There are many areas within a company’s environment that can be targeted by hackers from the people and processes to the computer infrastructure and software.

When we focus on the technical architecture, one of the characteristics of many hacks is the complexity of the target environment. This post briefly explores how complexity often presents opportunity for hackers to exploit weaknesses created by overly complex systems.

Complexity is the enemy of any production system. When an environment becomes overly complex the interdependencies have upstream and downstream implications. These environments are vulnerable to hacking because as the complexity of the environment increases the number of elements in that environment creates additional risk.

There is also a direct correlation between complexity, security and stability. Environments that have multiple operating systems, data base and open source components require thorough testing and coordination and often introduce instability into the environment. Many companies also run a mix of old and new network devices which increases patching difficulty which adds to the risk profile.

Much has been written recently about how information is hacked from supposedly secure companies. Equifax will be studied carefully by industry analysts and government agencies to determine how and why something like this happened.

If you look at the Equifax external facing hosts it quickly becomes apparent the firm has an issue with the number of possible targets facing the outside world. There appears to be anywhere from 600 to 1500 domains with multiple sub domains and perimeter hosts facing the internet.

I believe that managing a footprint of that size and complexity requires a substantial security, network and production support team that have the ability to synchronize the patching, upgrading and ongoing maintenance of these systems. The security management and monitoring tools available today are also complex and require significant ongoing training, maintenance and upgrades.

Researchers have found that 37% of the sites surveyed included at least one library with a known vulnerability. This means that keeping up with simple patching is often very difficult for many companies. It remains to be see how Equifax managed their complexity and if they were on top of the critical maintenance necessary to keep the environment secure.

Recent press reports have put the blame on a vulnerability in the Apache Struts library. I would argue that even if the vulnerability was the Apache Struts library, identified in March, it would take the development team several weeks to even months to properly test the impact of the patch.

When looking at the disaster of the Equifax breach I think companies should learn from these mistakes and look at their own technical debt to understand where they are vulnerable. Patching systems is a basic foundation of a good cyber security strategy.

Making sure security decisions are incorporated into the architecture at the beginning of the design phase is critical, developers are not usually the best security experts.

Allowing your technology footprint to become overly complex and unmanageable is a problem that will be more expensive to remediate in the long run. A well managed, well documented and properly controlled environment is more difficult to penetrate.

I think the big picture is often lost in the details in an event like ‘the Equifax hack’ because it points to a larger issue that many companies focus on ‘business as usual’ and managing costs rather than being proactive about the security of the data is stored on their systems. If a company’s technology footprint grows organically without any design principles and without an ongoing threat and vulnerability assessment they are putting themselves and their clients at risk.

If I were to summarize the one responsibility Equifax has it would be to manage the ‘personal credit data’ for American consumers such that that data will never be leaked, exposed or shared without prior approval of the owner of the data. Clearly the focus on maintaining the existing environment and managing costs was prioritized over that single responsibility.

The US government’s own office of personal management (OPM) was hacked when an employee clicked on a phishing email and gave up his or her credentials. Ed Snowden succeeded by finding a hole in the credential and compliance processes of the contractor he worked for and the world knows the results of his actions. These are examples of processes and training that was lacking or missing, something that does not need a technical solution to remediate.

As I pointed out at the outset, cybersecurity is a discipline that incorporates every control aspect of a company’s environment. Non technical processes are the responsibility of every employee of the firm and if there is a lack of awareness of information security no technical solutions will help. Assuming that every company reinforces this awareness a focused assessment of the technical issues will yield a risk profile that can be managed.

A careful look at the complexity of the technical architecture of an environment will quickly show whether a companies risk profile is consistent with the business mission and goals. A single breach can have catastrophic consequences for your business and costs far more than investing in a robust cyber security review and re-architecture.

Thanks for reading

Best regards: Norman King

If you enjoyed this article, please hit the like button; leave a comment or share with your network. Also, please check out my other LinkedIn posts here, also on Medium here. email: normanking@brook-port.com. Available for consulting, advisory and speaking engagements

CyberSecurity — Complexity Risk was originally published in HackerNoon.com on Medium, where people are continuing the conversation by highlighting and responding to this story.

Business leaders in financial services finally recognize that how they use technology and their data is a critical to their business’s success.

Financial services have struggled to adopt transformation technologies for a number of reasons. Speaking with CTO’s or CIO’s the prevailing discussion focuses on a couple of key themes, ‘how do I continue to reduce cost ?’ and ‘how do I innovate ?’. These are competing agendas and in many cases the balancing act of doing both does not work. The end result is that true transformational business capabilities are rarely achieved. There is always a right way and a wrong way of using tools and many companies race headlong into the use of new technologies lacking a true vision of how the end state will accelerate business growth. The following is an ouline of two technologies that have transformational implications that are yet to be fully harnessed by financial services firms.

Cloud

Migrating your compute environment to the cloud at first glance sounds compelling. You pay for what you use and get a superior service at lower costs due to shared economies of scale. In addition, you take advantage of an ecosystem of tools and services designed to accelerate development. The reality is that legacy systems have a huge drag on project execution since the discipline of full application management and deployment in the cloud is very different than on stand alone servers. In many cases in order to get the full benefit of a cloud environment you need to rearchitect your systems and operations processes.

A former colleague was tasked to present their “moon shot” of creating a full elastic compute environment for a major bank. His proposal — ‘You get to migrate all your applications to the cloud, only use the compute power you need and only pay for what you use. On top of that your development and deployment lifecycle will be almost instantaneous since “automation” will be fully available’. The senior leadership of the bank loved the idea of solving all those pesky operational and cost issues in one go and funded the lift and shift program. Two years later all involved have either been fired or moved to other jobs and the overall ‘cloud’ project is stranded with minimal funding and a lot of finger pointing. The failure to build parallel devops capabilities together with micro services architecture for new applications created an environment which became overly complex and expensive.

Being compelled to move to a cloud environment is often driven by a ‘me too’ approach. When a company is convinced it’s competition is doing something different they often follow suit. As in the case sited above simply lifting and shifting your environment to the cloud does not solve the underlying issues you have with application development and deployment. It simply pushes your transformational goals further out since most of your team are focused on the the migration and not on new architecture.

Many companies fail to recognize that simply moving to the cloud does not accelerate the software development lifecycle unless a comprehensive devops program and architectural changes are adopted in parallel. Not many companies can do both at the same time since the majority of their resources are focused on managing the existing environment.

Lessons learned from dramatic failures should give pause to the idea that simply lifting and shifting to an elastic compute environment is cheaper and easier. Technology transformation can only be achieved with a comprehensive architecture and technology roadmap.

RPI / RPA

RPI or RPA is the hot new term for process automation which in effect applies the artificial intelligence or machine learning tools used to extract insights from vast amounts of data. Ubiquitous data and mobile solutions are driving company’s to apply automation and machine learning to augument their products and services.

Driving customers online has had huge benefits for financial services institutions in the form of cost savings and effeciencies. The dilema that arises is that those customers are at arms length and creating a personal relationship with them is more difficult. The use of intelligent agents, ‘robo advisors’ has been tested in some markets with variable success. The direction banks are going is to use artificial intelligence with the data available to customize the products and services offered to customers.

Banks have been unable to use the Amazon, Facebook or Google data approaches to their customer interaction. Legacy banking systems are a tether that are holding back innovation at these firms. SOA architecture has enabled firms like Amazon to be flexible and nimble. FinTechs have momentum in building a base of customers, especially among young adults. Many of these new entrants come from the innovation centers that created Amazon, Google and Facebook.

We now use the term ‘google it’ to describe how we look up information on the web. We have come to trust Amazon to get us our goods within the exact time declared at checkout. We have begun to ‘trust’ these companies services because they have proven to us they are reliable, add value and are convenient.

As I have stated in my previous post the issue of trust has kept fintech companies from eroding bank’s hold on customer relationships. As companies show their capabilities and as customers begin to trust these relationships more we will see rapid change. Products such as Venmo, Apple pay, Google Wallet will make inroads into the traditional relationships banks enjoy today. Once these relationships transition then the investment management, lending and other relationships will follow.

The future banking arms race is not so much about the technology, it already exists, but with the trust embedded within the relationship built when organisations, over time, prove their ability to deliver value and convenience to their customers. Nutmeg, Acorn, lending club are but a few firms that aspire to own that trust and they have the advantage of being nimble in a business that is evolving at an increasing pace. The question remains: Who will be the winners and loosers in this race ?

Finally:

A look at some of the findings of PWC’s Global survey of financial services shows that CEO’s are becoming more dependent on data, analytics and technology that delivers value to a more demanding customer base. Unless Banks invest more in technology and innovation they will loose business to FinTech companies that are not constrained by legacy systems and approaches.

Technology transformation is a term often used to describe a companies strategy to become more competitive and reduce their dependency on legacy systems. Unfortunately in many cases the true value of transformation get’s lost in the focus to reduce cost and increase efficiencies. While not diminishing the value of renovating companies systems, that should be an ongoing process, true transformation focuses on how the business will change to gain market share, increase revenue or even capture new markets by using technology as the tool to execute the business strategy.

Thanks for reading

Best regards: Norman King

If you enjoyed this article, please hit the like button; leave a comment or share with your network. Also, please check out my other Linkedin posts here, also on Medium here. email: normanking@brook-port.com. Available for consulting, advisory and speaking engagements

Transformation is not a ‘me too’ strategy was originally published in HackerNoon.com on Medium, where people are continuing the conversation by highlighting and responding to this story.

We have become dependent on ‘smart’ technology and we didn’t even notice. Suddenly everybody is talking about automation, artificial intelligence and machine learning as if it is something new. When you look at your car, phone, TV or even your kitchen appliances you realise that this technology has been creeping up on us for quite some time. Now imagine if suddenly all of these new systems did not work, we can then begin to understand how this technology has changed our world.

Engineers have built very clever algorithms for many of the common technologies we use on a day to day basis. Some of these algorithms build up a body of data about how we interact with them in order to shape that interaction. Every time we use Google, Facebook, Amazon or a myriad of web services, we are interacting with machine learning and artificial intelligence. As I said before our cars, phones, thermostats, refrigerators and even the software we use at work like Microsoft PowerPoint, Excel and Word all contain ‘intelligent’ algorithms.

Hollywood has imprinted the ‘rise of the machines’ scenario on our psyche, which probably explains some of the negative press this emerging technology receives. Some marketers have even taken advantage of the ‘artificial intelligence’ component of this mythology to promote new products and services like IBM’s Watson. For simplicity sake I’ll combine all the technologies involved, machine learning, deep learning, speech recognition, natural language processing and robotic process automation into the common description as ‘artificial intelligent’ systems.

Does Watson think ?

The advancement in computation power and the ability to correlate data in real-time produces accurate results that previously took hours or even days. The simple truth is that software engineers have become very adept at mimicking intelligence by creating algorithms that are capable of rapid correlation and analysis to produce what looks like intelligence to us humans. Watson is a good example of how this new class of algorithms can do the massive analysis necessary to produce results not previously achievable. Pattern analysis, correlation analysis and predictive analysis are areas where Watson excels. It does not have the ability to reason and hence does not ‘think’ in the human sense. This makes it an ‘expert system’ or a ‘narrow intelligence’ system.

When will machines actually think?

‘Strong artificial intelligence’ or a ‘conscious machine’ is still something scientists are working on and there are mixed views as to when it will be achieved. The consensus is that this is still decades in the future, an optimistic estimate puts it at 2040 and a more conservative view is 2075.

A lot of people are reacting to hype and not the science of the technology right now. The impending ‘robot apocalypse’ is a common description of how industries will eliminate millions of jobs and how we will need to institute a universal basic income to help those displaced workers.

The robots are coming..the robots are coming…..

Are we being a bit pessimistic about this new technology ? If we accept that a conscious artificial intelligent system is decades in the future then what are we really afraid of ?

When an emerging technology threatens systems, either economic or social, critics emerge with opinions that dismiss the new technology.

“The Americans have need of the telephone, but we do not. We have plenty of messenger boys.” — Sir William Preece, chief engineer of the British Post Office, 1876

I would imagine that some of those ‘messenger boys’ eventually made their way into the telecommunications industry that exploded across the globe.

“The horse is here to stay but the automobile is only a novelty — a fad.” — The president of the Michigan Savings Bank advising Henry Ford’s lawyer, Horace Rackham, not to invest in the Ford Motor Co., 1903

The ‘fad’ transformed the world economy.

“Television won’t be able to hold on to any market it captures after the first six months. People will soon get tired of staring at a plywood box every night.” — Darryl Zanuck, executive at 20th Century Fox, 1946

Television’s impact on popular culture, education, business and economics is akin to the internet today.

The growth of the Internet will slow drastically, as the flaw in “Metcalfe’s law” — which states that the number of potential connections in a network is proportional to the square of the number of participants — becomes apparent: most people have nothing to say to each other! By 2005 or so, it will become clear that the Internet’s impact on the economy has been no greater than the fax machine’s. — Paul Krugman Nobel Prize Winner and Op-Ed Columnist for the New York Times

Obviously Mr. Krugman was applying the rules to a technology he did not fully understand at the time.

Each one of these innovations displaced many jobs in the short term but added far more over time. The detractors have faded into the past as footnotes in history and as examples of predictions gone wrong. But an interesting characteristic of human nature is that negative, ‘the sky is falling’, opinions are the ones that get most attention. I think that most people are really afraid of change and negative opinions about the future reinforce that fear.

We live in our ‘opinion bubbles’ and seek out information that validates those opinions. We form these opinions by anticipating that the jouney into the unknown will end in disaster. The brave few that charge into the unknown with the anticipation of discovery use fear as the fuel that keeps their imaginations burning with the possible rather than the probable.

What does the near future look like ?

The rapid development of artificial intelligent systems yields great benefits. This new technology is exponentially more powerful than what human are capable of. Here are five examples to illustrate some of these benefits.

1. Environmental impact analysis: Using the new approaches to data analysis we can monitor and model the environment. Using information from all over the globe these new approaches will show us how we impact our air, soil and water in real time.
2. Autonomous Cars: What we get with safer automotive transportation is fewer accidents, our insurance costs are lowered or eliminated and we get to know exactly when we will arrive at our destination
3. Accurate health care diagnosis: Artificial Intelligent systems (like Watson today) will scan vast amounts of data to help doctors diagnose illness. Having an accurate algorithm to assist with medical diagnosis will not only help patients but also help doctors be more effective with their day to day activity.
4. Safer rail, airlines: Rail systems are notoriously outdated as are many airline systems. Once we have upgraded these systems to allow machine learning and artificial intelligent systems to manage and control traffic flows both rail and air travel will be more efficient and safer.
5. Banking and Financial services: Any data that has a pattern, is rules based can become the raw material for analytic algorithms. Investment banks are racing to invest in specialized systems that help with decision making. Kensho is a good example of software that was created to help investment professionals with their trading decisions. It is only a matter of time until these specialized systems become mainstream and retail investors will benefit.

A brave new world

The rapid adoption of world changing technologies is dramatic when you compare what we have today with what we had twenty years ago. We have amazing communication devices, incredible choices in entertainment, long distance phone calls are a thing of the past, now we simply “Facetime” or “Skype”. Our gaming platforms have so much ‘smart’ technology that the lines between human and computer are blurring. We now talk to our cars, smart phones and even our homes to get information and execute tasks, activities that were only found in the pages of science fiction in the recent past.

So.. why so pessimistic ? Do we underestimate how resilient humanity is ? Do we always adapt to changes in our environment ?

If we assume that we maintain existing forms of learning and ignore the digital language of the future then maybe ‘the robot apocolypse’ is a possibility. But we always adapt to the changing circumstance of our environment by changing how we learn, someting we have done for hundreds of years. We will incorporate digital literacy as a basic foundational principle of learning and future generations will be more conversant than the previous one.

We cannot change the past, but we can reshape the future. Young people have the opportunity to create a happier, better future. — Dalai Lama

There is little doubt that disruption will occur in many sectors of the economy. If history is any indication of how the future will unfold we have seen that innovation always creates whole new categories of businesses and services and consequently more jobs.

Thanks for reading

Best regards: Norman King

If you enjoyed this article, please hit the like button; leave a comment or share with your network. Also, please check out my other Linkedin posts here, also on Medium here. email: normanking@brook-port.com

Hacker Noon is how hackers start their afternoons. We’re a part of the @AMI family. We are now accepting submissions and happy to discuss advertising & sponsorship opportunities.

If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!

Is the Robot Apocalypse really coming ? was originally published in HackerNoon.com on Medium, where people are continuing the conversation by highlighting and responding to this story.

The telephone was a great invention and it took more than one user to make it useful. So it is with Blockchain technology. It is really only useful when multiple parties participate.

A lot of discussion at conferences revolve around ‘use cases’ and ‘what if’ scenarios with technologists, consultants and business people. The argument still rages that Blockchain is still very much a technology looking for a business problem to solve. In financial services executives are excited with the prospect but few are willing to commit significant resources, cash and time to making solutions a reality. Some firms have assigned limited resources to work on ‘proof of concept’ projects so that they can be the first to market with solutions or at a minimum not miss an opportunity when the technology matures. In financial services most firms have participated in these ‘proof of concept’ projects but few have moved beyond that level of participation. Who is going to actually commit part of their business to a Blockchain solution first ? Everybody is waiting for that brave pioneer to jump in so that they can take advantage of lessons learned from the first movers in Blockchain.

At this point in time there are few solutions that are using blockchain in the real world, other than bitcoin, that users can point at to illustrate the value associated with a distributed ledger. The reality within financial services is that the true value of blockchain is in the cryptographically secured records together with smart contracts but there are so many hurdles to overcome and barriers to entry that it is difficult to get a blockchain solution off the ground.

Swaps and derivatives is a great use case for blockchain, being able to automate most of the post trade functionality within smart contracts and share directly with counter parties assets, prices and contracts together with payments is compelling for financial services firms. The dilemma arises when you consider that most tier 1 banks have spent hundreds of millions of dollars integrating their systems from front, middle and back office including risk and control systems. A simple replacement of the post trade swaps and derivatives functionality has to be more compelling than simply saving money on post trade processing. Assuming that banks decided to run a Blockchain solution between themselves and each bank becomes a de facto node on the Blockchain the further dilemma of regulation and governance emerges. Who runs the Blockchain/solution ? Is it a consortium ? Is it now considered market infrastructure ? How do you govern the standards and regulatory reporting ?

The recent R3 ‘corda’ release is a good indicator of how firms are evolving their thinking in that people are realizing that an ‘immutable’ blockchain may not work for financial services solutions because in most cases the ability to edit, cancel/correct is very important with transaction processing. Accenture has also focuses on the same issue, which has raised the question regarding the underlying value of blockchains immutability, and that if the blockchain can be ‘edited’ then is it truly blockchain technology or simply a distributed database with some very good crypto technology to ensure the records are secured. Regardless of the semantics a distributed cryptographically secure database has a lot of value for global trade once standards have been adopted for how the technology is managed, interoperated and regulated.

As Gartner’s hype cycle predicts we are at the the ‘peak of inflated expectations’ and are entering the ‘trough of disillusionment’ phase of the blockchain cycle and it will take a few real world successes to eventually move to broader adoption. I also believe that most of the financial services solutions that have been heralded as game changing are still in the planning and development stages and will eventually make it into real world usage but not as soon as pundits have predicted. As I pointed out from the outset the telephone was a wonderful invention but when more that one person started using it, it quickly became critical infrastructure and heavily regulated and from the beginning standards were adopted. I think 2017 will see new solutions for financial services being introduced, albeit slowly. This is an exciting changing landscape and warrants very close attention as the year progresses.

Thanks for reading

Best regards: Norman King

If you enjoyed this article, please hit the like button; leave a comment or share with your network. Also, please check out my other Linkedin posts here, also on Medium here. email: normanking@brook-port.com. Available for consulting, advisory and speaking engagements

Hacker Noon is how hackers start their afternoons. We’re a part of the @AMI family. We are now accepting submissions and happy to discuss advertising & sponsorship opportunities.

If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!

Where are we in the Hype Cycle with Blockchain ? was originally published in HackerNoon.com on Medium, where people are continuing the conversation by highlighting and responding to this story.

What if we could do transactions on the Internet and know that hackers can never get our personal information?

What if we could do business with each other and not need a bank?

What if we could buy a house and eliminate the fees and paperwork with a single transaction?

These are some of the scenarios being promised by Blockchain technology. There has been a lot of talk about Blockchain and most of the discussion has hailed the technology as the most revolutionary since the invention of the Internet. It is an exciting technology that has very specific use cases in multiple industries. But not everybody will use the public Blockchain, for example, banks are planning to use private replicas of the technology, R3 (R3 press release), rather than the original Blockchain that underpins Bitcoin.

A quick overview of BlockChain

Most people have heard of Bitcoin and understand it is a ‘digital currency’ that has gained in popularity in the last few years. There is an ongoing debate as to the long-term viability of Bitcoin, according to a recent post by one of it’s core developers (Mike Hern, The resolution of the Bitcoin experiment), however what is not in dispute is that the technology that makes Bitcoin possible is Blockchain.

Almost all transactions today are recorded in some kind of ledger or database, usually within the systems of the company we are doing business with. The Bitcoin Blockchain uses a new distributed bookkeeping system, where every node in the network maintains its own identical copy of the ledger. The ledger is completely transparent and all transactions are recorded and confirmed anonymously. It’s a record of events that is shared between many parties and once information is entered, it cannot be altered. The anonymity and security of these transactions is achieved through encryption.

Effectively the distributed ledger is a network of encrypted ledgers that are synchronized to make sure there is always only one version of the truth.

Is it all about trust?

The internet has transformed the entertainment, transportation, and communications industries to name a few. Most of this transformation has been driven by the introduction of technology that eliminates legacy business processes that can now be done cheaper and more efficiently online. Today we have to trust that the entities we deal with are telling us the truth about our transactions with them and that our data on their systems is secure, whether it’s your banking, online purchases or even your health records.

Companies like Facebook, EBay, Amazon, Apple and Uber make money because, at the core of their business model, they keep all our information stored in centralized private data pools and intermediate every transaction.

A major issue with the digital economy is trust. We have seen companies struggle with cyber intrusions and subsequently our trust in their ability to keep our information safe has diminished. It is these very businesses that depend on centralized private data collection, that are vulnerable to disruption when Blockchain powered alternatives emerge.

With the Blockchain in place to act as a trusted authority, we can circulate currency securely on our own and transact directly with counterparts without an intermediary storing our data and charging fees for processing. Decentralized protocols (Blockchain) with crypto currency (Bitcoin) will change how we execute these transactions and will have a transformative effect on many industries. They will do this by creating common, decentralized data sets to which any one can plug into enabling the peer-to-peer transactions.

Use Case: Capital Markets Clearing and Settlement

There are many impediments to industry wide implementation of Blockchain that will have to be overcome, most of which is not technology but business and regulatory related. In the case of T+0 settlement for example, the Boston Consulting Group (BCG) 2012 report Cost Benefit Analysis of Shortening the Settlement Cycle, is a good case study of how complex the financial system is. A combination of regulation, industry resistance, legacy system integration and lack of compelling return on investment has stalled an effort that everybody intuitively believes is the right thing to do. It also highlights the simple fact that sometimes even though the technology is available, to solve industry problems, it takes time to move the industry to adopt it. (Shortening the settlement cycle the move to T+2).

Blockchain usage in financial services will be complex, a mixture of public, private and consortium Blockchain technologies as discussed in Vitalik Butyrin’s article: On Public and Private Blockchains. The key to which one is most suitable depends on what attributes are most important to the business driving the solution. As Vitalik points out in his article “A fully private blockchain is a blockchain where write permissions are kept centralized to one organization. Read permissions may be public or restricted to an arbitrary extent. Likely applications include database management, auditing, etc internal to a single company, and so public readability may not be necessary in many cases at all, though in other cases public auditability is desired.”

A case in point is the recent announcement by the Australian Stock exchange to implement a new clearing and settlement system for equities which will use the startup Digital Asset Holdings blockchain system..

I believe that block chain will be impactful in the financial services industry in the long term and the impact will be very focused and driven by specific business needs.

Christopher Giancarlo (Commissioner of the Commodity Futures Trading Commission) gave a lecture at the Harvard business school in December 2015 where he outlined a number of areas that will transform financial services in the future. He spoke specifically about Blockchain

“Distributed open ledgers have the potential to revolutionize modern financial ecosystems. Unlike current settlement processes, distributed ledgers use open, decentralized, consensus-based authentication protocols. They allow people “who have no particular confidence in each other [to] collaborate without having to go through a neutral central authority.” Distributed ledgers will have enormous implications for financial markets in payments, banking, securities settlement, title recording, cyber security and the process of collateral management that is made infinitely more complex by new regulations. Open ledgers may make possible new “smart” securities and derivatives that can value themselves in real time, automatically calculate and perform margin payments and even terminate themselves in the event of a counterparty default.”

Adoption of blockchain will take a very specific set of circumstances to allow markets, participants and countries to migrate their data standards, processes and systems to the new technology. In the case of the Australian exchange they have a captive market, since they are effectively a monopoly that can dictate the data standards, technology and schedules. That’s why blockchains have the greatest chance of success in areas where the world has not already agreed to a central counterparty for clearing and settlement.

Finally I think that Blockchain will evolve to meet the specific business and regulatory challenges and the transformation will eventually change how banking is done globally. I will address specific solutions that are being proposed in the banking industry in a follow up post.

Thanks for reading

Best regards: Norman King

If you enjoyed this article, please hit the like button; leave a comment or share with your network. Also, please check out my other posts here. Available for consulting, advisory and speaking engagements. email: normanking@brook-port.com

Reference:

PwC’s 3 Predictions for Blockchain Tech in 2016 — CoinDesk
https://bitcoin.org/bitcoin.pdf
open-assets-protocol/specification.mediawiki at master · OpenAssets/open-assets-protocol · GitHub
NASDAQ is using Open Assets — Coinprism Blog
Coinprism Blog — Bring the color to your Bitcoin wallet
Openchain — Blockchain technology for the enterprise
The W3C’s Mission to Standardize Web Payments | Ripple
‎www.oliverwyman.com/content/dam/oliver-wyman/global/en/2016/feb/BlockChain-In-Capital-Markets.pdf
Euroclear: You Don’t Need a Blockchain to Fix Securities Settlement | Ripple
Startup Management » The Ultimate List of Bitcoin and Blockchain White Papers
Joel Monegro — The Blockchain Application Stack
‎www.blockstream.com/sidechains.pdf
Block Chain 2.0: The Renaissance of Money | WIRED
‎www.ust2.com/pdfs/ssc.pdf
T+2 Settlement

Images are from Pixabay.com,

Blockchain’s evolution in Banking was originally published in HackerNoon.com on Medium, where people are continuing the conversation by highlighting and responding to this story.

New entrants into the banking industry have given bank CEO’s pause and have put their CIO’s under pressure to come up with relevant digital strategies to defend their business from customer leakage to new products and services offered by emerging ‘FinTech’ companies.

Who are these FinTech companies?

Most FinTech companies fall into the following categories

• Lending
• Personal finance management
• Payments technology
• Bitcoin

Companies such as Lending Club, Prosper, SoFi, Zopa, Square,Stripe, Betterment, Wealthfront, Personal Capital, eToro, Faircent are good examples those that have taken advantage of areas of weakness in banks digital strategy.

Although the threat of losing customers is real in the long term, in the short term the consumer is keeping their core relationship with their bank and using the services of the FinTech new entrant for value added products and services.

Why are the large retail banks keeping their core banking systems and why are new FinTech companies not replacing them?

The answer is complex and revolves around cost, regulation and reputation. The challenge of updating legacy core banking systems is onerous and, in some cases, can introduce systematic risk if not well managed. Banks have resisted upgrading their core banking systems for many years even as industry pundits have been heralding the upcoming upgrades.

• Cost: It is very expensive to create a new core deposit account system with all of the associated features. Replacing a core banking system from scratch will cost in excess of $100mil for standard functionality.
• Regulation: Since core banking is the lifeblood of the retail economy government has created decades of regulations overseeing every aspect of activities that flow through the core banking systems. These legacy systems have these complex regulatory solutions built in.
• Reputation: Although banks are not popular, people still hold animus for the financial crisis, most people still trust that the existing banks will process their transactions and are very cautious about moving their relationship to untested new entrants.

Will Banks Digital Strategy move quickly enough ?

A look at some of the findings of PWC’s Global survey of financial services shows that CEO’s are becoming more dependent on data, analytics and technology that delivers value to a more demanding customer base. Unless Banks invest more in technology and innovation they will loose business to FinTech companies that are not constrained by legacy systems and approaches.

The future of banking is still being debated and although many have theorized that traditional banking will eventually be eliminated by new FinTech solutions is not yet clear that will be the case. In the mean time banks are automating more of their manual processes using workflow management tools and new technologies to speed up decision and approval of loans.

Banks have had to change their thinking such as using social media and mobile to acquire new customers and defend against new entrants like Apple Pay. They are also looking at every competitive new entrant with a view to either integrate or partner with them.

FinTechs have momentum in building a base of customers, especially among young adults but traditional banks can compete effectively if they’re willing to put the customer’s priorities at the center of their technology strategy. Some banks are removing errors and manual processes from their branches and call centers and driving their customers to more meaningful self-service channels. But they still need to evaluate ‘what do my customers want online’ vs ‘what am I offering my customers online’ to out compete their FinTech challengers. The real test of how well banks compete with FinTechs is how they can service their existing customers with innovation and new product offerings.

The worst-case scenario is that banks will become relegated to being ‘processors’ or the ‘back end systems’ for these new FinTech companies.

Evolution or Revolution?

Banks have no choice but to move quickly to focus their technology budgets on the most effective customer engagement technologies. Customers’ rising expectations for anytime, anywhere banking is setting up a competition between FinTech and traditional banks for consumer relationships. These relationships will be true cross product and deeper than existing banking relationships when technology converges.

US Banks have been slowly embracing digital solutions with European Banks leading more innovation and Asia coming in a distant third. There are a number of reasons each market is moving at different speeds, legacy system complexity, management intransigence, cost and regulation being leading influencing factors. Culture is also playing a large role in the adoption of new technologies in each market and this will also play out as new services become more commonplace like the M-pesa system in Africa.

Revolution occurs in any system, either financial or political, when the environment it depends on for survival changes at a faster rate than it can evolve.

In the end I don’t think there will be a ‘revolution’ in banking because the combination of regulation and cost will give Banks the time they need to ‘evolve’ through innovation and absorb the new technologies they need by buying targeted FinTech players to service their ever changing customer needs.

Thanks for reading

Best regards: Norman King

If you enjoyed this article, please hit the like button; leave a comment or share with your network. Also, please check out my other LinkedIn posts here, also on Medium here. Available for consulting, advisory and speaking engagements. email: normanking@brook-port.com

Reference: Images are from Pixabay.com,

Hacker Noon is how hackers start their afternoons. We’re a part of the @AMI family. We are now accepting submissions and happy to discuss advertising & sponsorship opportunities.

If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!

Banking technology, Revolution or Evolution? was originally published in HackerNoon.com on Medium, where people are continuing the conversation by highlighting and responding to this story.

The 4 Key Steps in Cloud Migrations

Most companies have to look at cloud computing as part of their digital strategy. Financial services companies are eager to take advantage of the economies of scale, flexibility, speed to market and other benefits. Because of the hype and oversimplification, of what can be a complex process, many cloud migrations fail. There are many variables to consider when CIO’s or CTO’s include cloud computing into their technology strategy. These four key steps are critical to successful migrations.

#1 — Why am I doing this ?

You have to have a compelling business case to migrate to the cloud. Cost savings, speed of deployment,scalable systems and global access are some factors to consider when deciding to migrate, however it is critical to understand the technical complexities also. This is often somewhat of a chicken before the egg scenario. Unless you do an assessment of all your applications, to determine their suitability to move to cloud, it is difficult to build a business case. I would recommend a current state assessment with a cloud suitability check as the basis of your business case. Often a lack of understanding of the technical characteristics of your applications and poor planning results in migration failures and unforeseen costs.

#2 — What will I move ?

A thorough analysis of current state v’s target state will yield a list of requirements that will help determine what applications can/should be migrated. The regulatory requirements in financial services and the complexity of the applications has impacted the rate of adoption of cloud services. Most financial services firms embark on a hybrid strategy so that they can get the benefits from a public cloud together with the security of a private cloud. There are some fundamental steps to take when evaluating what applications are cloud ready candidates. Some applications can be a simple lift and shift, others need to be re-architected. A readiness assessment is critical in order to understand workload, capacity, resource and availability requirements. Partially or poorly migrated applications will result in higher cost, poor service and loss of business. Also make sure that when you are ready to make the decision to migrate that the services currently provided will be equal if not better on the cloud. Understanding your candidate portfolio thoroughly before you make any technical decisions will go a long way to help you execute a successful migration.

#3 — What about Security ?

The biggest hurdle for financial services firms is Security. Although there has been progress in this space there is no silver bullet here. Since financial services firms are beginning to adopt cloud services and the biggest concern is data security, firms need a cloud data security strategy that combines data encryption with transparency, access and auditing controls to name a few.

The bottom line is that, unless you find a provider that is willing to modify their service offering, it will be difficult to find off the shelf solutions that fit financial services specialized needs. Regulations require that you have more visibility, quicker access to logs and better protection for you data than what standard offerings provide. The good news is that companies like Microsoft’s Azure, Amazon’s AWS, Rackspace and others offer some cloud services to financial institutions for application development, testing, disaster recovery, failover, and data storage. In the risk management area, Amazon Web Services (AWS) is also being used by some large banks to run portfolio credit risk simulations in as little as 20 minutes. Most of the cloud providers will “customize” their services for a bank’s needs and I would recommend a pilot project approach to work out the technical complexities and cost implications prior to a contractual agreement.

#4 — Where will I move to ?

Once you have the cloud migration candidate portfolio you will have to decide what your target cloud service will be. Understanding what each service provides in combination with what you already have in-house will determine what best suits your needs. The choices are broken down into 3 main categories.

• Infrastructure as a service (Iaas)
• Platform as a service (Paas)
• Software as a service (Saas).

As mentioned previously Amazon’s AWS, Microsoft Azure are the leading providers with Rackspace, Google and IBM offering alternatives. It is important to note that Rackspace also offers “OpenStack” cloud services v’s others who have built their own management software. There is still an ongoing debate in the cloud industry as to the scalability of OpenStack and how truly open it is when configured for large environments.

Finally, the cloud is only part of your technology infrastructure landscape, don’t make the mistake of thinking that the cloud is the only destination for all applications or you will put your company at risk of cloud vendor “lock in” that is difficult to exit. A diverse and comprehensive strategy that includes multiple vendors ensures that you remain in control of the most important aspects of your technology portfolio and enables you to focus on the successful delivery of solutions for your business.

Thanks for reading,

Best regards: Norman King

If you enjoyed this article, please hit the like button, leave a comment or share with your network. Also, please check out my other LinkedIn post, Available for consulting, advisory and speaking engagements. Email: normanking@brook-port.com

Reference:

Software as a Service(SaaS): SaaS removes the need to manage both the application and the infrastructure on which the application is deployed. This option can be a data migration exercise only.

Platform as a service(PaaS): The service provider manages the application platform software and might provide access to common application services such as SQL databases.

Infrastructure as a Service(IaaS): Migration of an application to an IaaS involves deploying the application on the cloud service provider’s servers.

Build v’s Buy: http://www.thecloudcalculator.com/calculators/cloud-build-vs-buy.html

Regulations: http://www.csoonline.com/article/2126072/compliance/the-security-laws--regulations-and-guidelines-directory.html

Originally published at www.linkedin.com.

4 key steps to include in your Cloud Migration was originally published in HackerNoon.com on Medium, where people are continuing the conversation by highlighting and responding to this story.

As a CIO/CTO part of my job is to make sure that when “Audit” comes around that we have the documentation and technology available to show we have all the IT controls in place to protect our company against nefarious activity. This exercise is flawed because the people, processes and technology used are all vulnerable to exploits. New approaches and new thinking needs to be rapidly deployed to mitigate the risks and time is not on our side.

Companies are either not aware of the risks or are simply unprepared to respond to online threats.

If you look at the ongoing threats that are plaguing companies from banking to hospitality it is evident that the bad guys are constantly probing and finding new ways to infiltrate the “secure” networks of their targets. The examples are numerous, JP-MorganChase, Hilton, Amazon, eBay, Target all have had problem within the last six /nine months. Some of their remediation activities are immediate while others take some time to fix. The bottom line is that the evolving landscape of cyber intrusion is being dealt with in very different ways and companies are struggling to lock down their environment to ensure ongoing security. The damage done to the brand of these companies in terms of lost business is larger than the fraud perpetrated by the bad guys.

What people understand about the threat and how to mitigate that threat is often not a technology issue but a training and awareness issue.
I have worked in the financial services industry my whole career and have seen first hand how “security” has been viewed as something the “IT” guy takes care of. Unfortunately that thinking is what gets large companies into trouble and as we have seen from the recent attacks on Japanese banks that lack of education is resulting in significant losses for targeted companies.

Regulators are going to make sure that companies get their act together. It is only a matter of time before “CyberSecurity Audit” will become the defacto standard for public traded companies. The good news is that most of the raw material for these “audit’s” are readily available, the bad news is that most companies do a poor job of organizing that data. There is also a lack of connectivity between programs already in place to meet regulatory requirements such as Sarbanes Oxley, Dodd Frank etc.

I believe in 2016 we will see more frequent intrusions in both the
private and public sector.

We will also see emerging technologies such as BlockChain being used in innovative ways to create more secure transaction based networks. Companies will have to invest in both their “Cyber Awareness” as well as new technology to fend off the bad guys. The bottom line is that when “Common Sense” is applied to the environment most companies can and will manage their risks.

Thanks for reading, best regards: Norman.

If you enjoyed this article leave a comment or share with your network.

Norman King has 20+ years of experience,focused on technology driven solutions for global financial services organizations. Has been responsible complex multi-disciplined project design and delivery.

Available for consulting, advisory and speaking engagements.

email: normanking@brook-port.com

Reference:

Images are from Pixabay.com,

video from YouTube http://www.securingthehuman.org

CyberSecurity & Common Sense was originally published in HackerNoon.com on Medium, where people are continuing the conversation by highlighting and responding to this story.