?

Webinar: Balancing the IT Compliance and Innovation Agendas in Financial Services

48:24
40
Plays

Experts from WWT and Dell Technologies discuss what innovation and compliance looks like for today's financial services firms.

Driven by fresh competition and higher customer expectations, we understand that it’s more important than ever for organisations to invest in new technologies to stay relevant. The industry is now entering a new decade in which the public cloud is starting to become the new dominant infrastructure, banks are integrating artificial intelligence as part of some of their biggest technology overhauls to date, and end-to-end digital services are becoming the default customer expectation.

But with innovation comes regulation, as industry players must balance the speed and agility of these new technologies with regulatory compliance. Alongside this, firms still need to keep their existing technology estates current and compliant. The maintenance of these existing platforms’ operations and security will always be an ongoing, fluid requirement. This is why striking a balance between innovation and regulatory compliance is a continuous challenge for financial services organisations.

And now, amid a turbulent economic climate no-one could have predicted four or five months ago, remote working is suddenly the new global norm. This, paired with the need to rapidly digitise services, has meant innovative, automated solutions are right at the top of companies’ priority lists.

In this 45-minute on-demand webinar, WWT’s Dave Locke and Dell Technologies’ Arash Ghazanfari discuss the following:

  • Key challenges of innovation in financial services.
  • What getting the right balance between innovation and compliance looks like.
  • The role of Fintechs in improving financial services.
  • Key risk considerations and mitigation techniques.
  • Real-world examples of the technologies and services that are assisting organisations in achieving this balance.

 

Read the transcript below.

Ruby Hinchliffe:

Good afternoon, and welcome to today's FinTech Futures webinar, balancing the IT compliance and innovation agendas in financial services, brought to you by DELL Technologies and World Wide Technology. I'm Ruby Hinchliffe, journalist at FinTech Futures, and your moderator for today. To begin, let me explain how you can participate in today's presentation. First of all, if you have any technical difficulties during today's session, simply hit F5 to refresh your webinar console. If you need assistance solving common issues, please click on the yellow help icon below the slides. We're welcoming your questions during today's event. We'll answer as many questions as possible during the Q&A session at the end, which will follow the main presentation, but please feel free to send your questions in at any time. To do so, simply type your questions into the question window on the side of your screen, and hit the submit button. And if we don't get to today, we'll follow up with after the webinar. Also, please do be aware that today's session is being recorded, and you'll be notified via email when they archive is available.

Ruby Hinchliffe:

Now, let's meet our speakers today. Firstly, we've got Arash Ghazanfari, Chief Technology Officer for the UK, at DELL Technologies. Passionate about transforming great businesses in the digital age, Arash supports DELL Technologies overall go to market strategy across the full breadth of the company's ecosystem in the UK. And secondly, we've got Dave Locke, Chief Technology Officer for EMEA, at World Wide Technology. Dave is currently responsible for driving large campaigns and building best practices across worldwide technologies AMEA region, in order to drive growth, improve efficiencies, and deliver outcome oriented solutions to World Wide Technology's customers.

Ruby Hinchliffe:

Arash and Dave, good afternoon.

Dave Locke:

Hi, hello.

Arash Ghazanfari:

Hi, Ruby. Good to be with you.

Ruby Hinchliffe:

Great. Do you guys want to start off by telling us a little bit about your partnership between DELL Technologies and World Wide Technology?

Arash Ghazanfari:

Absolutely, again, thank you for having me, and thanks to everyone for participating in this webinar. Just to give you a little bit of background on the partnership between us at DELL Technologies with World Wide Technology, we have been working together for more than 25 years now designing, testing and delivering best in class, and integrated and pre-validated solutions that can accelerate digital transformation and drive our customers businesses forward, and we're very proud of this partnership. Dave?

Dave Locke:

Yeah, that's right. We're actually very proud to be working with DELL Technologies as their largest partner by revenue globally. And that's really helped us jointly, helped other businesses become leaders within their industries, helping harness the key drivers of transformation and innovation across a whole range of areas, including IT infrastructure, the digital workforce, and then security solutions as well.

Ruby Hinchliffe:

Great, thanks guys for that little bit of context. So today we're going to be discussing balancing compliance and innovation within financial services. As many know, most large banks are saddled with legacy core banking systems that date back decades. These systems are inefficient, costly and difficult to maintain. New technologies such as the cloud and Application Programming Interfaces, APIs have emerged that offer a potential solution.

Ruby Hinchliffe:

So let's kick off our discussion today. What are some of the key challenges for innovation in financial services right now? Dave, I'll come to you first.

Dave Locke:

Yeah, thanks Ruby. It goes back to the point you've just made. It's not the innovation isn't happening or can't happen, it's actually the challenge of the existing environment that we see typically, causing some friction and the ability to do innovation at the pace that the business may want to do that with. And that's coming from a number of areas. One, is that legacy technology environment or technology debt that exists in the environment, something that's probably grown over numerous years through not just organic growth, but also through acquisition and mergers with other organizations. You then have to keep that environment up to date, or we call it like the currency for the technology. And that is sort of unfair feat in terms of actually maintaining, securing, updating, patching, etc, to keep that environment secure, and also up to date with the new features and functions. That environment tends to be wrapped by sort of your more traditional change management processes. So, again, something that will require quite a lengthy process to actually adopt change in that environment. And so the combination of those things really can stifle that innovation agenda.

Dave Locke:

Where the other side of this comes in, and why we titled today's webinar around compliance as well coming into play here, that the compliance agenda really is the major overarching control within a financial a services organization that is causing, meaning that those older environments have to be kept current, they have to be kept up to date, they need to be secure, you have to look after customers data, and therefore, the compliance requirements will always take priority. I think we've probably got people on the call here that are very well aware or even hold roles in that compliance environment. Something like another senior managers regime, where even individuals are now accountable inside the financial services organizations for those IT systems to be kept up to date. Again, this is what we're gonna be talking about today. It's how do we get that balance of maintaining the compliance, but also then helping the business move forward in a competitive way with the innovation requirements.

Ruby Hinchliffe:

Thanks, Dave, for setting the scene there. And what about you Arash? What do you think is some of the biggest challenges financial institutions are facing in innovation right now?

Arash Ghazanfari:

Dave made some great points. Typically from what we see, the enterprise can accumulate technical debt, and it can happen because they tend to typically focus on perfecting how they do things rather than why they exist. That can lead to sweating of assets, by creating environments that are built to last rather than architecting solutions that are built for change. The technical debt itself can manifest itself not just in infrastructure, but it can also extend all the way up to the application layer, and actually contribute to the creation of operational issues. Many of these institutions then rush to adopting cloud technologies without really fully appreciating where providers, regulatory and security responsibilities, and where there's begin. Different cloud providers can have slightly different approaches to the shared responsibility model, and that operational inconsistency can cause some issues when you look across multiple platforms, which is the new reality that we see today. The reality of today is a multi cloud reality, and that can cause some challenges if there is no consistency and a holistic approach to it.

Ruby Hinchliffe:

Thanks Arash. Can you think of an example of where DELL Technologies and World Wide Technology work with a client that's had some of the challenges you mentioned, particularly, in technical debt?

Arash Ghazanfari:

Absolutely. We work together with a fairly large financial institution that had accumulated technical debt over the years, because of the way they had classified their applications. Pretty much over 90% of their applications were classed as critical applications where in reality, they weren't. That happened because there was no chargeback model, there was no accountability around how technology was deployed, and so if pretty much most of your applications require very high levels of resiliency, think active-active, cross site synchronous replication, then over the years, your infrastructure cost and your operating costs can spiral out of control. What happened in this case is that they had to evacuate their existing data center to go to a new environment, which had half the capacity, both from a real estate, and from a power and cooling perspective.

Arash Ghazanfari:

And so we worked with them, we first of all understood appropriate landing zones for existing applications, and we also identified application rationalization opportunities, reducing their cost dramatically. And also moving them towards a service oriented model where they had a consumption fabric, they had automation in place, they managed to reduce the real estate utilization by over 85% at phase one, and the data center palletization was down by 55%. And because of all the transformation that we brought to the way that they operated that environment, we actually prepared them to adopt a consistent approach and actually move some of their applications to their cloud provider of their choice. We see that hybrid model becoming a lot more common in the coming years. And we can discuss the reasons for that as we progress through this conversation, of course.

Ruby Hinchliffe:

Great and that leads us really nicely onto the issue of compliance when tackling this technical debt. And Dave, what does getting the compliance and innovation balance right look like?

Dave Locke:

Yes. I guess we see it sort of two key areas where we can certainly help, and are helping organizations in this particular space. If we think about the main thing about compliance is sort of meeting those controls, it's being able to audit your environment, it's even knowing what you have to start with. And as Arash's describing in the last example, getting the right landing zones, getting the right target architecture in place to actually host those environments, and modernize the current state is one of the key things to meeting your compliance, but also creating a platform on which you can then drive those innovation projects and solutions afterwards.

Dave Locke:

So I think the two things we see and can help with is one, is helping in that initial getting things right with the current state. And a lot of that's, again, going back to my point of currency, and so be able to certify and test your version control as you look to upgrade and update that environment. And that's things that we can do by helping with lab environments to actually take that burden off the organization internally, and actually provide access to that technology and people to help run that certification process to actually maintain that that currency. And then, very tightly aligned to that is our ability to help create consistent architectures, again as Arash was alluding to, where you have a predefined set of equipment, tools and other components that are put together into an architecture that we can then help build and actually deliver and deploy in a kind of an easy button mode.

Dave Locke:

So every time an organization needs to grow or they want to add capacity that defined architecture is already available, approved, certified, and it can be then rolled out and deployed into the data center for use. And again, that comes back to having an organization and external help to augment, and help alongside use of internal resources, so that you're focusing on performing the innovation in the ideas factory, and giving that business as usual activity almost to the partner community and helping with the vendor community to actually underpin those decisions.

Ruby Hinchliffe:

Thanks, Dave. What about you Arash? What do you think are some of the things that financial institutions weigh up when they're looking at this compliance innovation balance?

Arash Ghazanfari:

So innovation, obviously, is critical to securing digital future of any organization. And ultimately, from what we are seeing, broadly speaking, financial services have choices to make, and they're broadly two distinct choices. Either be the liquidity firehouse provider sitting behind a technology company or platform, or alternatively, become the technology company themselves and provide hyper personalized financial services based on a very strong governance around how you manage your data and how you manage your digital assets. Ultimately, if you want to become a technology company, and have that end-to-end control over your market, you need to have end-to-end control over your digital supply chain and your data supply chain.

Arash Ghazanfari:

There are no right answers, however, in 2019, 2020 timeframe so far, especially with what we are seeing, more and more organizations are shifting towards becoming technology companies and accelerating their digital transformation initiatives and securing and building a very strong digital future.

Ruby Hinchliffe:

Thanks Arash. So we've looked at some of the things that financial institutions should be weighing up between compliance and innovation. It'd be interesting now to look at some of the barriers that they may face when trying to tackle this balancing act. Dave, I'll come to you first on this.

Dave Locke:

Thanks. So it's a number of things in terms of what might prevent change. I think some of those things start with understanding what you have and having a single picture or single view of your overall estate. What equipment you have, what you're trying to do with that. But even when you have made those decisions, the choices now in terms of what you could be using in the future... I've asked, there's so many different companies and organizations out there offering new tools, new software, new services. You really then got to go through that process of evaluating, and comparing, contrasting those options, and whether or not where you host it. It could be on premises, it could be out to the cloud, or it could be a combination of the two. And then with all those things in mind, keeping your currency in the existing environment but looking at the future, it's all going to come back to time, resource, budget, and skills that you might have in your existing team. And you're always going to be balancing out the business as usual, or the run the bank type philosophy versus that change the bank agenda.

Dave Locke:

And meanwhile, from a compliance point of view, there is an ever changing landscape. New regulatory controls are coming in all the time, and then you also get external factors which you can't account for, even that the recent example at the moment. You can't plan for necessarily these large scale global impacts. And therefore, it comes back to starting, as Arash said, you need to build these architectures that are built for change in the future, so they can adapt and be more ready for that change to occur.

Ruby Hinchliffe:

Thanks, Dave for that. What about you Arash? We've touched on just the capacity and compliance as some of the barriers. What about some of the other ones, perhaps, that we've touched on earlier that we can expand on here?

Arash Ghazanfari:

Yeah, thanks, Ruby. And just to build on the points that was made earlier, applications and workloads are the lifeblood of any business, and this is the case in financial services as well. The reality is that some applications and workloads, operationally and economically, can scale extremely well in cloud environments. Whilst other workloads might be easy to start in the cloud, easy and perhaps tempting to start in the cloud, but scaling in the cloud might not be economically viable beyond a certain point of adoption. There are also instances where businesses could be facing commercial challenges as they adopt a cloud environment, or they might come across regulatory requirements that would perhaps force them to repatriate some workloads on premises.

Arash Ghazanfari:

So plans can change, and therefore, this can bring its own challenges if a holistic approach towards adopting a multi-cloud strategy isn't taken into account. And, of course, with the partnerships that we have with World Wide Technology, we can actually help our customers make sense of their very complex, often interconnected, somewhat confusing portfolio of workloads and applications, and we can actually help them have a clear understanding of their starting point, which I think is important to any transformation.

Arash Ghazanfari:

The other aspect that we are starting to see is that the majority of financial services whilst they're gravitating towards a multi-cloud strategy, they're starting to realise that no matter what cloud platform you buy into, you should always have an exit strategy for the reasons that we described earlier. Often what we are seeing is that lack of coherent multi-cloud strategy can result in tactical adoptions of multiple cloud platforms, it can lead to a fragmented approach, creation of new silos, which can ultimately lead to fragmentation of resources and talent, and we can help and we have helped many customers avoid that pitfall.

Ruby Hinchliffe:

You've talked a lot about the cloud, what about other concerns for financial institutions, such as cybersecurity?

Arash Ghazanfari:

Yes, thank you for that question. The reality is that the cybersecurity market is intensely fragmented. Many organizations have a very kind of threat centric approach to how they acquire security controls and how they make investments around those decisions. This can create a much more vulnerable environment, because you effectively proliferate the amount of security controls that you have in your environment. They're often disjointed, they can't learn from each other, you can't really build a coherent story around how an attack may have been applied to your environment, and it will be impossible to build a locally significant threat intelligence, so that you can basically get stronger with every attack that you're experiencing. This multitude of disjointed security controls can create a very noisy environment, and ultimately, they can adversely impact their security posture within enterprise, which is why with World Wide Technology, we can bring intrinsically secure and software defined architectures for our customers and help, again, avoid these issues.

Ruby Hinchliffe:

Thanks Arash. Interesting context on the cybersecurity landscape there and date. Dave, we'll come to you on this. How does what we've discussed, capacity cloud compliance and cybersecurity feed into a financial services risk position?

Dave Locke:

Yeah, of course. So I guess, fundamentally, they're all key components of being able to evaluate and understand that risk position as you state in all those facets. So it's taking the pieces you can control where possible, whether that is with these better controls in your cybersecurity landscape. It's understanding what you have, where it's located, it's your data management policies around that, and also identity and access from a personnel point of view. So one of the things we're doing and we've been doing together with DELL Technologies is helping and aiding in that space. Really, you could start off with the lab environment and the secure environments where you can actually test out these theories or test out these environments to ensure that they will meet the compliance and risk position you're looking to emulate, and really help focus then the rest of the business on what the new services and competitive options can be, while maintaining your risk positions behind the scenes.

Ruby Hinchliffe:

Thanks, Dave. We've explored the challenges financial institutions are facing, and we've identified some of the barriers that they hit when they tried to solve these challenges internally. Perhaps now we can move to talking about some of the solutions. Dave, what role do FinTechs have to play in improving financial services?

Dave Locke:

Yes, I think FinTechs have had a huge impact on the financial services market in general. First off by challenging the existing institutions, let's call them that have been around for decades or even hundreds of years in some cases, and they've really had the opportunity to start from a blank sheet of paper, they're using modern technologies that are often born in the cloud from an application point of view, and they're using modern development methodologies, things like Agile, and DevOps to actually make numerous changes on a daily basis to their platforms, which keeps them very competitive and keeps the older institutions and having to play catch up. But what we've actually seen is that it's been a benefit for the more longer standing organizations in the sense that, one, is created a need to change and be more agile in their own offerings. And it's offered them two options really, one, they can either create what we've seen digital banks being created inside the existing traditional banks, or they've acquired FinTech firm as their digital bank and digital arm to run in parallel to the organization.

Dave Locke:

What we're seeing is two very different modes of operation in both those environments, whether or not it's been created or acquired, where they will almost run the two organizations completely separately from a day to day point of view. However, there will always be a point of integration, and this is really where we often become involved, is then how do you actually transfer securely information and data between those two entities? Because typically, you're going to have the same customers with digital services as well as more traditional services, and they need to share common data, and again, with that the controls between those two worlds need to be very well understood. And we can help implement that and provide the various software tooling, and services, and processes to ensure that that takes place.

Ruby Hinchliffe:

Interesting. Arash, can FinTechs disruptive business models also pose a threat to financial institutions?

Arash Ghazanfari:

I think it's becoming more and more obvious and greater undeniable fact that a mindset of continuous innovation is absolutely essential to securing the digital future of our financial institutions. I think FinTechs as it was mentioned earlier, they bring a lot of value to driving that innovation within the financial institution sector and financial services sector. At the same time as it was mentioned earlier, many of these traditional financial institutions have been around for several years, in some cases several hundred years, and they play an extremely fundamental and pivotal role in this globally interconnected economy that we see today. It's really important these institutions protect themselves against the disruptive forces that we are seeing in the technology sector. Plans really need to be put in place in case, let's say, a technology vendor or a service provider disappears from the face of the market, and we need our financial institutions to protect themselves against such disruptive forces.

Ruby Hinchliffe:

How can financial institutions protect themselves from this disruption? You talked about how they need to do it, but how can they do it?

Arash Ghazanfari:

Yes, absolutely. And we alluded to this earlier, which is really an important part of any multi-cloud strategy is to have a viable exit strategy, and that's where seamless inter-cloud and inter-platform application mobility is really, really critical. This is typically achieved through the adoption of a software defined declarative and policy driven architecture, built on open standards or standards that are widely adopted in their enterprise, and avoid architectural and operational variability as much as possible. There are certain instances where certain workloads can really benefit from specific capabilities that are provided by specific vendors, but we should try and standardize and avoid architectural variability, as much as possible to maintain that operational consistency, and have the ability to seamlessly exit from one platform into another.

Arash Ghazanfari:

The declarative aspect of any future system or architecture that is built is really important. By that, we mean that the business needs to be able to very clearly define the outcomes that they want to achieve without having to worry about how those outcomes are delivered, and allow this intelligence software defined multi-cloud and multi-platform infrastructure to execute those outcomes on their behalf automatically at scale. And having this approach really, as I mentioned earlier, gives the business the confidence that it needs, that it can always exit from a difficult situation, because you must always have options as you adopt this new multi-cloud future.

Ruby Hinchliffe:

Yeah, thanks Arash. Do you have an example that DELL Technologies and World Wide Technology have worked on together with a client, and to put this into practice?

Arash Ghazanfari:

Yeah. Interesting example actually comes to mind where repatriating of a high value workload to actually move it back on premises was actually decided based on a business decision. And that business decision was that this large European bank actually saw their current cloud provider as their future competitor. Gartner refers to this phenomena as the digital dragon phenomenon, where we are increasingly seeing technology companies exploring opportunities in traditional services such as financial services, which is no exception to this norm. And so this particular larger European bank decided to work with us and World Wide Technology to actually help refactor their applications, so that they had the option to repatriate that workload on premises and back to the cloud without any downtime, and we managed to deliver that in a very short timeframe, and we're actually very proud of that work that we did.

Ruby Hinchliffe:

And that example brings us nicely to our final point of the discussion because we've talked about how financial institutions can solve some of the challenges they're facing in innovation, but what about some of the risks which accompany these? There is a high propensity for attacks against financial services organizations, do you think that innovation increases this risk? Arash, I'll come to you first.

Arash Ghazanfari:

Innovation can increase your attack surface if you're not thinking about a context centric, intrinsically secure approach to delivering cybersecurity within the organization. But there are also other risks, such as regulatory requirements. If you think about, let's say, [inaudible 00:30:56], let's say article 48. There is emphasis on operational resiliency, and this is not just around trading capacity, but it's also around having the agility to deal with disruptive market forces such as, let's say, the situation that we are all facing today globally. There is a need to accommodate remote working for a large number of people, which can impact your operational resilience. So those things also need to be taken into account as you adopt new operating models around how you deploy and acquire technology. And organizations need to always have multiple pathways to recovery. So let's say, if you're subjected to some kind of destructive attack, destructive cyber attack, you need to be able to recover from that breach and recover from that destructive event, and be able to continue to providing the valuable services that you're providing. There are a lot of concerns that can be taken into account, and again, we can work with World wide technologies to have those consultative discussions with our customers.

Ruby Hinchliffe:

Thanks Arash. You mentioned some of the regulatory concerns that the firms have. Dave, I'll come to you next. What are your thoughts on some of the risks which come with innovation?

Dave Locke:

If we're looking at this from really getting a good baseline in place from a security and risk perspective, the World Wide Technology approach is really to look at this into five areas or five lenses. The first being visibility, so understanding what you have. The patching aspects or keeping currency within the environment. We mentioned the real fragmentation of security software vendors, and again, a lot of this comes back to tools rationalization. Understanding the right tools for the job or even looking at how you can consolidate onto newer platforms where you had point solutions in the past.

Dave Locke:

The fourth area then would be around your resources and actually having the right people with the right skill sets available to you, given the ever shifting landscape here. And then last, it's around segmentation. Arash mentioned segmentation in one form around data, and being able to have mirror copies or segmented, isolated copies of data for a cyber attack purpose. But it's also around segmentation at the application layer or even at the access layer, in terms of who can access which applications, and at what time and from which locations. If you have your segmentation strategy right, then again, it will helps create a solid base onto which then you can provide the innovation moving forward. So it's really the combination, those five areas that we see that help here.

Ruby Hinchliffe:

Thanks, David. I think these five areas feed into what Arash said earlier about building systems for change rather than simply build to last. Arash, do you want to say a bit more about this build for change rather than build to last?

Arash Ghazanfari:

Yes. Maintaining that flexibility and protecting yourself against any form of disruption or in the context of cybersecurity, any form of destructive attack, which by the way, is becoming more and more common in financial services, and that threat level is becoming more and more pronounced as we move into the next decade. Maintaining real time visibility of your threat landscape and your system dependencies is extremely important. So you need to understand what are your critical applications? What services do they provide? Who are the consumers of these services? And how should these services be delivered to them? What are the underlying system and data dependencies that should be protected from a potential cyber attack? Have you provided some form of, let's say, air-gapped secure vaults to protect these digital assets, so that you can very quickly in a simple, proven way, stand up a minimum viable enterprise.

Arash Ghazanfari:

We have to also distinguish between cyber recovery versus backup or disaster recovery. The operational aspects of cyber recovery requires additional consideration. For instance, in a post breach situation, before any recovery efforts is started you need to first establish what assets can be trusted, what hasn't been compromised. And again, that's why that having that end to end visibility and having that clean room approach to how you go about the recovery process is really important. At DELL Technologies, we have developed a standardized approach around this, which has actually been recognized by an initiative that is a that has started in the US called Shelter Harbour, part of the FS-ISAC initiative in the US, where this solution and this architecture has been accepted as a widely used standard for cyber recovery for financial services.

Arash Ghazanfari:

And again, we have a joint capability around delivering this in a consultative manner with our partner World Wide Technology within EMEA as well, and we will be more than happy to discuss this capability with any of the participants who might be interested in this.

Ruby Hinchliffe:

Well, thanks for Arash. Rounding off the end our discussion there. That was really interesting. Thanks, Dave, as well for your insights. That brings us up to the end of our discussion today, which is looked at the technical debt facing financial institutions, how their it transformations can overcome them. And then we've looked at the need for modern applications in an age of FinTech disruption, whilst also looking at how financial institutions can solve the risk, which come to this innovation, by investing in data protection and cyber resiliency.

Ruby Hinchliffe:

Now, let's have a look at the Q&A questions. I can see that a few of you have already submitted questions, so we're going to jump right in. Remember, if you'd like to submit your question, type your question into the question window on the side of your screen and hit the submit button. While we are answering questions, please do also feel free to complete the feedback form, which is located on the bottom of your screen.

Ruby Hinchliffe:

Okay, so let me find our first question. Dave, I'll ask you this one. Is data compliance still an onerous task for C level executives of banks or are they taking it with the seriousness that they deserve these days?

Dave Locke:

Yeah, thank you. Absolutely, the seriousness is paramount these days. We touched on it right at the beginning around things like the senior managers regime as a compliance aspect, which is putting individuals inside organizations accountable for the safety of customer data and the data compliance aspect, and it's not an easy task. From what we've seen, data is now prolific, and it's hosted in so many different locations, it's accessed by so many different people and then applications as well, both internally and externally. So, having a visibility of that and having a good data model that understands what data you have, what it relates to, and being able to put in those controls to actually monitor it, maintain it and ensure that you don't have breaches, it is absolutely critical.

Dave Locke:

There has been high profile breaches, and has made front page news. Without mentioning any names, there are almost, I would say, monthly if not weekly reports in the national press now, around household named organizations that have, sadly, lost customer data or they've had information about their customers shared or leaked, online. No one wants to be the next CIO or CEO facing those kind of challenges inside their organization. So, it's very serious, and I think if you start with a data problem or the data conundrum, we could call it, and that actually is probably a lot of the basis of moving forward through the whole topic we've been talking about today. The actual ability to better manage that data, have it located in the right place, but also leverage it from an innovation point of view, using things like cloud services to analyze your data, to manipulate it and actually take insights from it. Those are the things that organizations are looking to do to better serve their customers. So I think this is a huge topic, and it'd be something great to follow up with the individuals after this session.

Ruby Hinchliffe:

Thanks, Dave. I've got another question here, perhaps, I'll go to Arash this one. How can a built for change architecture which you mentioned in the discussion be implemented for cybersecurity?

Arash Ghazanfari:

Thanks for that question. The point was made earlier around the breaches that we have seen in the past. Many of these breaches are highly coordinated, sophisticated attacks. One of the problems with these breaches is that the targeted organizations that are facing these very highly sophisticated fraud patterns, they're very slow to detect the issues that they're facing. One of the biggest challenges that we are seeing is that the dwell time that these bad actors have in these environments can be very long. That's the best thing you can do for a malware author, which is to absolutely change nothing, and when you don't change anything, and you've got a very stable environment, they can build their command and control network, and they can basically enjoy an extended period where they can siphon, let's say, critical and valuable data off of your premises.

Arash Ghazanfari:

And so, we have actually worked with many financial institutions to create that platform level thinking where you're completely decoupling your applications from how infrastructure services are delivered. So this particular institution that we are talking about, one of our joint customers, they have been able to systematically destroy their production environment without experiencing any application downtime, once or let's say twice a week. The outcome of that is that you create a nightmare scenario for bad actors and malware authors, because you're coming from a position where you're assuming your environment is already breached, and by continuously, let's say, rotating that environment and continuously destroying it and recreating it again, you don't allow a bad actor to build their command and control network inside your organization. That's just one of several benefits of moving towards a built for change architecture.

Ruby Hinchliffe:

Thanks, Arash for breaking that down. I've got time for one more question. I'll go to both of you on this, I'll start with Dave. What sorts of innovations are you seeing banks focusing on at the moment?

Dave Locke:

Yeah, so I think predominantly, over the last few years, the major innovations have been in that data space in terms of making insights into your customer information, about their spending patterns, their profile, and being able to offer new services to them proactively. Or it could be around, again, using that same method and mentality to create more digital only services, say, remote applications that don't require speaking to an actual individual because it can be based on your existing profile with the bank over time to actually provide you an on the spot answer in terms of your eligibility. However, that said, recent times I've actually shifted innovation quite significantly into more of this remote working aspect, and it's probably moved away short term from the customer focus and more into the internal workforce. And how do you get 10s of thousands of people now connecting back into the organization to access those applications? But more importantly, where your staff are actually on the front line helping, if I may a say, a contact center point of view directly interfacing with customers. How do you now provide that same customer experience from one agent to the next agent, when everyone is now working from home?

Dave Locke:

Some of the innovations we've been asked to help with and support have actually been moving more into intelligent contact center solutions, it could involve things like AI, to actually provide better answers to common customer queries. And really, what you're looking to do is try normalize the experience that you get dialing into your banking environment, so that everyone from your newest to your most senior member of that environment can actually answer and provide the same level of service, now they're not all sitting next to one another as part of that environment. So there's a whole host of things around what that sort of workplace environment looks like, sort of working from home, accessing information now externally rather than internally, which again shifts the security posture as well. So Arash, you may have some other example on this given DEll's interest in this space too.

Arash Ghazanfari:

Absolutely. And as you know Dave, we have been doing remote working, and doing it very well for over a decade now. We jointly together with world Wide Technologies, we have brought that experience to many of our customers, particularly, in the financial services sector, where having that service continuity in the face of the current pandemic is absolutely critical. We can help our customers realise this notion that work can take place anywhere, that you can create a collaborative, immersive environment for people to do their best work, and create value regardless of where they are. And from a security perspective, it's highlighting this aspect of security which more and more organizations have recognized for several years now, which is the notion of a perimeter centric security is no longer enough.

Arash Ghazanfari:

Whilst protecting the perimeter is really important, we need to move towards intrinsic context centric security, intrinsically built into our workloads, intrinsically built into our endpoints, so that your security policies can effectively live and die with your applications regardless of where these applications are. Another aspect is, as we alluded to earlier in the conversation, is data supply chain security. You need to be able to control your data assets regardless of, again, where they are. We have solutions that can help protect our customers against this new normal and new reality that we are facing today.

Ruby Hinchliffe:

Thanks, Arash. Those are some really interesting insights there. I'm afraid that's all we've got time for in terms of questions today, but any that didn't get answered, will be followed up by both DELL Technologies and World Wide Technology, so don't worry about that. Other than that, that concludes our presentation for today. On behalf of FinTech Futures, I'd like to thank DELL Technologies and World Wide Technology, for bringing us today's event. David and Arash, particularly, thank you for such a great discussion and some excellent answers. And of course, thank you to all of you for joining. Have a great rest of your day.

Comments