Connect with us

Technology

THE FUTURE OF CLOUD: HOW TO KEEP YOUR DATA SAFE

Source: Finance Derivative

By Pete Braithwaite, COO of KIT Online

Cloud services are inherently scalable, responsive and flexible. They offer huge flexibility – after all, workers are no longer limited to just a select number of pre-determined locations – and as competition for recruitment hots up too, this allows the net to be cast further afield to secure the right staff.

Movement towards the cloud will only continue to grow. In these unprecedented times, where many businesses have been hit hard by the events of the last 18 months or so, cloud offers an attractive way to scale as and when a business needs, with no capital expenditure outlay and a subscription model that many companies find appealing. You can increase – or decrease – your capacity to cope with the traditional sales calendar but also – and especially important in these times of economic uncertainty – are often able to do the same for the number of seats you are being billed for when it comes to licensing.

As many businesses will be looking to grasp the potential for a post-pandemic economic rebound, how important is the cloud? And how can businesses look to both implement and adopt a cloud-based approach safely and securely, especially when it comes to managing data?

What’s the future of cloud?

So, what’s the future of cloud’s role in enterprise? And what implications will this have on cybersecurity and cybercrime? Well, one thing is for certain – cloud is here to stay. It offers a flexible, cost-effective way of procuring the services required for running a business with a dispersed workforce.

Cloud security considerations should be an integral part of any business now. The National Cyber Security Centre has 14 Cloud Security Principles which cover the protection of data in transit, asset protection, individual data isolation and access security, amongst other topics. The principles are not dissimilar to on-premise cyber security principles but the widening of the access points to cloud services and effective outsourcing of data storage means that lax security can open far more opportunities for attack.

To maintain the safety of data, devices and staff too, businesses must provide continual education of users on best practice, current threats and the implications and consequences of these. All staff should know what is – and what isn’t – acceptable security-wise, and the company’s policy on document sensitivity and data access. For businesses to thrive and remain safe, they must seek to implement a security-first culture.

How secure is the cloud?

In many ways, the cloud is in fact safer than traditional on-premise solutions. If an individual device is compromised or becomes defective, data stored in cloud services is not lost and can be accessed from an alternative device. If a device is stolen, any local data could be remotely wiped to avoid it being used perfidiously.

Alongside this, operating systems on devices are changing to better accommodate the shift to cloud. Chrome Enterprise, for example, is built for cloud-first devices with additional security features that make management even of a mixed device estate much easier to administer and keep safe.

How can a business adopt cloud solutions safely and securely?

Firstly, businesses must ensure a robust device policy – even for BYOD (bring your own device). The management of the estate is critical.

Next, provide a verified whitelist of trusted software and services rather than allowing users to search for – and potentially use – insecure or similar services designed to ensnare unsuspecting users.

It’s also crucial that businesses make sure that employees are educated about the security protocols, permission-based access and sensitivity of documents.

Finally, all IT teams should still confirm that cloud partners have adequate security measures – the responsibility cannot be shifted 100%. As per an on-premise solution, admins still need to be able to check that the systems and data are safe, that the latest security patches have been applied and have live visibility on any immediate threats that have been detected.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Harnessing AI to Navigate Regulatory Complexity in Banking and Finance

Source: Finance Derivative

By Harry Borovick, General Counsel, Luminance

The global banking and finance sector is navigating an increasingly complex regulatory landscape, compounded by uncertain macroeconomic conditions, marketplace competition, and heightened customer expectations. These pressures have increased the volume and difficulty[RW1]  of compliance requirements and raised the risk of substantial fines for businesses operating in this sector. Amidst these challenges, AI can offer practical solutions to ensure compliance and mitigate risks.

The Challenge

Whether it’s successfully navigating the London Interbank Offered Rate (LIBOR) or remaining compliant with newly implemented regulation like Digital Operational Resilience Act (DORA), financial institutions are no stranger to new regulations. From antitrust and competition laws to sustainability-focused regulations like the Financial Disclosures Regulation 2019/2088, growing regulatory complexity presents significant hurdles for legal departments within financial institutions. Additionally, the sheer volume and fragmented nature of the data at hand adds significant friction to legal workflows.[RW2] 

Legal teams in financial institutions are mandated to stay aware of incoming changes and must be equipped to handle them. After all, non-compliance carries severe economic, operational, and reputational consequences. In 2021, the UK’s Financial Conduct Authority (FCA) issued over £500 million in fines for non-compliance. The stakes are higher than ever, and the repercussions of failing to meet regulatory standards can be catastrophic. For instance, a prominent financial institution faced massive fines for failing to comply with anti-money laundering regulations, even being subjected to the first ever criminal charge issued by the FCA. This event highlights the significant financial and reputational risks involved when institutions fail to adhere to regulatory measures.

However, the issue extends beyond fines and potential financial loss. The stress exerted on industry professionals tasked with ensuring compliance is leading to increased mental health issues and high turnover rates. Reportedly, 60% of compliance staff feel burned out by the responsibilities they face. The pressure to maintain compliance amidst an ever-evolving regulatory environment should not be overlooked, as it may lead to a talent drain within the sector.

The Solution

AI provides a tangible solution to the compliance challenges faced by financial institutions. But what does that look like in practice?

  1. Effective Third-Party Risk Management: Financial institutions must maintain effective third-party risk management to identify and reduce risk across their service providers. This is often a manual, labour intensive task, but remains deeply important to compliance. Financial institutions can conduct thorough due diligence by centralising service provider contracts to ensure comprehensive oversight and risk management. AI provides a far more comprehensive ability to search through these documents, automatically surfacing key figures and grouping documents which are conceptually similar.
  • Accelerated Compliance Process: AI can automate documents routing across the team, ensuring an effective review process. AI automtically flag renewal dates in contracts, reducing time spent searcging for these vital data points.
  • Empowering Non-Legal Teams: Non-legal departments can use AI to generate standard agreements based on compliant, gold-standard language through self-service contract generation tools, streamlining approvals and reducing delays.
  • Navigating Global Complexity:  Global companies are often juggling multiple regulatory regimes, making compliance an even more complex, labour-intensive task. AI tools [AM3] can quickly and comprehensively analyse data sets [RW4] in multiple languages, removing barriers in global operations and expediting the document review process.

But what does this look like in practice? A leading US-headquartered private equity firm used Luminance to review nearly 1,000 documents, including NDAs, credit agreements, and fund documents. A project estimated to take two weeks manually was completed significantly faster, with over 350 LIBOR definition clauses identified upon upload. This kind of saving is instrumental to company success, particularly in such a competitive environment.

In an era where regulatory requirements are becoming more stringent and the consequences of non-compliance are more severe, financial institutions must leverage AI to navigate the evolving compliance landscape and maintain a competitive edge in a challenging sector. [RW5] Within a trend towards both financial transparency and environmental intervention which will only keep growing, taking steps now will be a key step for business continuity tomorrow. Adoption of AI-driven solutions enables compliance teams to keep up with the pace of regulation, even as it rapidly changes and evolves.


Just avoiding repetition of ‘complex’ – some other word than ‘difficulty’ might be better, if you prefer. [RW1]

Again, just finding ways to paraphrase complex/add some nuance. [RW2]

We want to be careful about appearing too self promotional, or the editor will reject. We should flag when we share the byline that the editor may reject the para which talks about lumi tech specifically due to neutrality guidelines.  [AM3]

Is ‘data room’ a term of art Luminance uses? It’s new to me, if so. [RW4]

This is fine in itself, but feels like it’s repeating what’s already been said in the byline. We could do with a bit of a step forward in the thinking that really brings the point home. [RW5]

One option would be to say something like:

“The 60% of compliance staff who report burnout might tell us all we need to know about the landscape right now, but there’s no reason to believe that this challenge will ebb in the future. Within a trend towards both financial transparency and environmental intervention which will only keep growing, taking steps now will be a key step for business continuity tomorrow…”

And then spell out the adoption of AI-driven solutions (which themselves will evolve at pace alongside changing legislation/regulation)?

Continue Reading

Business

Three ‘Must Haves’ to Convert Data Disaster into a Triumph

By Richard Connolly, Regional Director for UKI at Infinidat

When we think about disaster recovery planning, our thoughts tend to focus on natural disasters.  While flood, fire, earthquakes and other natural disasters are an IT disaster too, they are not as frequent as many think.

But another type of disaster is looming large. It’s entirely preventable. I’m talking about a cyberattack. Cyber threats are much more likely to occur than a natural disaster. Cyberattacks are now widely regarded as one of the single biggest risks that any organisation faces and almost always cited by CEOs as their #1 or #2 existential threat.

The risks of a cyber attack are evident in the UK Government’s Cyber Security Breaches Survey 2024. This study reported that half of UK businesses (50%), have experienced some form of cyber security breach or attack in the last 12 months. Among the largest businesses in the study, the frequency of cyber incidents is even higher. Seventy percent (70%) of mid-range businesses and 74% of large businesses (74%) reported an attack.  And these threats are not limited to the UK, as both the European Union and the United States have put out cyber security guidelines for business to follow to try to reduce the impact of cyber crime.

40% of big business cyberattacks are malware related

Cybersecurity attacks come in many forms and include a broad range of activities. Of all the possibilities, a malware attack is known to be the most disruptive to business operations. Malware incidents account for 40% of all cyberattacks on large businesses in the UK specifically and are a significant threat because of the risks they pose to data integrity. Regarded as ‘data disasters’ by storage experts, even a small malware incident can result in a business being shut down for days or weeks. Could your business survive an incident like that?

Minimise the threat of a cyberattack

If your business becomes the subject of a cyber attack, what steps can you take to minimise disruption and ensure the fastest possible recovery? In the past, one way a business could protect its data from disaster was by having data backups stored at multiple locations. If one site was hit, there would always be another copy available. Unfortunately, things are no longer that straightforward. Data disasters, like massive ransomware attacks, have completely changed the rules of disaster recovery and business continuity. Added to this, the significance of business data as a strategic asset is much greater today than it was previously. It’s why KPMG advises that ‘data is the most significant asset many organisations possess’ and protecting it isn’t just a case of having it stored at multiple locations.

3 must haves for a data disaster triumph

There are three absolute ‘must haves’ when it comes to being prepared for a data disaster with an iron-clad recovery strategy. These are as follows:

Must have #1 The ability to take ‘immutable snapshots’ of data that cannot be altered in any way and then isolate them in a forensic environment, when an attack hits. This means the copies can safely be analysed to identify a good replica of the data to recover.

Must have #2 The ability to perform cyber detection on primary storage, i.e. the data, programmes and instructions that are being used in real-time by the business; and secondary storage – data that is accessed less frequently or retained for compliance and historical reasons. Both are critically important.

Must have #3 The ability to instantaneously recover data.

Why are the data recovery ‘must haves’ so critical?

Looking into each of these capabilities in detail, immutable snapshots are the foundation of a robust data disaster recovery. Without a good copy of your data, you cannot recover quickly after a ransomware attack, which is likely to have corrupted or encrypted your data. By segregating the data copies with logical air-gapping and then having a fenced forensic environment, you can create a safe space to review the data prior to recovery. Even if datasets have been taken “hostage,” it’s possible to complete a recovery back to the most recent known good copy of data. This can completely obliterate the impact malware attacks can have because if the data is fully recoverable, there’s potentially no need to pay the cybercriminals.

The second “must-have” ability is cyber detection on primary and secondary storage. This is important because it can be an early warning sign of a cyberattack. It also ensures that there is no ransomware or malware hidden in the last known copy of data that you could revert back to. But before going through to the recovery stage, how do you know that a data copy is really “clean?”

This is where advanced cyber detection capabilities built into a software-defined primary storage platform can make the difference. They make it possible to do highly intelligent, deep data scanning and to identify any corruption whilst the data is still segregated in a fenced forensic environment. Additionally, identifying the highest integrity copy is more straightforward and it also provides indexing to identify potential issues.

The third “must-have” ability is rapid data recovery. This is obvious, but it’s easier said than done. When a business experiences a data disaster, time is of the essence. They can’t wait for days or weeks to recover a known good data copy. Even six hours of downtime is too much. Recovery should ideally take minutes to avoid a negative impact on the business. For this reason, experts measure how quickly you can recover your data and the quality of the data. Can you bounce back from a cyberattack quickly? Would your employees and customers notice if you were hit by a malware incident?

1 in 2 UK businesses experienced a cyberattack in 2023

The Government’s research says it all. Cyberattacks are taking place all the time and the latest study shows that 1 in 2 businesses are being affected. 40% of the attacks involved ransomware. As data becomes ever more important as a business asset, we can expect that these types of data disasters will become even more commonplace.

Although, your business might not be able to completely avoid a malware or ransomware attack, you can avert a full blown disaster and avoid the disruption they cause. By protecting your business with the three disaster recovery must haves – immutable snapshots, fenced forensic environments and advanced cyber scanning and rapid recovery – you will have done everything possible to mitigate this risk.

Continue Reading

Business

Preparing data for DORA compliance

Source: Finance Derivative

By Andrew Carr, Managing Director, Camwood

The financial sector is increasingly looking towards technology as the way to introduce new products and services and achieve competitive differentiation. But this reliance opens up avenues for cyber hackers to exploit weaknesses, and it’s a risk that the World Economic Forum has taken note of. Funding issues, reputational damage and a detrimental impact on other critical services could ensue from a successful attack, and the EU is making moves to counteract the threat.

The Digital Operational Resilience Act (DORA) will be applied on 17th January 2025. It’s a framework that makes prevention the priority, with the IT security of financial entities including banks, insurance companies and investment firms coming under its scope. Primarily applying to EU-based firms, UK organisations that work in EU markets also need to be compliant. With the implementation date nearing, businesses should review their preparations and ensure everything is ready, with a particular focus on their data management processes.

The details behind the regulation

The DORA regulation encompasses several key areas, including ICT-related incident reporting, digital operational resilience testing, ICT risk management and even monitoring of primary third-party providers. It also emphasises information sharing for exchange of data and intelligence around the latest cyber threats. Failure to comply can bring significant consequences. Fines can be up to 2% of total annual  turnover or up to 1% of average daily turnover worldwide.

Firms need a strong understanding of their data to meet the criteria, such as timely reporting of cyber incidents and sharing relevant intelligence. For example, there needs to be awareness of where each piece of data is located, who has recently accessed it, the access permissions attached to it and the type of storage being used. For numerous businesses, this information isn’t privy to them. A mixture of data is likely to sit in a complex mix of cloud, on-premise and multi-cloud deployments.

Data in numerous locations

A significant amount of data is hiding in places that financial organisations aren’t aware of. This is not because of any malicious activity, but simply due to natural data sprawl in different hosting solutions over so many years. Multi-cloud has achieved widespread adoption, with nine-in-ten organisations following this strategy according to the Flexera 2024 State of the Cloud Report.

This widespread distribution of data complicates locating specific information for sharing and presents security risks that jeopardise compliance with the DORA regulation. For example, it’s possible to have multiple copies of the same sensitive document stored in different locations. This not only wastes available storage space, but also increases the chances of unauthorised access to the data.

Supplier relationships are another key aspect of the regulation. Strategic partners will likely need access to a specific part of a financial firm’s system, and this data must be readily available, all while ensuring they can’t access other sensitive information. If a supplier fails, is the financial firm able to call on a readily available list of alternative service providers to ensure continuity? Data needs to be organised and in the right place for this to be made a reality.

Organising data

Achieving DORA compliance requires organising data into a manageable structure through several key steps. This starts with a data audit or assessment to identify data locations, storage types, retention periods and last access dates. This process provides a snapshot of the current data situation and highlights any necessary changes or alterations before January.

Next, fragmented data can be relocated from obscure locations to more logical ones and be clearly tagged. This allows users to easily identify data for sharing or reporting purposes. Duplicate documents can be identified and deleted in a move to free up space, reduce storage costs and lower cyber risks.

Finally, access controls and governance can be implemented to ensure that only authorised personnel, whether internal or external, can access specific data. Previously, 73% of leaders and employees have admitted that a lack of trust and data overload has hindered decision-making. With data properly organised, leaders and staff can make informed decisions based on accurate and trusted insights.

Planning ahead

As the financial sector increasingly relies on technology to move ahead with innovation, it must also address the associated risks. With the application date of DORA looming, which has strict requirements including incident reporting, ICT risk management, operational resilience testing and third-party oversight, firms need to tackle their data challenges head-on by assessing their current situation and implementing sufficient data management practices.

Data sprawl is a significant challenge, but detailed audits and structured data management can reduce risks and enhance operational resilience. By identifying where data is sitting, eliminating any duplicates and integrating strict access controls, financial organisations can ensure compliance while simultaneously strengthening their defences against cyber threats.

Continue Reading

Copyright © 2021 Futures Parity.