditional financial institution and providers often have:-

  • An infrastructure that is designed to be more secure with additional safeguards in place
  • Greater levels of encryption
  • More resources dedicated to keeping data secure
  • Updated latest principles and best practices
  • More technology to detect threats and breaches

 

Moving data to a site other than your own can cause not only security concerns but also about conformity to regulation and ownership.  New EU data ownership rules, due to come in force in 2017 (see this useful article on them from computer weekly http://www.computerworlduk.com/security/10-things-you-need-know-about-new-eu-data-protection-regulation-3610851/) mean financial regulators might investigate how and where sensitive data, particularly client data is being stored.  International/Multi-national providers are overcoming this by opening targeted data centres – for example EU only or UK only depending on the classification of data. Amazon Web Services, Microsoft Azure Cloud and major financial providers such as BlackRock all have these offerings. These comply with all major and new regulations. Usefully, if an organisation is split between countries, it is possible to implement local data centres and ownership, e.g. having a Swiss Data Centre and UK Data Centre for the same functionality.

Another key concern mentioned when moving to the cloud are potential performance issues. What happens if the cloud “goes down” or connectivity is lost? What happens if there are latency issues between the cloud and local machine?

Connectivity/Uptime of servers, in our experience, is still an important factor when agreeing contracts and service levels.  However, SaaS providers rarely fail to hit these levels and if issues occur  then there are economies of scale for large providers through having live backups, better failsafe’s and more resources to bring systems back online.  With that we often find there is an improved recovery plan and business continuity plan that a typical investment manager.

Latency levels can often be more difficult to overcome and may require changes to infrastructure.  Dedicated connections now widely supported by cloud providers mean that speeds are fast and often users are unaware that solutions are hosted off site.

With the above considerations there has often been trepidation with moving operations, particularly critical operations such as trading, into a cloud environment. Organisations are often looking for a competitor to make a move to see how they fare, or potentially sticking with the more traditional methods and applying the logic “If it aint broke, don’t fix it”.  This has been compounded by the fact the traditional investment management products have also been slow to adapt their offerings, sticking with the current on premise solutions, rather than offering updated SaaS based solutions.  However, products such as Blackrock Aladdin offering a standardised full functionality cloud based hosted platform are trailblazing this area.

So after overcoming the potential issues that might be faced with the cloud, why would a firm want to move it’s offering to the cloud, this will be the focus of a future article but the major factors are:-

  • Increased Agility
  • Reduced software/hardware maintenance
  • Ability for investment managers to focus on investments over technology
  • Reduces the time to market for new products

With advantages of the cloud becoming recognised we are finding that this is an area where vendors and investment managers are really focussing.  Traditional vendors are adapting their products to be able to provide cloud based services and are producing some excellent new products. Investment managers see the potential service improvements, cost savings and maintenance savings discussed above. It’s an area that is rapidly changing and adapting on a monthly basis.  It’s where we will be watching for new technology improvements in 2016.

Five minutes with…

Posted on : 27-11-2015 | By : Maria Motyka | In : 5 Minutes With, Cloud, Cyber Security, Innovation

Tags: , , , , , , , ,

0

We are doing a series of interviews with leaders to get their insight on the current technology market and business challenges. Here in our first one, we get thoughts from Stephen O’Donnell, who recently took up the post of CIO for UK & Ireland at G4S.

Which technology trends do you predict will be a key theme for 2016?

“The key trend is the adoption of cloud technology moving from the SME market space, where it is already strong, to really making an impact in the enterprise space.

We’ve seen cloud and SaaS being adopted by smaller companies and now it will be adopted by bigger enterprises. We’ve also seen support for cloud based services from major system integrators and software suppliers like Microsoft, SAP and so on. The time for IT delivered as a service has come and the cloud is about to become all-encompassing across the entire IT world.

This has big implications in the ways that CIO’s and business leaders need to manage their systems, away from low-level management of infrastructure into the management of services and concerns about service integration.

Fundamentally it’s a bit like the Hollywood movie industry moving from the silent movie era to the talking era. Not all of the actors made it through – they did not have the skills and experience and I think this is what will happen in the IT industry. Some IT leaders will have difficulties, others will be more successful thanks to their deeper understanding of the business impact of IT, how automation and cloud based services can really help businesses drive competitiveness and agility, reduce risk and cut costs.”

 

You recently joined G4S as CIO, the worlds leading international security solutions group. What is your vision for the future of technology services there?

“G4S are adopting the cloud very aggressively. We have 622,000 employees, we’re a really large entity and we have stopped using Microsoft technology and are now using Google and the cloud instead. This consists of Google Apps for work, Google Docs for word processing, Google Sheets for spreadsheets and Gmail for email and collaboration platforms. In terms of the cloud, we use Google Drive for storage, everything is now in the cloud and we access it through a browser.

You have no idea how much simpler the world becomes. All of the complexities fade away. It’s now very much about managing the cloud contract and ensuring that the end-users are familiar with the technology and are appropriately supported. It’s very simple, it integrates extremely well with any device. We’ve seen very happy customer experience – whether using a chromebook, a Mac, a PC with a browser – people can access the systems in the same way and just as securely. Wifi capabilities in the office also become a lot simpler and we don’t have to be worried about highly secured corporate networks.

I think everyone would agree that the world is moving away from landlines to mobile communications. From standard telephone calls to IP-based telephone calls: using – in the consumer space Skype and WhatsApp, in the business space Google Hangouts, Skype for Business and so on – we see a massive adoption of that in business. We’ve really adopted Google Hangouts for collaboration and conferencing and have moved away from desk phones to cellphones.

Even when you look at the shape of our business… we have a huge number of people and the vast majority of them are working on customer site because they are security guards there, they do facility management, they’re doing cash in transit. They’re working in public services, working for hospitals… Having landlines just doesn’t make sense.

The whole company has gone mobile I don’t have a desk phone and – actually – you know what? I don’t miss it at all. I have a cellphone and it works extremely well, when I want to collaborate I use some of the internet-based tools like Hangouts. Equally –  why do you need a fax? When was the last time you’ve sent or received a fax…?

Migration from fixed to mobile has been a key change in the workplace and I’ll be surprised if more companies don’t adopt this. It’s all about simplifying the environment and being more economical.”

 

In your opinion, what are the greatest challenges IT leaders face in terms of securing organisations’ critical data?

“It’s a very relevant question. In the aftermath of the Paris attacks by ISIS someone said the terrorists only have to be lucky once and the authorities need to be lucky all of the time. I think the same applies to corporate and corporate data security.

Everyone is under absolutely intense attack and due to the complex systems, we have to make assumptions that, regardless what we do, some of our critical data will become exposed.

It could be through employees or through contractors whom we trust who might choose to do the wrong thing, or it might be via external agents, who manage to overcome our security systems either by using technology or by stealth, for example phishing attacks getting access to our data.

I think the key things are that we can put all the peripheral protections on our data: firewalls, secure data centres, the man guards on the gates etc. but we have to encrypt the data.

We have to adopt digital rights management so that we can restrict the data to those who are supposed to see it and ensure that anyone who steals it won’t be able to use it due to encryption.

If you can’t publish your corporate data on the internet and know it’s safe, then it’s not safe. So it really needs to be encrypted and protected. That’s the core principle.”

 

You spent two years at Broadgate, what was the most rewarding client project you delivered working with them as a consultant?

“That’s a really difficult question as all my projects at Broadgate have been quite exciting. If you don’t mind I’ll tell you about the highlights of the things that I did as a Broadgate Consultant.

I worked in the insurance business for as Chief Technology Officer and I took a massive 2 year development backload and cut it down to delivering in real time. My change programme involved taking the company from being a waterfall software delivery shop into being an agile delivery shop.

It involved the entire Development Team and Project Managers and the end result was that in a very short period of 6 months, we changed the business and its view on the IT departments ability to deliver. A very positive outcome.”

 

It’s interesting how your work was also about changing businesses’ view on the importance of IT protection?

“I very much agree. I think that very often businesses wrongly focus merely on cost-cutting.

It is also worth noting, that a radical process, such as operating model change can be difficult for incumbent teams to deliver. Bringing in a fresh pair of hands, someone who doesn’t have the business-as-usual activities to get on with and can focus on change really accelerates such projects and helps business.

At a large retail bank, I went into the voice communications department. The organisation was spending £55m a year on third party costs – telecommunications, calls etc.. My work there was to introduce a new operating model – consolidating business into a single telecoms entity and cutting costs. In a very short period of time (11 months), I saved the company £27m and simultaneously dramatically improved service levels offered by the business, so it was a real success.

Another engagement was really a short but exciting project at a wealth management client who had a business imperative to modernise their IT platforms. It was a really exciting piece of work working with the CIO and we made the decision not to modernise IT platforms but migrate functionality into the cloud. The piece of work I was set to do was responsible for the new cloud strategy: assessing costs, determine what the approach should be, identifying critical success factors and considering the things that might get in the way of the client executing on their vision.”

 

What do you see as the biggest technology disrupters in data centre services?

“Just like everything else in the world, IT is commoditising and lately we’ve seen this accelerating.

Everyone uses IT, the younger generation check their Facebook and Instagram several times an hour, it’s an absolutely essential business tool – try to work without email – absolutely impossible.

The industry commoditises and consolidates and IT is becoming a service. We see large global organisations delivering IT services that are ready to be consumed, you don’t have to self-assemble them. If you buy a car you expect it to come with tyres and a steering wheel. That’s not how IT has been consumed – you had to buy all the parts separately and assemble them. That’s changing. It is all commoditising, it’s becoming holistic, delivered as a service.”

 

Broadgate Predictions for 2015

Posted on : 29-12-2014 | By : richard.gale | In : Innovation

Tags: , , , , , , , , , , , ,

1

We’ve had a number of lively discussions in the office and here are our condensed predictions for the coming year.  Most of our clients work with the financial services sector so we have focused on predictions in these areas.  It would be good to know your thoughts on these and your own predictions.

 

Cloud becomes the default

There has been widespread resistance to the cloud in the FS world. We’ve been promoting the advantages of demand based or utility computing for years and in 2014 there seemed to be acceptance that cloud (whether external applications such as SalesForce or on demand platforms such as Azure) can provide advantages over traditional ‘build and deploy’ set-ups. Our prediction is that cloud will become the ‘norm’ for FS companies in 2015 and building in-house will become the exception and then mostly for integration.

Intranpreneur‘ becomes widely used (again)

We first came across the term Intranpreneur in the late ’80s in the Economist magazine. It highlighted some forward thinking organisations attempt to change culture, to foster,  employ and grow internal entrepreneurs, people who think differently and have a start-up mentality within large firms to make them more dynamic and fast moving. The term came back into fashion in the tech boom of the late ’90s, mainly by large consulting firms desperate to hold on to their young smart workforce that was being snapped up by Silicon Valley. We have seen the resurgence of that movement with banks competing with tech for the top talent and the consultancies trying to find enough people to fulfil their client projects.

Bitcoins or similar become mainstream

Crypto-currencies are fascinating. Their emergence in the last few years has only really touched the periphery of finance, starting as an academic exercise, being used by underground and cyber-criminals, adopted by tech-savvy consumers and firms. We think there is a chance a form of electronic currency may become more widely used in the coming year. There may be a trigger event – such as rapid inflation combined with currency controls in Russia – or a significant payment firm, such as MasterCard or Paypal, starts accepting it.

Bitcoins or similar gets hacked so causing massive volatility

This is almost inevitable. The algorithms and technology mean that Bitcoins will be hacked at some point. This will cause massive volatility, loss of confidence and then their demise but a stronger currency will emerge. The reason why it is inevitable is that the tech used to create Bitcoins rely on the speed of computer hardware slowing their creation. If someone works around this or utilises a yet undeveloped approach such as quantum computing then all bets are off. Also, perhaps more likely, someone will discover a flaw or bug with the creation process, short cut the process or just up the numbers in their account and become (virtually) very rich very quickly.

Mobile payments, via a tech company, become mainstream

This is one of the strongest growth areas in 2015. Apple, Google, Paypal, Amazon, the card companies and most of the global banks are desperate to get a bit of the action. Whoever gets it right, with trust, easy to use great products will make a huge amount of money, tie consumers to their brand and also know a heck of a lot more about them and their spending habits. Payments will only be the start and banking accounts and lifestyle finance will follow. This one product could transform technology companies (as they are the ones that are most likely to succeed) beyond recognition and make existing valuations seem miniscule compared to their future worth.

Mobile payments get hacked

Almost as inevitable as bitcoins getting hacked. Who knows when or how but it will happen but will not impact as greatly as it will on the early crypto-currencies.

Firms wake up to the value of Data Science over Big Data

Like cloud many firms have been talking up the advantages of big data in the last couple of years. We still see situations where people are missing the point. Loading large amounts of disparate information into a central store is all well and good but it is asking the right questions of it and understanding the outputs is what it’s all about. If you don’t think about what you need the information for then it will not provide value or insight to your business. We welcome the change in thinking from Big Data to Data Science.

The monetisation of an individual’s personal data results in a multi-billion dollar valuation an unknown start-up

Long Sentence… but the value of people’s data is high and the price firms currently pay for it is low to no cost. If someone can start to monetise that data it will transform the information industry. There are companies and research projects out there working on approaches and products. One or more will emerge in 2015 to be bought by one of the existing tech players or become that multi-billion dollar firm. They will have the converse effect on Facebook, Google etc that rely on that free information to power their advertising engines.

Cyber Insurance becomes mandatory for firms holding personal data (OK maybe 2016)

It wouldn’t be too far fetched to assume that all financial services firms are currently compromised, either internally or externally. Most firms have encountered either direct financial or indirect losses in the last few years. Cyber or Internet security protection measures now form part of most companies’ annual reports. We think, in addition to the physical, virtual and procedural protection there will be a huge growth in Cyber-Insurance protection and it may well become mandatory in some jurisdictions especially with personal data protection. Insurance companies will make sure there are levels of protection in place before they insure so forcing companies to improve their security further.

Regulation continues to absorb the majority of budgets….

No change then.

We think 2015 is going to be another exciting year in technology and financial services and are really looking forward to it!

 

Highlights of 2014 and some Predictions for 2015 in Financial Technology

Posted on : 22-12-2014 | By : richard.gale | In : Innovation

Tags: , , , , , , , , , , ,

0

A number of emerging technology trends have impacted financial services in 2014. Some of these will continue to grow and enjoy wider adoption through 2015 whilst additional new concepts and products will also appear.

Financial Services embrace the Start-up community

What has been apparent, in London at least, is the increasing connection between tech and FS. We have been pursuing this for a number of years by introducing great start-up products and people to our clients and the growing influence of TechMeetups, Level39 etc within the financial sector follows this trend. We have also seen some interesting innovation with seemingly legacy technology  – Our old friend Lubo from L3C offers mainframe ‘on demand’ and cut-price, secure Oracle databases an IBM S3 in the cloud! Innovation and digital departments are the norm in most firms now staffed with clever, creative people encouraging often slow moving, cumbersome organisations to think and (sometimes) act differently to embrace different ways of thinking. Will FS fall out of love with Tech in 2015 – we don’t think so. There will be a few bumps along the way but the potential, upside and energy of start-ups will start to move deeper into large organisations.

Cloud Adoption

FS firms are finally facing up to the cloud. Over the last five years we have bored too many people within financial services talking about the advantages of the cloud. Our question ‘why have you just built a £200m datacentre when you are a bank not an IT company?’ was met with many answers but two themes were ‘Security’ and ‘We are an IT company’…. Finally, driven by user empowerment (see our previous article on ‘user frustration vs. empowerment) banks and over financial organisations are ’embracing’ the cloud mainly with SaaS products and IaaS using private and public clouds. The march to the cloud will accelerate over the coming years. Looking back from 2020 we see massively different IT organisations within banks. The vast majority of infrastructure will be elsewhere, development will take place by the business users and the ‘IT department’ will be a combination of rocket scientist data gurus and procurement experts managing and tuning contracts with vendors and partners.

Mobile Payments

Mobile payments have been one of the discussed subjects of the past year. Not only do mobile payments enable customers to pay without getting their wallets out but using a phone or wearable will be the norm in the future. With new entrants coming online every day, offering mobile payment solutions that are faster and cheaper than competitors is on every bank’s agenda. Labelled ‘disruptors’ due to the disruptive impact they are having on businesses within the financial service industry (in particular banks), many of these new entrants are either large non-financial brands with a big customer-base or start-up companies with fresh new solutions to existing issues.

One of the biggest non-financial companies to enter the payments sector in 2014 was Apple. Some experts believe that Apple Pay has the power to disrupt the entire sector. Although Apple Pay has 500 banks signed up and there is competition from card issuers to get their card as the default card option under Apple devices, some banks are still worried that Apple Pay and other similar service will make their branches less important. If Apple chose to go into retail banking seriously by offering current accounts then the banks would have plenty more to worry them.

Collaboration

The fusion of development, operations and business teams to provide agile, focussed solutions has been one of the growth areas in 2014. The ‘DevOps’ approach has transformed many otherwise slow, ponderous IT departments into talking to their business & operational consumers of their systems and providing better, faster and closer-fit applications and processes. This trend is only going to grow and 2015 maybe the year it really takes off. The repercussions for 2016 are that too many projects will become ‘DevOpped’ and start failing through focussing on short term solutions rather than long term strategy.

Security

Obviously the Sony Pictures hack is on everyone’s mind at the moment but protection against cyber attack from countries with virtually unlimited will, if not resources, is a threat that most firms cannot protect against. Most organisations have had a breach of some type this year (and the others probably don’t know it’s happened). Security has risen up to the boardroom and threat mitigation is now published on most firms annual reports. We see three themes emerging to combat this.

– More of the same, more budget and resource is focussed on organisational protection (both technology and people/process)
– Companies start to mitigate with the purchase of Cyber Insurance
– Governments start to move from defence/inform to attacking the main criminal or political motivated culprits

We hope you’ve enjoyed our posts over the last few years and we’re looking forward to more in 2015.

Twitter.com/broadgateview