Trends in Financial Services: Hedging on Public Cloud Adoption

The financial industry is going through a huge change in 2020. Financial services firms are in a unique position to modernize and improve business operations. How do you pinpoint the best and safest roads to prosperity, business continuity, and agility? This may seem like a tough nut to crack. That is where public cloud adoption enters center stage. Making the switch to new and unfamiliar tech is an understandable concern, given the critical factors such as rising cost pressures, managing complex business data and workloads, training existing IT staff, and so on. These concerns can be mitigated when turning towards expert IT services that hinge on public cloud power. There is a huge seismic shift working in favor of public cloud. Market stats show growing tendencies towards cloud adoption. According to a recent forecast by Gartner, in the current climate, by 2022 a cloud shift across key enterprise IT markets will surge to 28% (as opposed to 18% in 2018). Bigger financial market players are making the crucial leap to public cloud. BI reports that PayPal is looking to handle the bulk of its transactions via Google's public cloud. Goldman Sachs revealed its intentions to migrate their Marquee app to Amazon's cloud, in an effort to attract fintech developers. Meanwhile, JPMorgan is creating a cloud engineering hub in Seattle, which is minutes away from Amazon and Microsoft. As you can see the big players are already hopping on the bandwagon. Let us have a quick gander at some of the trends in financial services:
  1. Embracing Public Cloud for Business Operations
  2. Security and Compliance
  3. Hybrid Cloud
  4. Application Hosting
  5. AI and Machine Learning in Public Cloud
  6. Cloud Solutions Using OPEX Model

Embracing Public Cloud for Business Operations

Banks, hedge funds, and diverse financial services firms are still having trouble planning the road ahead. Banks, for instance, see the cloud space as the perfect launching point towards digital transformation and business resilience. Initially, many firms have issues regarding security, although they soon realize the well-known truth - public cloud providers have tremendous spending power to maintain their cloud environments. The public cloud environment and infrastructure feature numerous advantages and that's why they are seen as one of the hottest trends in financial services. Feel free to check out the biggest 11 benefits of public cloud. Knowing these advantages could help you crystalize exactly what is best for improving and modernizing business operations.

Security and Compliance

Many companies have learned valuable lessons and are taking extra caution every step of the way. The priorities are to improve data management, increase computing power, and storage capacity. This is often a dynamic and ever-changing beast. The need for safety and security has risen dramatically. Adoption of public cloud advisory services and public cloud provider tech, easily mitigates any potential soft spots in security, minimizing chances of cyberattacks. For example, every application that is deployed is always monitored, thereby regularly checked by expert in-house IT teams or your trusted outsourced IT partner. As a result, data is controlled within the safety of the public cloud. Such a controlled environment allows for increased customization to ensure smooth cloud deployments. Also, given the variety of compliance and regulations standards within the financial services industry, companies are meticulously focusing on Service Level Agreement (SLA). Reviewing if the services provider can align those properly with company business needs. Encrypting Data is equally important. Encrypting sensitive data is crucial when meeting compliance standards.

Hybrid Cloud

In addition, numerous companies are exploring other options to increase flexibility. They are looking to adapt their IT infrastructures to combine cloud services utilizing hybrid cloud. This represents a mix of all the benefits of public cloud, in addition to private cloud (or on-prem) services that might suit certain businesses. Because of this, Microsoft and Amazon are now hitting the market with their own hybrid solutions. These may solve the problem for companies that are looking to reap the massive benefits of public cloud but are afraid of certain disadvantages of on-prem.

Application Hosting

In the financial world, timing is everything. When financial firms need to know that their applications can run smoothly and effectively to meet everyday goals. However, when the public cloud is concerned, moving your legacy applications to the public cloud can be quite a challenge. Public cloud environments are often complex, so it is a good move to turn to a public cloud MSP with lots of experience in the financial industry.

AI and Machine Learning in Public Cloud

Machine Learning (ML) algorithms are popularly used in the tech industry and are increasingly becoming valuable for large-scale processes. Machine learning is a complex process, but it has a very simple and practical purpose – to learn, adapt, and get better. It is software or tech that is constantly self-improving. In a nutshell, ML automates intelligent decision making. Machine learning can be used for factor selection (Quantitative Finance). ML also applies other practical uses such as tracking transactions, zeroing in on suspicious accounts and activities within the cloud, and therefore improving security and more. Modern-day public cloud providers have an amazing variety of powerful AI-based tooling to improve enhance security and improve trading strategies. Banks, for example, are progressively utilizing AI and ML to process automation for trade finance, smart contracts, foreign payments, and so on.

Cloud Solutions Using OPEX Model

In the business world, OPEX is an abbreviation used to describe “operating costs” or “operational expenditure,” or more precisely expenses that come with running an everyday business. This can include anything from services to customer/client care, or any consumable resources that are paid for regularly. In short, it is the pay-as-you-go model. CAPEX, on the other hand, denotes long-standing investments and long-term commitments for equipment, resources, capacity, and so on. The trend in financial services is increasingly using managed public cloud services, and therefore switching to OPEX. The result is: driving innovation and delivering a better customer experience. Why is that? The simple answer is OPEX is a more cost-effective and more flexible operating model. Running and maintaining the cloud is left to cloud experts. In that scenario, the financial services firm’s existing staff focuses on the regular duties necessary to run the business smoothly. Financial forecasts are kept stable and predictable while hiring new staff or additional training of regular staff is no longer necessary.

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY

Now Complete: 2019 CSA STAR Submission

[et_pb_section fb_built="1" _builder_version="3.22"][et_pb_row _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.27.4"]

We are pleased to announce that our recent submission to the CSA Star registry, for our Security self-assessment document, was successful. The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.

The STAR registry documents security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.

As a member of this registry we:

  • Provide our customers with a high level of transparency and confidence that we use best cloud security practices
  • Help customers make the best procurement decision for them
  • Define gaps and improve our security posture
  • Continuously improve and reach higher, third-party audited, security level and certification

With the successful submission of our self-assessment document to the CSA registry, we have completed our first step on the road to the full STAR Level 3 Goal.

For more information click here: https://cloudsecurityalliance.org/star/

 

[/et_pb_text][et_pb_text _builder_version="3.27.4" custom_margin="-35px||-2px" custom_padding="0px||0px"]

 

[/et_pb_text][et_pb_image src="https://3bb4f13skpx244ooia2hci0q-wpengine.netdna-ssl.com/wp-content/uploads/2019/09/STAR-Table.jpg" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" custom_margin="||40px|"][/et_pb_image][et_pb_text admin_label="Text 2" _builder_version="3.27.4"]

About Hentsū

We have the breadth and depth of knowledge and experience to design, build and manage every aspect of your hedge fund technology. We offer next generation Corporate IT with cloud-based offerings such as O365 and OneDrive, Cloud Strategy Roadmap Design and Implementation, Data Science as a Service and Regulatory Technology solutions.

Talk to us about your public cloud strategy today. Contact us at hello@hentsu.com

[/et_pb_text][et_pb_cta title="Talk to us about your public cloud strategy today" button_url="https://hentsuprod.wpengine.com/contact" url_new_window="on" button_text="Contact Us Today" _builder_version="3.16" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"]

Need to improve how you run your hedge fund technology? Concerned with your legacy private cloud provider? Not getting the service you need?

Hentsū can help!

[/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section]

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY

Phishing Alert – Security Starts With You!

[et_pb_section fb_built="1" _builder_version="3.22" custom_margin="-12px|||" custom_padding="0px||0px||true|false"][et_pb_row _builder_version="3.25" custom_margin="-8px|||" custom_padding="0px|||"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.27.4"]

As technology continues to evolve so do threats to your security. Threats like phishing often fly under the radar so it is important to take the necessary precautions to protect your business. Always be suspicious of emails that ask you to click or open files and do not engage with links or files if you are not expecting them.   Here are some quick tips to help you prevent fraudulent activity:  

  1. Verbally check with the sender before following any instructions in the email, especially if the mail purports to be from official entities like banks, tax agencies, or important clients. 
  2. Look for urgency in the message which push you to do something quickly. 
  3. Keep an eye out for grammatical errors, spelling mistakes and inconsistent text/information. 

 The example below showcases some suspicious activity to look out for.    

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25" custom_margin="-13px|||" custom_padding="1px|||"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_image src="https://hentsuprod.wpengine.com/wp-content/uploads/2018/11/Phishing-Example.png" align="center" align_tablet="center" align_phone="" align_last_edited="on|desktop" _builder_version="3.23"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_text _builder_version="3.27.4"]

It is always important to remain vigilant as humans are often targeted with these emails. For this reason, we have created an advanced suite of threat protection technology that can help you avoid these incidents. For more information on our services, reach out to our team and take the first steps to keep your business safe and secure

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built="1" _builder_version="3.22" custom_margin="-16px|||" custom_padding="1px|||"][et_pb_row _builder_version="3.25"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_cta title="Talk to us about your security needs" button_url="https://hentsuprod.wpengine.com/contact" button_text="Contact Us Today" _builder_version="3.16" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="off" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="off" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="off" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off"]Learn how Hentsū can help protect you against fraudulent activity. [/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section]

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY

Provisioning Infrastructure as Code Through Microsoft Backed Terraform  

  • Quick and reliable public cloud deployments using Terraform
  • Enables users to describe public cloud environments in code
OK, the secret is out (our CTO Alex gave a talk about it, you can watch it below). One of the reasons Hentsū can deploy environments so quickly and reliably is because of the tools we’ve selected.  We’ve been using HashiCorp Terraform to describe, deploy and maintain public cloud environments since the company was founded. So we were glad to see Microsoft recently announced a multi-year partnership with HashiCorp to enhance the Terraform Provider for Azure. This is great news for Terraform users, like Hentsū, who have already benefited from using the Infrastructure as Code method of provisioning.

What Exactly is Terraform?

Terraform enables us to describe public cloud environments in code (HashiCorp Language). Terraform can then compare a public cloud account to the code and create a plan of changes to bring the environment up to date. If the plan is acceptable it can then be applied by Terraform to create, update or delete infrastructure resources such as networks, routing tables, firewall rules and virtual machines. It does this rapidly with as much parallelisation as possible leading to a slick, reliable and iterative way of deploying and maintaining public cloud environments. Deploying additional environments (test, staging, production) becomes a copy & paste exercise, or we create reusable modules. Using a code versioning system, like Git, we can version control a public cloud environment and even rollback to a previous version if, for example, a firewall rule change didn’t have the desired result. Changes can be codified on a separate code branch, and a pull request and approval required to promote changes to the master branch. This makes for a robust change management workflow for business-critical production environments. The code commit history provides an audit trail of who changed what, and the commit notes describe why. Terraform requires administrative credentials to make changes to public cloud environments. Storing these securely is a challenge so we prefer to generate short lived credentials that are usable for maximum 1 hour. Also, as part of a release pipeline, a scheduler like Teamcity or Jenkins can apply approved changes on behalf of IT and development teams.

Hentsū and Terraform

Microsoft backing HashiCorp only confirms that using Terraform to provision resources on cloud platforms is becoming the standard way of deploying infrastructure. Hentsū has first-hand experience using the software to deploy infrastructure successfully for its clients.

How Hentsū can Help

Want to discuss using Terraform software to deploy onto the cloud? Contact us at: hello@hentsu.com

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY

Security Breaches: Why Prevention Trumps Damage-control

More questions around cyber security and the safety of the cloud arose this week when it was revealed that the personal information of almost 200 million citizens had been left exposed for anyone to access on the Internet. More than a terabyte worth of personal details such as home addresses, phone numbers, and even voter registration details, collected by the US-based conservative data firm Deep Root, were stored on the Amazon cloud server, and were publicly accessible via a URL.  According to the firm, the data was left exposed after an update to their security system. A simple mistake, easily preventable, and yet it’s evident that the necessary procedures in place to mitigate these breaches in security were lacking.

THE REPERCUSSIONS OF OVERSIGHT

The news of the Deep Root leak made international headlines because of the scale of the leak and the magnitude of the political ramifications, however, they are certainly not the first and only firm to have a lackadaisical attitude towards storing and protecting its data.  Major leaks from big companies or organisations, from Yahoo, to Target, and even the NHS, have all been the centre of media scrutiny in the past, and it seems fresh news of data security breaches are hitting our newsstands almost weekly. According to a recent survey by Thread Stack, 73% of companies (out of the 200 surveyed) have at least one critical security misconfiguration that would leave their environment vulnerable and wide open to the Internet. If that weren't cause enough for concern, firms are also paying the price, quite literally, for their passive approach to security and data-encryption. Some disgruntled clients who have had their sensitive information stolen or exposed are demanding compensation, and are filing class action lawsuits, with the pay-outs sometimes ranging in the millions, leaving smaller firms with no choice but to close down. A hefty price to pay for a mistake so easily avoidable with the right procedures set up by those with the appropriate skills and experience.

CLOUD SECURITY PROCEDURES

Even though sensitive information was left exposed on the web for anyone to access, human error and lack of procedures should not put people off using cloud-based systems and services.  Additionally, on-premise hardware is not any less likely to be subject to security errors and oversights.The reality is, thousands of firms are currently using cloud-based systems, and realistically the numbers are only going to increase. Cloud platforms allow for several benefits, like flexibility in the cost of backup solutions, and the ability to process large amounts of data more cost effectively than traditional physical hardware. They also have the further benefit of exercising more granular control and auditing of the security.

CONSEQUENCES OF INEXPERIENCE

Nonetheless, using the cloud is only profitable if the necessary procedures are set up correctly and with security in mind. A bit like an Ikea flat pack, servers like AWS give you the tools to build an infrastructure, however, assembling it so it lasts long-term, is efficient, and doesn’t crumble under duress, is up to you. If the object you’re building is something small, like a side table, doing it yourself doesn’t seem like that big of a deal. Yet, if we think on a much larger scale, say a wardrobe, suddenly security, longevity and efficiency are at the top of your priorities. The consequences of inexperience are simply not worth the risk, which should be taken seriously. When using a cloud-based platform like AWS, numerous processes should be put in place to limit the chances of a safety breach. Simply relying on AWS or Microsoft to provide the level of security needed to avoid breaches and mistakes from occurring is simply not enough.  Even Ian Massingham, Amazon Web Services' (AWS) chief evangelist for Europe, Middle East and Africa, has stated that AWS are "not the owners or custodians of the data - we just supply the resources" adding. "we don't control how the data is protected, customers do".  Essentially, AWS cannot be held accountable in the event of a leak if the client didn't build the necessary infrastructure and processes to maintain and protect the data stored within its system. It boils down to who is responsible for the security within the cloud (the client) and who is responsible for the security of the cloud (AWS).

HOW HENTSU HELPS

Keeping this in mind, Hentsū helps build secure infrastructure for its clients by storing it behind multiple layers within the AWS platform or any other cloud platform. Each layer securely locked and accessible only through specific security requirements, such as location access, trusted devices passwords, and two-factor authentication. Doing this minimises the chances of simple and avoidable mistakes leaving data vulnerable and exposed on the web. Cloud-based platforms can only run efficiently if the correct infrastructure is built within them. For those firms who do not possess the knowledge and experience to correctly set up secure procedures within a cloud platform, Hentsū can ensure the correct systems are in place to minimise the circumstances in which a breach in security could occur.

YOUR NEXT STEPS

Questions around the protection of data and secure servers will always be relevant. By taking the necessary steps and ensuring secure procedures are in place as a safety net, there should be no reason to fear cloud-based platforms. Most importantly, you need to be confident that your systems were built to run by experts with the experience and knowledge in constructing secure servers and databases. Minimising human error by setting up and establishing proper security procedures goes a long way in ensuring systems run both efficiently and securely.

Contact Us

How secure is your infrastructure? Contact us for a security analysis and strategy: hello@hentsu.com

Date/Time

Date(s) - 01/01/1970
12:00 AM - 12:00 AM

Location

600 5th ave. NY, NY