Month: October 2017

Information security challenges holding back innovation in the financial services sector

  • New research reveals that information security is the most common challenge facing IT departments in the financial services sector, with almost 6 out of 10 seeing it as a primary point of concern
  • 58 per cent of financial services organisations have encountered issues with securing customer data when attempting to improve the customer digital user experience

Financial services organisations are feeling particularly challenged by the need to secure their applications and data, and for many this is hindering their efforts to adapt rapidly to changing market conditions.

Surveying 138 IT and digital decision makers across financial services organisations, technology market research firm Vanson Bourne found that 57 per cent of financial services sector respondents considered information security to be one of the biggest challenges facing their organisation. Worryingly, these information security difficulties are having implications for the sector’s ability to adapt to a changing business environment, with 62 per cent of financial services respondents stating that an inability to properly manage security is holding back innovation.

Jason Zimmer, a FinTech specialist at Claranet, commented on the significance of these findings:

Financial services are under pressure from both a demand-side and a supply-side angle. With regards to the former, the 21st century consumer has become accustomed to near-seamless service from organisations. FinTechs and new start-ups are increasingly addressing these needs, resulting in increased consumer expectations when they engage with their financial services provider. In turn, this is putting more pressure on traditional financial services companies to do the same – not just in their client-facing applications, but in their internal operations too”

Regardless of the need to adapt to a rapidly changing market, however, security has to lie at the heart of everything that financial services organisations do – these businesses deal with some of their customers’ most sensitive information. In our research, we have found that too often the challenge of guaranteeing the requisite level of security has held back financial services organisations from adopting to this new reality.”

Zimmer cited the user experience on digital channels as an example of an area where security challenges are proving a problem for effective innovation:

A key battleground in this rapidly changing market is providing customers with the best access to products, services, and assistance via digital channels. Digital-only FinTechs are taking this to a new level, with start-ups such as Atom Bank taking advantage of the modern consumer’s digital-savviness and intolerance of inconvenience to revolutionise how personal finance works. However, 58 per cent of financial services organisations have found that securing customer details has been an obstacle when trying to improve this digital user experience for their customers”

Whilst innovation and security can sometimes seem to be opposing priorities, in financial services they have to move hand-in-hand to prevent exciting initiatives from being stymied by a lack of data protection or compliance. For many financial services organisations, the best way to do this is by partnering with specialist organisations that understand the sheer breadth and depth of security threats. This gives the organisation space to focus its own resources on continuously improving customer experience and service. In an increasingly disruptive market that means finding new ways to do business whilst ensuring that customers and internal stakeholders are confident in the security of data.”

Growth in leaked exploit attacks means penetration testing should be a front-line defensive measure, warns Sec-1

Actively rooting out vulnerabilities is the most effective way of preventing attacks of this nature

Recent research by Kaspersky Lab has found that leaked exploits have rapidly become one of the most dangerous methods of compromising vulnerable systems, with more than five million attacks blocked by the company in the second quarter of 2017 alone. This highlights the vital importance of adequate and frequent penetration testing procedures in finding software flaws, and taking appropriate action before an attack can take place. This is according to internet security experts at Sec-1, a Claranet Group company.

Attackers use phishing emails or hijacked websites to spread malware loaded with an exploit. An exploit is a piece of software that takes advantage of a vulnerability in order to gain access or, in the case of RansomWare, encrypt the device. Recent attacks, such as WannaCry and NotPetya, have the ability to spread and hunt out machines without the latest patches/updates installed. Others, like the original CryptoLocker which first appeared in 2013, spread through spam messages and exploit kits that rely on manipulating user behaviour. Either way, these attacks can succeed so organisations need to redouble their efforts to patch vulnerabilities in their systems. This should go hand-in-hand with existing security efforts which focus on user behaviour.

Holly Williams, Senior Security Consultant at Sec-1 said:

Seeing malware authors bundle leaked exploits in order to improve propagation rates highlights the need for testing of the internal corporate network. This is something that is often overlooked in favour of purely testing the perimeter”

Zero-day attacks are a concern for IT teams, and for the wider business as a whole due to their very nature as an assault on an undisclosed vulnerability. This means that the most up-to-date systems can be compromised. Although real-world attacks utilising malware are still extremely rare and to date, the most effective attacks have exploited known vulnerabilities, an example being the Flash vulnerability, CVE-2015-7645. It’s true that this trend for leaked exploits to be added to malware shows that attackers are becoming more sophisticated in a bid to capitalise on insufficient attention to patching and good security hygiene. Now, more than ever, the justification for performing regular penetration testing is clear, find the unpatched vulnerabilities well before the hackers can get to them.”

Alongside this, it is crucial to note that many of the recent high-profile leaks such as EternalBlue, used in the malware WannaCry and NotPetya, actually had a patch already available. This malware also used previously known hacking methods. Again, comprehensive, frequent penetration testing can prevent this from becoming a problem.

Of recent malware, NotPetya in particular was talked about as having done something that is advanced for malware. However, the method of credential extraction used is already well-known to penetration testers and other security experts. As for both WannaCry and NotPetya, a patch was made available months before the attack actually hit. This points to many organisations needing to get a much better handle on the pre-existing vulnerabilities in their systems.”

To help make this happen, Williams feels that entrusting the responsibility for penetration testing to a third party can be hugely beneficial.

A third party organisation brings a fresh pair of eyes to the testing process, meaning they can often spot vulnerabilities (and an absence of available patches) more effectively than IT staff who have been close to the system for a long period of time. In short though, it all boils down to being better prepared: exploits can be hugely dangerous, so implementing the right testing procedures aimed at determining where current security practices are insufficient should be a key priority.”

Skills shortages frustrating the pace of change for retailers

Upskilling staff and outsourcing IT responsibilities should be key priorities for retailers looking to remain ahead of the game

New research commissioned by Claranet has discovered that skills shortages in the retail sector are making it difficult for IT departments to play their part in driving innovation and helping their business achieve competitive advantage. The results from the research highlight the need for retailers to address these deficiencies by upskilling their IT staff and outsourcing areas of their IT estates to be able to focus on their core objectives.

The research, which was conducted by Vanson Bourne and surveyed 121 retailers from across Europe, found that while IT departments clearly recognise their central role in supporting wider business objectives and driving organisational change, skills shortages are limiting their potential. 36 per cent of respondents, for example, consider enabling business agility a key objective for the IT department and a further 30 per cent identified assisting revenue generation for the wider business as a top priority.

However, the research found that a significant proportion of retailers are being hamstrung by a lack of available skills within their organisations. 25 per cent stated that skills shortages were the biggest challenge facing the IT department, 30 per cent reported that skills shortages were a main barrier to wide-scale technology change within the business, and almost half (48 per cent) cited a general shortage of digital skills across the entire organisation.

Commenting on the findings, Michel Robert, CEO at Claranet UK, said:

The retail world is transforming dramatically because customers’ behaviour is radically changing, and to keep pace retailers need to rapidly adopt new ways of servicing their customers. The retailers that are winning in their markets today are the ones that are skilfully harnessing the power of new technologies to achieve competitive advantage. But while it’s encouraging that IT departments in the retail sector recognise their leading role supporting business change, it’s clear that they’re struggling to keep up.”

IT leaders in the sector face a broad range of challenges – from a lack of executive support to budget limitations – but it’s arguably skills shortages, both in the IT department and the wider business, that are the most crippling. Skills and staffing are essential if the IT department is to shed its cost centre image and drive the business forward. With demand for often-niche digital and technical skills increasing, CIOs in the retail sector will need to think carefully about which skills they need to foster internally and which they should look to access through third parties.”

Michel Robert believes that, to help tackle this problem, retailers should focus their efforts on upskilling their current IT workforce in the areas where they can add the most value.

In such a fast-paced industry, it makes absolute business sense for retailers to outsource everything they possibly can, so that their staff can focus 100% of their efforts on core business objectives. Nowhere is this truer than with IT infrastructure, and while reliable infrastructure is critical for every organisation, maintaining the skills in-house to achieve that adds absolutely no business value. By outsourcing infrastructure management to trusted third parties, retailers can spend less time keeping the lights on and more time cultivating the digital skills needed to improve the performance of their applications and drive innovation.”

The figures quoted in this release are from Claranet’s 2017/18 Market Research Report – Beyond Digital Transformation, which will be published later this month

Financial services businesses struggling to differentiate on customer experience

84 per cent of financial services organisations believing that the financial services IT department should be more focused on customer experience

Whilst digital disruption and the accompanying surge of FinTech challengers have made customer experience a key battleground in the financial services industry, many financial services businesses are still struggling to differentiate based on customer experience. Despite IT’s critical importance in delivering this, according to research commissioned by managed services provider Claranet the department is not successfully assuming a decisive role in customer experience.

Surveying 138 IT and digital decision makers from financial services organisations across Europe, market research firm Vanson Bourne found that 84 per cent believe that the IT department should be more focused on customer experience. This is particularly concerning considering that 47 per cent of these respondents also said that they are stagnating as an organisation because they are not keeping pace with competitors’ digital solutions and/or offerings.

Jason Zimmer, a FinTech specialist at Claranet, expanded on the research:

Digital disruption has provided an opening for nimble FinTechs and other start-up challengers to outmanoeuvre incumbents. One area in which they’re often able to take advantage of digital technology is in customer experience, where many financial services businesses are not meeting the modern consumer’s digital-savviness and intolerance of inconvenience. Taking on the challenge of a more competitive marketplace by aligning with these needs requires financial services businesses to leverage their technical skills and resources.”

Despite this, our research indicates that a large majority of IT and digital decision makers in this sector feel that their department lacks the requisite focus on customer experience. In this context, it is hardly surprising that research shows that almost half of financial services organisations are languishing due to not keeping up with competitors’ digital initiatives. It’s hard for an organisation to execute effectively initiatives that provide for the modern customer’s digital needs when the technological infrastructure is not in place.”

When looking at the reasons for IT’s underwhelming involvement in customer experience, Zimmer assigns some of the blame to wider cultural issues within organisations:

Half of our financial services respondents said that the IT department is still seen as a cost centre, despite its pivotal role in value-creating and competitive innovations. This attitude is rooted in an old school perspective on what IT does – one that sees its importance confined to ‘keeping the lights on’ and maintenance. At a time when digital disruption is reshaping the market, this approach prevents businesses from getting the full weight of their IT department behind initiatives that require their technical nous.”

This perception is likely entrenched in the reality that many financial services IT departments still spend a lot of time on IT infrastructure and maintenance type tasks. This means they have less resources to dedicate to core business objectives, including being more competitive by meeting customer’s digital needs. Reliable infrastructure and maintaining basic IT functions is vital for organisational success, but there’s often no reason why this should not be outsourced to third-party specialists, allowing the IT department to refocus on what it does best – creating value for the company through the effective use of technology.”

The figures quoted in this release are from Claranet’s 2017/18 Market Research Report – Beyond Digital Transformation, which will be published later this month.

Claranet gains recognition as a Kubernetes Certified Service Provider, confirming company’s containerisation expertise

New certification adds further capabilities to MSP’s integrated service offering

Claranet has been officially named as a Kubernetes Certified Service Provider (KCSP), in recognition of the company’s successful track record in assisting enterprises in adopting containerisation software. This latest certification underlines Claranet’s commitment to helping customers at every step of their IT evolution, as well as its passion for embracing rapidly growing technologies.

Kubernetes is an open-source system for automating the deployment, scaling and management of containerised applications. With more and more IT teams now turning to containers to help them easily manage an array of applications across both cloud and on-premise systems, becoming a KCSP complements Claranet’s commitment to enabling organisations to embrace the cloud without being locked into long-term contracts with a single provider.

Ian Furness, Hosting Services Director at Claranet UK, said:

Becoming a Kubernetes Certified Service Provider is a hugely positive endorsement of the work we have been doing in the container’s space. Containerisation has the power to dramatically increase agility and efficiency in the IT department, by eliminating many of the compatibility problems that businesses encounter when trying to manage applications and data across a mixture of cloud, on-premise and legacy infrastructure.”

Core to the Claranet philosophy is ensuring our proficiency covers the entirety of the IT spectrum. This is encapsulated by us holding the highest level of certification for delivering managed services on all of the ‘big three’ public cloud providers – AWS, Azure and Google Cloud. The Kubernetes certification marks our latest achievement in this area: making sure that businesses of all sizes have rapid access to IT expertise and services that they may not have in-house. At the same time, being a KCSP further underlines our focus on making cloud adoption as flexible as possible for organisations, by eliminating vendor lock-in and opening businesses to a wider range of cloud options.”

Furness also believes that attaining KCSP status illustrates the leading role that MSPs can play in taking the burden of containerisation away from businesses, and freeing up IT staff and key decision-makers to focus on innovation and wider business objectives.

Leveraging containers has huge potential to relieve IT teams of the complex challenges of managing rapidly evolving infrastructure. However, implementing containerisation in the right way takes time and effort, which a stretched IT team may not be able to provide internally. By outsourcing this responsibility to trusted third parties, IT staff can free up their time for more innovative projects and focus on driving the business forward.”