Apac
  • Home
  • CXO Insights
  • CIO Views
  • News
  • Conferences
  • Newsletter
  • Whitepapers
  • About us
Apac
  • Admired Tech

    Agile

    AI Healthcare

    Artificial Intelligence

    Augmented Reality

    Aviation

    Big Data

    Blockchain

    Cloud

    Cryptocurrency

    Cyber Security

    Digital Transformation

    Drone

    HPC

    Infrared

    Internet of Things

    Networking

    PropTech

    Remote Work

    Scheduling Software

    Simulation

    Startup

    Storage

    Wireless

  • Banking

    E-Commerce

    Education

    FinTech

    Food and Beverages

    Healthcare

    Insurance

    Legal

    Manufacturing

    Pharma and Life Science

    Retail

    Travel and Hospitality

  • CISCO

    Microsoft

    Oracle

    Salesforce

    SAP

    ServiceNow

  • Business Intelligence

    CEM

    Cloud-based Planning

    Cognitive

    Compliance

    Contact Center

    Contact Tracing

    Contactless Payments

    Content Management System

    Corporate Finance

    CRM

    Custom Software Development

    Data Center

    Enterprise Architecture

    Enterprise Communications

    Enterprise Contract Management

    ERP

    Field Service

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    Product Management

    RegTech

    Revenue Management

Menu
    • Capital Market
    • Cognitive
    • Digital Transformation
    • E-Commerce
    • Blockchain
    • RegTech
    • IT Service Management
    • Augmented Reality
    • Microsoft
    • Managed Services
    • Collaboration
    • Healthcare
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Capital Market
    Editor's Pick (1 - 4 of 8)
    left
    Tech Strategy for Capital Markets and Other

    Jeff Roberts, CIO, HFF

    Transformations in Financial Technologies

    Jacob Sorensen, CIO, Bank of the West

    Innovations in Market Surveillance and Monitoring

    Dr.John Bates, CTO, Intelligent Business Operations & Big Data, Software AG

    From the Chief Information Officer to the Chief Innovation Officer : Leading the Digital Transformation

    Bjoern Goerke, CIO, SAP AG

    Interconnected Trust - The Digital Economy's Renewable Energy

    Rocky Scopelliti, Director at Optus Futurologist & Author, Youthquake 4.0

    Five Benefits of Open APIs + Marketing Automation

    Mark Bantique, Vice President, Head of E-Commerce, Security Bank Corporation

    Digitisation of Capital Markets

    David Heathcote, Global Head of Debt Advisory, KPMG

    Digital Disruption and the Future of Capital Markets

    Kenneth Lee, Head of Primary Bond Markets, Natixis Asia Pacific

    right

    Capital Markets Firms Looking for Low Friction Solutions

    By Vic Winkler, CTO, Covata

    Tweet
    content-image

    Vic Winkler, CTO, Covata

    In capital markets, information is as much a currency as money is. Yet this fact is not reflected in how we protect sensitive data or IT-enabled conversations. Why is this?

    In the capital markets, the most obvious factor is that the profit motive dominates all activities. Because of this, some decisions and sharing of sensitive data are made despite the risks. Secondly, in capital markets the IT sphere is complex. It is difficult to design “right”, it is difficult to implement “right”, and it is harder yet to keep things secure. The difficulty starts with underlying technologies and it extends up through user-facing solutions. Even when you get all that right inside your business, you still have to interact with others outside your business. And then it is just convenient and expedient to assume that the information you share with them will be protected. As we know, digital information is not like paper documents.

    In the digital world, when you share content you effectively surrender control over it

    You still have the original file, but  you now also have identical copies of that file in locations that are outside your control. And, any copy of your file is likely to be duplicated due to backup regimes. But other programs can also make copies—for instance, when you email a file to  a single individual you multiply from that one original file to a minimum of four new copies! (One in your email client, one on your email server, one on your recipient’s email client and one on their server and all that before these are backed up. Data is at risk to any compromise on any system in which any copy is stored.

    When you process, store or share “sensitive information“ you need to trust every computer, every network connection and every person from the point that the information leaves your care and for as long as it or any copies exist

    There have been several efforts in the financial community to address the question of whether you can trust another party in terms of their security practices and the controls they enforce.

    For example, “Shared Assessments” has real traction in this. But going beyond establishing metrics to trusting other parties is more difficult.

    Getting to the protection of information, it is important to understand that while there are regulations around much capital markets data, the IT world is still fairly naive about the nature of the relationship of data to owners, custodians, stewards, consumers, or  subscribers. We still do not have a matchup between technology controls and the right grammar to properly describe roles and responsibilities in a manner that is clear to the CEO, database administrator, to the invested third party, or the person whose information is at stake.

    Regulations require that some sensitive data be protected, and then there is information that if exposed would lead to financial or reputational damage. In both cases, systems and persons interact with the data in some role or capacity. Inside an organization, data governance is either forgotten or comes in various stages of immaturity. Too often we falsely depend on the permeable perimeter that enterprises feel safe within. Firewalls, VPNs and security within the IT sphere of an organization are only as good as the proverbial weakest link—for instance your compromised BYOD or corporate laptop. The firewall has minimal value since we demand access to so many services. It is regular sport for hackers to subvert these services so now the firewall is more like a screen door.

    In most cases, governance ignores that the information sphere is really a multidimensional spectrum where different information demands different rules around its protection and control. Recognizing that not all your information needs to be protected or even backed up is an important starting point toward effective information security.  The sheer volume of information that is used or created by any organization makes for an unnecessarily bigger problem when you do not have a clear understanding what needs protection and control.

    "By combining encryption with access controls, we can wrap sensitive data at the moment we create it and protect it through its life cycle"

    To start, you can undertake a modest effort to define your enterprise’s requirements for what kinds of information are sensitive or demand access controls. Not everything needs equal treatment in terms of the security triad which is: Confidentiality, Integrity and Availability. Security is expensive, and the expense propagates more and more if you apply equal security to everything. For instance, cryptography is computationally expensive—why encrypt everything if you do not  need to do so? But it is not only expense, it is the false sense of security you have if you just lump everything behind the enterprise and require people to badge  into physical spaces and authenticate into virtual ones to do their work. Remember, Snowden worked for an especially paranoid organization and in a very secure facility, yet he was able to abscond with the equivalent crown jewels. If you have crown jewels, don’t let the admin clean them without supervision.

    What you really want is real control over your data. You own it, you want to control it. Sharing information inside the organization or on an ad hoc basis shouldn’t require the IT department to go into food or sleep deprivation. What we want are low friction solutions and that require no substantive changes to our IT infrastructure.

    What we really want is protection and control of our data

    What does that look like? Lets start by saying that encryption alone is not the answer. But if we combine encryption with access controls, we can wrap sensitive data at the moment we create it and protect it through its life cycle. The goal is that we want to be able to control access to the data even after we share it. These technologies exist today, solutions using these technologies are available and you may recognize that this sounds like Digital Rights Management.

    tag

    Financial

    Firewall

    Information Security

    Weekly Brief

    loading
    Top 10 Capital Market Tech Solution Companies - 2019

    Featured Vendors

    BAM Fintech

    Sam Leung, Co-founder & CIO and Terence Goh, Co-founder & CEO,

    Arkratos Blockchain Solutions

    Ashish Srivastava, Senior Vice President

    ON THE DECK

    Capital Market 2019

    Top Vendors

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Accelerating Petcare Innovation through CRM and Digital Vision

    Accelerating Petcare Innovation through CRM and Digital Vision

    Miao Song, Chief Information Officer, Mars Petcare
    How Cloud Systems are Impacting Business Environments

    How Cloud Systems are Impacting Business Environments

    Martin Stegner, CIO, NOVUM Hospitality
    Digital Tack

    Digital Tack

    Claus Nehmzow, Chief Innovation Officer, Eastern Pacific Shipping Pte
    Brokering the Cloud Services

    Brokering the Cloud Services

    Eric Boyette, Secretary & State CIO, Information Technology
    Defining a Cloud Strategy: A Higher Education Paradigm

    Defining a Cloud Strategy: A Higher Education Paradigm

    Russell M. Kaurloto, VP and CIO, Clemson University
    The 4Ps of Digital Transformation in Pharmaceutical Industry

    The 4Ps of Digital Transformation in Pharmaceutical Industry

    Debraj Dasgupta, Operating Officer, Head of Strategy and Go-To-Market Planning Division, Nippon Boehringer Ingelheim
    Technology’s Role in The Care and Quality of Life for The Aged

    Technology’s Role in The Care and Quality of Life for The Aged

    Jose A Perez, Chief Information Officer, Hammondcare
    How ECM is Revolutionizing Organizations

    How ECM is Revolutionizing Organizations

    Thomas Phelps IV, VP of Corporate Strategy & CIO, Laserfiche
    Loading...

    Copyright © 2021 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap |  Subscribe

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://capital-market.apacciooutlook.com/ciospeaks/-capital-markets-firms-looking-for-low-friction-solutions-nwid-887.html