The ultimate way to move beyond trading latency?

Posted on : 29-03-2019 | By : richard.gale | In : Finance, Uncategorized

Tags: , , , , , , ,

0

A number of power surges and outages have been experienced in the East Grinstead area of the UK in recent months. Utility companies involved have traced the cause to one of three  high capacity feeds to a Global Investment bank’s data centre facility.

The profits created by the same bank’s London based Propriety Trading group has increased tenfold in the same time.

This bank employs 1% of the world’s best post-doctoral theoretical Physics graduates  to help build its black box trading systems

Could there be a connection? Wild & unconfirmed rumours have been circulating within  the firm that a major breakthrough in removing the problem of latency – the physical limitation the time it takes a signal to transfer down a wire – ultimately governed by of the speed of light.

For years traders have been trying to reduce execution latency to provide competitive advantage in a highly competitive fast moving environment. The focus has moved from seconds to milli and now microsecond savings.

Many Financial Services & technology organisations have attempted to solve this problem through reducing  data hopping, routing, and going as far as placing their hardware physically close to the source of data (such as in an Exchange’s data centre) to minimise latency but no one has solved the issue – yet.

It sounds like this bank may have gone one step further. It is known that at the boundary of the speed of light – physics as we know it -changes (Quantum mechanics is an example where the time/space continuum becomes ‘fuzzy’). Conventional physics states that travelling faster than the speed of light and see into the future would require infinite energy and so is not possible.

Investigation with a number of insiders at the firm has resulted in an amazing and almost unbelievable insight. They have managed to build a device which ‘hovers’ over the present and immediate future – little detail is known about it but it is understood to be based on the previously unproven ‘Alcubierre drive’ principle. This allows the trading system to predict (in reality observe) the next direction in the market providing invaluable trading advantage.

The product is still in test mode as the effects of trading ahead of the data they have already traded against is producing outages in the system as it then tries to correct the error in the future data which again changes the data ad finitum… The prediction model only allows a small glimpse into the immediate future which also limits the window of opportunity for trading.

The power requirements for the equipment are so large that they have had to been moved to the data centre environment where consumption can be more easily hidden (or not as the power outages showed).

If the bank does really crack this problem then they will have the ultimate trading advantage – the ability to see into the future and trade with ‘inside’ knowledge legally. Unless another bank is doing similar in the ‘trading arms race’ then the bank will quickly become dominant and the other banks may go out of business.

The US Congress have apparently discovered some details of this mechanism and are requesting the bank to disclose details of the project. The bank is understandably reluctant to do this as it has spent over $80m developing this and wants to make some return on its investment.

If this system goes into true production mode surely it cannot be long before Financial Regulators outlaw the tool as it will both distort and ultimately destroy the markets.

Of course the project has a codename…. Project Tachyons

No one from the company was available to comment on the accuracy of the claims.

Broadgate’s Crystal Ball – Our predictions for 2016

Posted on : 18-12-2015 | By : richard.gale | In : General News

Tags: , , , , , , , , , ,

0

During the past few weeks, 2016 trend predictions have flooded our news feeds. After compiling and combining them with our view on the approaching changes, here’s Broadgate’s view on IT in 2016.

future

Adaptive Security Architecture

In the context of companies’ growing awareness of the importance of security and the need to build it into all business processes, end-to-end, Gartner predicts that the near future will bring more tools to go on the offensive, leveraging predictive modeling, for example, allowing apps to protect themselves (!). Therefore, go on offensive and build in security to every project, product, process and service, instead of treating it as an add on and an afterthought or having separate “security” projects.

 

IoT and Big Data Science

IoT will gradually overtake every-thing and generate data-rich insights about us. Gartner notes that the rapid growth in the number of sensors embedded in various technologies of both personal and professional use will lead to the generation of tons of intelligence on our daily patterns. The more ‘things’ and areas of our lives IoT takes over, the more data is going to be collected. According to Gartner, by 2020, the number of devices connected to the Internet is expected to reach 25 billion. As each year is moving us much closer to the IoT big data/even bigger insights reality, it will be challenging to find efficient ways of digging through and making sense of the constant generation of streams of data.

As we stated this time last year, talking about the ‘future’ of 2015 –  Loading large amounts of disparate information into a central store is all well and good but it is asking the right questions of it and understanding the outputs is what it’s all about. If you don’t think about what you need the information for then it will not provide value or insight to your business. We welcome the change in thinking from Big Data to Data Science.

 

Connected Devices

Our bodies are going to be increasingly connected to the Internet through smart devices within the next couple of years. This is reality, not Sci-Fi; those, who claim that wearables will struggle to find their place in everyday life in 2016, should familiarise themselves with the outcomes of Gartner’s October Symposium/ITxpo. It is predicted that in two years, 2 million employees, primarily those engaged in physically demanding or dangerous work, will be required to wear health & fitness tracking devices as a condition of employment (Gartner). According to a different source, in nine years, 70% of us are going to use wearables (IDC).

 

The Hybrid Cloud

Following our 2015 prediction of cloud becoming the default coming true, towards 2016 the integration of on-premises cloud infrastructure and the public cloud is becoming an operating standard; the demand for the hybrid cloud is growing at a rate of 27% (MarketsandMarkets). Google’s hire of Diane Greene, co-founder of VMware, to head up Google Cloud, shows Google’s commitment to offering services to enterprise cloud customers. A hybrid Kubernetes scheme is said to be part of the deal (Knorr, Infoworld), which will likely have a significant impact the growth of the hybrid cloud in 2016.

 

The outsourcing of personal data

Barely a week goes by without another retailer or bank losing customer information by getting hacked. This is becoming a serious and expensive problem for firms, each one is having to put complex defense mechanisms in place to protect themselves.

We think the outsourcing of responsibility (and sensitive data) to specialist firms will be a growing trend in 2016. These firms can have high levels of security controls and will have the processing ability to support a large number of clients.

Obviously one potential issue is that these organisations will be targeted by the criminals and when one does get breached it will have a much greater impact….

 

We are truly excited to see what 2016 will surprise us with!

5 Minutes With Mark Prior

Posted on : 18-12-2015 | By : Maria Motyka | In : 5 Minutes With

Tags: , , , , , , , , , , , , , , ,

0

Which recent tech innovations are you the most excited about?

I get most excited about how my business can benefit from technology (whether it’s new or not). It’s my team’s job to understand our business; its processes, strategy and competitor landscape and bring technology to bear to address those challenges.
Smith and Williamson is a very client centric business – there is a great opportunity to leverage even well-established technology like IPT, Workflow and Document management to improve the service we provide to clients. Additionally Cloud based collaboration tools offer new ways to engage with our clients 1-1 and perhaps open up new markets for services.

Like all industries if we can both improve the service to the client through technology and at the same time lower the cost of servicing a client we will be successful.

From a pure technology perspective I’m looking forward to improvements in price and functionality of end user devices – particularly low cost 2in1 windows devices displacing the desktop or traditional clam laptop as the default end user device. I hope the combination of these devices, windows 10, office 365, Wi-Fi and IPT will provide a better mobile platform that’s easier to manage and support and offers a seamless user experience regardless of location and connection type.

Looking ahead I’m also interested in how graphene will impact IT – whether it’s in battery technology or the size and speed of microprocessors, it appears to have the potential to be revolutionary (and it was invented in the UK!!).

 

How do you see business applications in wealth management adopting As-a-Service operating models?

Firms buy solutions that best meet their needs – how those solutions are delivered is often secondary, however vendors that deliver their solution (only) as a service are I feel better placed to rapidly adapt and evolve their offering as it’s a single code set, single port etc. This should keep their costs down and by passing those savings to customers they will drive adoption and create a virtuous circle. It should also mean they can focus development resource on new features rather than maintaining multiple code sets and branches.

 

In your opinion, what are the biggest data security risks that financial organisations are currently facing and how can they be overcome?

I think everyone understands the need for perimeter security, good patch management, access controls etc. But I think an area this is sometimes overlooked are “end users” either inadvertently or deliberately exposing data. We need to ensure we classify our data based on risk, educate our employees and have appropriate audit trails and controls based on data classification (all easier said than done). Service like MS Office 365 and OneDrive mean this has to be driven as much by policy and education as by IT.

 

Why did you choose Broadgate to assist you? What value has working with Broadgate brought to your team?

I’ve known the team for many years and trust them to do a good job for their clients.

Broadgate’s engagement style is collaborative and consultative, unlike other firms where every conversation is viewed as a selling opportunity.

 

Which technology trends do you predict will be a key theme for 2016?

Every year we think it will be cloud – maybe this year it will happen (though personally I’m not sure it will) Financial service firms are still hesitant to put client data into the public cloud and many firms say the cost of cloud is more than the marginal cost of adding capacity to their own facilitates.
Hosting strategies are difficult to formulate as the options are many and varied with no clear leaders. I think Google will drive into MS market share (a few years ago I can’t recall anyone seriously considering alternatives to MS Office) which should ensure healthy competition and better options for their customers.

Data is like Oil….Sort Of

Posted on : 30-09-2015 | By : Jack.Rawden | In : Data

Tags: , , , ,

0

  • We are completely dependent upon it to go about our daily lives
  • It is difficult and expensive to locate and extract and vast tracts of it are currently inaccessible.
  • As technology improves we are able to obtain more of it but the demand constantly outpaces supply.
  • The raw material is not worth much and it is the processing which provides the value, fuels & plastics in the case of oil and business intelligence from data.
  • It lubricates the running of an organisation in the same way as oil does for a car.
  • The key difference between oil and data is that the supply of data is increasing at an ever faster rate whilst the amount of oil is fixed.

So how can data be valued and what exploration mechanisms are available to exploit this asset?

The recent prediction that Google will be the first company to hit the $1 Trillion Market Cap is a good place to start to identify the value of data.  Yes, they have multiple investments in other markets, but the backbone of the organisation is the ability to capture and utilise data effectively. Another similarity is the valuation of Facebook at $86 dollars a share and ~$230B market cap with tangible (accounts friendly) assets of around $45B.  The added value is Data.

This highlights that calculating a company’s data worth or value is now integral in working out the valuation of an organisation. The economic value of a firm’s information assets has recently been termed ‘data equity’ and a new economics discipline, Infonomics, is emerging to provide a structure and foundation of measuring value in data.

 

The value and so price of organisations could radically alter as the value of its data becomes more transparent. Data equity will at some point be added to the balance sheet of established firms potentially significantly affecting the share price – think about Dun & Bradstreet, the business intelligence service – they have vast amounts of information on businesses and individuals which is sold to help organisations make decisions in terms of credit worthiness. Does the price of D&B reflect the value of that data? Probably not.

Organisations are starting appreciate the value locked up in their data and are utilising technologies to process and analyse the Big Data both within and external to them. These Big Data tools are like the geological maps and exploration platforms for the information world.

 

  • The volume of data is rising at an ever increasing rate
  • The velocity of that data rushing into and past organisations is accelerating
  • The variety of data has overwhelmed conventional indexing systems

 

Innovative technology and methods are improving the odds to finding and getting value from that data.

How can an organisation gain value from its data? What are forward thinking firms doing to invest and protect its data?

1. Agree a Common Language

Data is and does mean many things to different firms, departments and people. If there is no common understanding of what a ‘client’ or ‘sale’ or an ‘asset’ is then at the very least confusion will reign and most likely that poor business decisions will be made from the poor data.

This task is not to be underestimated. As organisations grow they build new functions with different thinking, they acquire or are bought themselves and the ‘standard’ definitions of what data means can change and blur. Getting a handle on organisation wide data definitions is a critical and complex set of tasks that need leadership and buy-in. Building a data fabric into an organisation is a thankless but necessary activity in order to achieve longer term value from the firm’s data.

 

2.Quality, Quality, Quality

The old adage of rubbish in, rubbish out still rings true. All organisations have multiple ‘golden sources’ of data often with legacy transformation and translation rules shunting the data between systems – if a new delivery mechanism is built it is often implemented by reverse engineering the existing feeds to make it the same rather than looking at the underlying data quality and logic. The potential for issues with one of the many consuming systems makes it too risky to do anything else. An alternative is to build a new feed for each new consumer system which de-risks the issue in one sense but builds a bewildering array of pipes crossing an organisation. With any organisation of size it is worth accepting that there will be multiple golden copies of data but the challenge is to make sure they are consistent and have quality checks built in. Reconciling sets of data across systems is great but doesn’t actually check if the data is correct, just that it matches another system….

3. Timeliness

Like most things, data has a time value. As one Chief Data Officer of a large bank recently commented ‘data has a half-life’ – the value decays over time and so ensuring the right data is in the correct place and the right time is essential and out of date/valueless data needs to be identified as such. For example; A correct prediction of tomorrow’s weather is useful, today’s weather is interesting and a report of yesterday’s weather has little value.

4. Organisational Culture

Large organisations are always ‘dealing’ with data problems and providing new solutions to improve data quality. Many large, expensive programmes have been started to solve ‘data’. Thinking about data needs to be more pervasive than that it needs to be part of the culture and fabric of the organisation. Thinking about data (accuracy, ownership, consistency, and time value) needs to be incorporated into organisations as part of the culture, articulating the value of data can help immensely with this.

5.Classification

Understanding what is important rather than having a blanket way of dealing with data is important. Some data doesn’t matter if it is wrong or not up to date because either not consumed (obvious question is – then why have it?) or irrelevant for process.  Other data is critical for a business to survive so a risk based approach to data quality needs to be used and data graded and classified on its value.

6. Data ownership

Someone needs to be accountable for and owner of data and data governance within an organisation. It does not mean that they have to manage each piece but they need to set the strategy and vision for data. More large organisations are now creating a Chief Data Officer role to ensure there is this ownership, strategy and discipline with regard to their data.

Data is the core of a business and there is a growing acknowledgement of its potential value.

As the ability to extract information and intelligence from data improves there will be some disruptive changes in the market value of firms that have the sort of data which can improve the organisations market share, profitability and potentially traded.

Companies that have huge amounts of information regarding their customers: banks, shops, telecoms firms will be well positioned to take advantage of this information if they can manage to organise and exploit it.

 

The Blockchain Revolution

Posted on : 28-08-2015 | By : richard.gale | In : Cyber Security

Tags: , , , , , , , , , , ,

3

We’ve been excited by the potential of blockchain and in particular bitcoin technology and possibilities for a while now (Bitcoins: When will they crash?  More on Bitcoins..  Is someone mining on my machine? ). We even predicted that bitcoins would start to go mainstream in our 2015 predictions . We may be a little ahead of ourselves there but the possibilities of the blockchain, the underpinning technology of crypto currencies is starting to gather momentum in the financial services world.

Blockchain technology contains the following elements which are essential to any financial transaction

  1. Security – Blockchain data is secure as each part of the chain is linked with the other and many copies of that data are stored among the many thousands of ‘miners’ in an encrypted (currently unhackable) format. Even if a proportion of these miners were corrupt with criminal intent the voting of the majority will ensure integrity
  2. Full auditability – Every block in the chain has current and historic information relating to that transaction, the chain itself has everything that ever happened to it. The data is stored in multiple places and so there is a very high degree of assurance that the account is full and correct
  3. Transparency – All information is available in a consistent way to anyone with a valid interest in the data
  4. Portability – The information can be available anywhere in the world, apart from certain governments’ legislation there are few or no barriers to trade using blockchain technology
  5. Availability – There are  many copies of each blockchain available in virtually every part of the world blockchains should then always be available for use

The blockchain technology platform is flexible enough to incorporate additional functions and process without compromising it’s underlying strengths.

All major banks and a number of innovative startups are looking at ways blockchain can change the way transactions are executed. There are significant opportunities for both scale and efficiency using this technology. Areas being researched include;

  • Financial trading and settlement. Fully auditable, automated chain of events with automated payments, reporting and completion globally and instantly
  • Retail transactions. End to end transactions delivered automatically without the opportunity of loss or fraud
  • Logistics and distribution. Automatically attached to physical and virtual goods with certified load information enabling swift transit across nations
  • Personal data. Passports, medical records and government related information can be stored encrypted but available and trusted
There are still some significant challenges with blockchain technology;
  1. Transactional throughput – limited by banking standards (10’s of transactions per second at present rather than 10,000’s)
  2. Fear and lack of understanding of the technology – this is slowing down thinking and adoption
  3. Lack of skills to design and build – scarce resources in this space and most are snapped up by start-ups
  4. Complexity and lack of transparency – Even though the technology itself is transparent the leap from the decades old processes used in banks back offices for example to a blockchain programme can be a large one. In the case of time critical trading or personal information then security concerns on who can view data come to the fore.
  5. Will there be something else that replaces it – will the potentially large investment in the technology be wasted by the ‘next big thing’?

We think blockchain could have a big future. Some people are even saying it will revolutionize government, cutting spending by huge amounts. If blockchain transactions were used to buy things then sales tax and various amounts to retailers, wholesalers, manufacturers could be paid immediately and automatically. The sales person could have the blockchain credit straightaway too.

Blockchains could remove huge levels of inefficiency and potential for fraud. It could also put a significant number of jobs at risk reflected in John Vincent’s article on the future of employment.

Is your small business the next target for hackers?

Posted on : 28-08-2015 | By : kerry.housley | In : Cyber Security

Tags: , , , , , , , , ,

0

Cyber attacks make great headlines but behind the headlines are the real stories affecting real business.  The fact is that smaller medium sized companies are increasingly more likely to be targeted than their larger counterparts.  SMEs are now considered the biggest target in the cyber threat landscape.

There are many reasons for this, smaller companies don’t think that that they have anything of interest to hackers “why would anybody want to attack us we don’t have anything to steal”. They couldn’t be more wrong,  even if they don’t have any information which is of interest in its own right they may well provide a way into a larger organisation in their supply chain.

Some worrying statistics are emerging which show hackers are specifically targeting smaller companies as they do not have the budget for people or technology to protect themselves. Key risks for smaller firms are:

  • Lack of security policies and controls
  • Low levels of knowledge of potential threats and methods to combat
  • Small or no budget allocated to cyber protection
  • Outdated technology and update procedures
  • ‘Ostrich’ approach to risk assuming it will happen to someone else

The impact of a cyber attack on an SME can be disproportionate to its size. Larger companies can absorb relatively large losses well and can call on external help to resolve  – Sony’s breach in the end was estimated at £35m which had negligible impact on a multi-billion dollar organisation. For smaller firms, any loss (whether cyber or other fraud) can put them out of business if it impacts cash-flow and could result in the loss of major clients if they are part of a larger firms supply chain.

It is crucial to understand that information assets are more valuable than you might think.  Although larger enterprises now appear to be taking steps to protect their organisations many do not look to their partners and vendors so they too are guilty of not understanding the effect on the supply chain.  There is no point in pulling out all the stops internally to protect information assets if the companies that you do business with are not doing the same.

Many commentators have described SME’s as the Achilles heel in the business world which will result in devastating financial consequence if they do not take appropriate action to protect their information assets.  The UK Government Information Security Breaches Survey 2015 found that 74% of SMEs had reported that they had suffered an information security breach. They also found that severe attacks can now cost up to £300k+ for a smaller business.  This would put many smaller companies out of business as they couldn’t afford to take a hit this big.

In response to this threat the UK government have launched a number of initiatives designed to help SME’s to understand the cyber security issues that they face. 2014 saw the launch of the Cyber Essentials Scheme which is designed to be a much simpler way for business to take steps to limit their risk of a breach.  Most recently in July a voucher scheme has been set up which will enable SME’s to apply for a maximum of £5000 which can be used to fund specialist advice from Information security specialists that they otherwise would not be able to afford.  These initiatives are designed to increase the resilience in the UK business community to cyber attack. Ed Vaizey digital economy minister has said “We want to protect UK business against cyber attack and make the UK the safest place in the world to do business online.”

It is imperative that all businesses of any size understand the cyber threat and the effect this has on their entire supply chain network. Always know who you are doing business with and take steps to ensure you know how they are protecting your information assets.

In addition to assisting many ‘blue chip’ clients we also provide information risk assurance to smaller organisations. Often this can be quickly assessed with our ASSURITY product. Please do get in contact if you need some advice.

Kerry Housley

Kerry.Housley@broadgateconsultants.com

 

ASSURITY: Cyber Value at Risk calculations

Posted on : 30-07-2015 | By : richard.gale | In : Cyber Security, Innovation

Tags: , , , , , , , , , ,

0

If the assumption that cyber attacks are inevitable is true then what can you do? An approach is to pour unlimited amounts of money into the blackhole of IT security. Another, more sensible, approach to take would be risk based, predicting the likelihood, the form and the cost of an attack against the cost of avoidance or mitigation.

Our ASSURITY Information Risk Assessment calculates the Cyber Value at Risk (CVaR) based on a number of criteria including industry, size, profile, interface, level of regulation and a number of other factors. What it provides is hard facts and costs that company directors demand to ensure they are obtaining value from their information security investments and that it is directed to right places.

Building a credible method of estimating and quantifying risk is essential to the process of risk management. The very public breaches at Sony, Target & Ashley Madison mask the multitude that do not make the press. In the UK there is little incentive to highlight a breach but new legislation will change that for organisations in the next year. So given that cyber attacks are “inevitable” then how can the economic impact be calculated for a particular organisation?

The World Economic Forum recently released its report “Partnering for Cyber Resilience; Towards the Quantification of Cyber Threats,” which calls for the application of VaR modelling techniques to cyber security. The report describes the characteristics a good cyber-oriented economic risk model should have, but it doesn’t specify any particular model. Here, we consider the concept of “value at risk,” what it means, how it can be applied to the cyber, and describe how a CVaR model is implemented in our ASSURITY product.

At Broadgate we have carried out a significant number of security assessments so can draw on the data but we can supplement it with simulated information based on a set of assumptions and factors related to an organisation. We utilise that knowledge from the financial markets to build out Cyber VaR.

  • Assets – these are the network infrastructure of an organisation
  • Values – these are the loss potential of service disruption, intellectual property, compliance failures etc located in the assets
  • Market changes – increase and decrease in the incidence of attack and its effectiveness

Using the data and historic information the CVaR can be calculated with growing certainty and so the risks/costs of an attack can be computed with confidence.  The challenges are modelling the network, value and market changes!

So why does CVaR matter? Cyber Security like most control mechanisms comes down to risk management. Risk management needs real information and figures in order to be useful to a business. If it does not then it is just guesswork so could end up with focus on the wrong areas resulting in over spending and gaps in defences.

Different organisations, sectors and organisational profiles have differing risk profiles and exposures. Companies also have different risk appetites (which change at different stages of their development). So understanding YOUR Cyber Value at Risk is a significant tool to helping understand the risks to your organisation, the potential losses and how to focus your cyber investment. Broadgate’s ASSURITY product can help articulate the risks, costs and best path to resolution.

The ASSURITY product differentiates from other methodologies by being the most complete and accurate assessment that organisations can undertake to really understand their security risk exposure.

If you would like to find out more about the product and to arrange a demo, please contact jo.rose@broadgateconsultants.com or call +44(0)203 326 8000 to speak to one of our security consultants.

 

“Scores on the Doors” – The Broadgate Brand Perception Survey Results

Posted on : 27-05-2015 | By : Jack.Rawden | In : General News

Tags: , , , , , ,

0

Recently Broadgate kicked off an internal initiative to try and gauge the “Broadgate” brand and it’s perception across its stakeholders.  In March a survey was distributed and responses flowed thick and fast.  Respondents were from a variety of groups, from clients to partners, associates, rivals – even one of Broadgates director’s mothers.  If you were one of the people that took the time to respond, thank you.

Survey Aims

Since 2008 Broadgate has been providing Technology and Business Services to a range of institutions.  A decision was made in January this year to see if Broadgate could gain an understanding of how it is viewed by its stakeholders. As a company we were keen to get a feel for:-

  • How the Broadgate “Brand” is seen and what is associated with it
  • If there are any gaps in services Broadgate are currently providing
  • Our Communication Channels, how people use them and the content
  • If there is anything that Broadgate should be improving

Results from the survey were combined, analysed and key trends/themes emerged. Broadgate has taken valuable insight from this and some of the findings are included below.

Broadgate Brand Quotes

Communication

Broadgates communication channels have been generally well received.  Stakeholders have reviewed the Broadgate twitter feed, LinkedIn profile, website, blog and newsletter.  In general the level, detail and frequency of communication was good and as part of the process Broadgate will continue to develop these, particularly the newsletter to keep content informative and relevant. In the near future the newsletter will receive an updated look and we will strive to continue to produce informative, relevant and forward thinking articles.  There will also be a push to improve the social media content, so if you don’t already, follow Broadgate on LinkedIn, Twitter and soon Google +.

Brand Perception

The good news for Broadgate is that the Broadgate name and brand is overall perceived well.  Trust, knowledge and strengths all scored highly.  This is something that as a company we will endeavour to keep and improve as Broadgate grows.

A few comments that came from the survey associated Broadgate as being “Credible”, “Un-biased”, “Knowledgeable”, “Delivers Value”, “Experienced” and “Flexible”.  From a Broadgate perspective this aligns with Broadgate’s “Core Values” and what we pride ourselves as some of our key strengths.  We will continue to work to these “Core Values” and ensure that our standards don’t slip.

Could improve

The survey did highlight some areas in which Broadgate can improve and work has been started to try and improve these areas.  Broadgate has a social media presence, however, respondents to the survey did not view or engage with the content.  Broadgate also needs to improve visibility on its core technical strengths between groups.  Certain groups see Broadgate differently to one another, which means there is an issue with the way Broadgate is communicating its core skills and values.  Work has already started on both of these areas and hopefully these will be resolved in the near future.

Overall the survey has been a success, things that Broadgate are doing well will be the core values for Broadgate as it progresses and expands further.  Areas for improvement will be addressed and plans are in place to try and remediate them.  All feedback received has been taken on board and will used to improve the level of services Broadgate provide.

Obtain value from your cyber security investments

Posted on : 27-05-2015 | By : richard.gale | In : Cyber Security

Tags: , , , , , , , , ,

0

Protecting against cyber-attacks is starting to feel like throwing money into a bottomless pit. Gartner estimates that five percent of all IT spend is now consumed by security technology and solutions. But just how much money should a firm spend to protect itself? What is good enough? The answer is that ‘it depends’…

There is a cost to providing a level of security and there is a cost of a breach. Weighing up those costs and the likelihood of something happening is not always straightforward. The impact of a data loss can be very difficult to assess. The recent Sony breach had varying estimates exceeding $100m which have now been quietly downgraded to $15m in ‘investigation and remediation costs’ according to Sony’s financial statements. $15m still buys plenty of protection but even if it actually ends up double that then it only represents less than 2% of Sony’s sales in 2014.

Other very public data breaches involving millions of credit card holders (Target & Home Depot in the U.S.) have an impact on the consumer but the actual effect on the organisation is limited and is usually at least partly covered by insurance.

So is there any point spending more money on cyber protection? Over the years we have performed a large number of security assessments for our clients across a range of business sectors. We have often found that there is relatively high levels of spending but maybe not in the right areas with a focus on technology solutions rather than incorporating people and processes.

The other  significant findings are:

  • The likelihood and value of loss is very difficult to calculate
  • Explaining the impacts, consequences and counter-measures are described in technical rather than business terminology

What we have been working on over the last few months is distilling the data from our previous assessments and building it into a robust process to assess an organisations risk profile, quantifying the risks and costs of loss help the board understand the current state of the organisation. We can then construct a road map with measurable steps to the desired improved state.

Next month we are launching Broadgate’s new assessment product. We are very excited as we feel it provides a bespoke, business related 360 security view of an organisation. It is based on the existing standards (such as ISO27001, UK  Government’s Ten steps,  Cyber Essentials, Sans20) to provide a solid basis for the analysis. Broadgate’s unique security assessment methodology incorporates a “Cyber value at risk” incorporating the anonymised  data from previous assessments and based on your a number of features including business, sector, market size including factors such as the board’s media profile and public perception.

Our solution clearly explains the current status, risks, likely impacts. It also incorporates potential improvement measures &  solutions with measures of success in clear business language. This enables senior executives to make the informed, relevant investment decisions extracting the maximum value from cyber security.

Next month we will cover the product in more detail and are aiming to make a summary version, with historic data, available on our website for you to try. If you would like more information or a pre-release trial please contact Kerry Housley

 

Agile. Is it the new name for in-sourcing?

Posted on : 30-01-2015 | By : richard.gale | In : Innovation

Tags: , , , , , , , , , , , , , , ,

0

Business, IT, clothing are all similar in so much that they can lead and follow fashions & trends.

Looking at IT specifically there is a trend to commoditise and outsource as much as possible to concentrate on the core ‘business’ of growing a business. As we all know this has many advantages for the bottom line and keeps the board happy as there is a certainty of service & cost, headcount is down and the CIO has something to talk about in the exec meetings.

At the coalface the story is often a different one with users growing increasingly frustrated with the SLA driven service, business initiatives start to be strangled by a cumbersome change processes and support often rests in the hands of the dwindling number of IT staff with deep experience of the applications and organisation.

So a key question is –  How to tackle both the upward looking cost/headcount/service mentality whilst keeping the ability to support and change the business in a dynamic fulfilling way?

Agile is a hot topic in most IT and business departments, it emerged from several methodologies from the 1990’s with roots back to the ‘60s and has taken hold as a way of delivering change quickly to a rapidly changing business topology.

At its core Agile relies on:

  • Individuals & interaction – over process and tools
  • Customer communication & collaboration in the creation process – over agreeing scope/deliverables up front
  • Reactive to changing demands and environment – over a blinkered adherence to a plan

The basis of Agile though relies on a highly skilled, articulate, business & technology aware project team that is close to and includes the business. This in theory is not the opposite of an outsourced, commodity driven approach but in reality the outcome often is.

When we started working on projects in investment organisations in the early ‘90s most IT departments were small, focused on a specific part of the business and the team often sat next to the trader, accountant or fund manager. Projects were formal but the day to day interaction, prototyping, ideas and information gathering could be very informal with a mutual trust and respect between the participants. The development cycle was often lengthy but any proposed changes and enhancements could be story boarded and walked through on paper to ensure the end result would be close to the requirement.

In the front office programmers would sit next to the dealer and systems, changes and tweaks would be delivered almost real time to react to a change in trading conditions or new opportunities (it is true to say this is still the case in the more esoteric trading world where the split between trader and programmer is very blurry).  This world, although unstructured, is not that far away from Agile today.

Our thinking is that businesses & IT departments are increasingly using Agile not only for its approach to delivering projects but also, unconsciously perhaps,  as a method of bypassing the constraints of the outsourced IT model – the utilisation of experienced, skilled, articulate, geographically close resources who can think through and around business problems are starting to move otherwise stalled projects forward so enabling the business to develop & grow.

The danger is – of course – that as it becomes more fashionable – Agile will be in danger of becoming mainstream (some organisations have already built offshore Agile teams) and then ‘last years model’ or obsolete. We have no doubt that a new improved ‘next big thing’ will come along to supplant it.