Subscribe

Financial sector lacks security integration

Regina Pazvakavambwa
By Regina Pazvakavambwa, ITWeb portals journalist.
Johannesburg, 29 May 2015
The interoperability between access channels is an ideal financial institutions should mirror, says ThoughtWorks.
The interoperability between access channels is an ideal financial institutions should mirror, says ThoughtWorks.

Despite reports that seek to undermine their systems, financial institutions are well placed technologically - what they need to do is become integrated organisationally.

This is according to Quintis Venter, a senior software engineer at ThoughtWorks, who notes the industry is well-regulated in terms of compliance and risk management practices, but unfortunately this puts barriers between key departments.

It is standard practice for IT operations to work in isolation, likewise with information security operations and software development teams, says Venter. He believes the lack of integration between these departments is the single biggest challenge to both efficiency and security.

"Given the increasing demands on organisations to meet customer demands for a seamless experience - regardless of their chosen access channel - whether from a desktop or laptop computer, tablet or mobile phone - the silos deprive the organisation of seeing the effect one action has on other departments until it's too late."

Venter points out the interoperability between access channels is an ideal financial institutions should mirror. They need to remove the barriers between the IT department and their counterparts in development operations and security operations, he adds.

"Achieving this ideal is by no means easy, which is one of the reasons that financial institutions are struggling to make the transition."

Apart from the mindset change required, it is also highly dependent on having poly-skilled technologists employed in these roles, says Venter. This means having people who are not only technically excellent, but are also able to grasp the impact technology has across the entire transaction chain, he adds.

Until organisations adopt a radical reorganisation of their internal practices, the ability to head off and respond to threats will likely remain higher than they can afford, and higher than their customers will accept, says Venter.

Martin Walshaw, senior engineer at F5 Networks, says technology does not just impact an individual piece of the organisation but rather multiple different departments in multiple different areas, so being integrated organisationally is key to a success security programme.

Walshaw believes security is only as strong as the weakest link. "Like a chain, if you exert enough pressure, the chain will break at its weakest link." Therefore, security needs to be extended to all the processes to make sure everyone is involved, he says. The organisation needs to identify each individual component of a process and how they are interlinked and where improvement is needed, adds Walshaw.

To deploy applications, business and IT have to be on the same page - also within the IT department there should be multiple different areas that need to be engaged to ensure security applications are a success across the organisation.

Share