6 C
London
Monday, November 20, 2017
Home Tags Technology infrastructure

Tag: technology infrastructure

“Move fast and break things” with DevOps has become a popular Silicon Valley mantra during the past few years.

DevOps empowers developers to quickly ship code and holds them accountable for operating their software.

As DevOps becomes the new norm within Silicon Valley, enterprises outside the Valley have begun to look on with a mix of intrigue and terror.Some organizations have held to enforcing the ITIL (Information Technology Infrastructure Library) method of ITSM (IT service management) and shied away from using DevOps.

These organizations maintain that the segregation of duties is a non-negotiable requirement for compliance, and developers should never be allowed to ship code directly to production.To read this article in full or to leave a comment, please click here
On average, in the second half of 2016 Kaspersky Lab products across the globe blocked attempted attacks on 39.2% of protected computers that Kaspersky Lab ICS CERT classifies as being part of industrial enterprise technology infrastructure.

Giuliani sees cyber attacks as a major threat to innovation.

Former New York City Mayor Rudy Giuliani will serve as a cyber-security advisor to President-elect Donald Trump once he takes office, the Trump transition team announced Thursday.

Giuliani, who currently runs his own security consulting firm, will serve as a liaison between the Trump administration and private companies who are working to combat against cyber-security threats. Trump's announcement didn't specify a title for Giuliani, saying only that the former mayor will be "sharing his expertise and insight as a trusted friend concerning private sector cyber security problems."

The announcement did, however, hint at some of the threats Trump wants to address, including "hacking, intrusions, disruptions, manipulations, theft of data and identities, and securing information technology infrastructure."

Trump takes office as both private citizens and US companies have fallen victim to threats that were virtually unknown just a few years ago. Throughout 2016, multiple high-profile ransomware attacks targeted hospitals and other institutions, which often paid ransoms of tens of thousands of dollars each instead of pursuing even more costly data recovery methods.

The explosive growth in devices that make up the Internet of Things (IoT) has also contributed to threats, including a distributed denial of service attack using infected baby cameras and other IoT devices last fall that took large portions of the US Internet infrastructure offline.

Even as large corporations hire consulting firms like Giuliani's to fight back, experts have warned that lax security practices—especially among IoT device manufacturers—make them too easy to hack.

Giuliani's ability to affect change in his new position is unclear, especially given Trump's general skepticism about the Internet and computers. Giuliani tends to take the opposite view. He sees cyber attacks as a key roadblock to technological advances that can have a positive societal impact, especially when it comes to healthcare.

"Our lack of securing these things is holding back a tremendously important advance that would be a great way to reduce healthcare costs," he told PCMag in 2012. "There is a tremendous societal cost and it comes about because we haven't developed security for the Internet—the cloud—the way we should."

London, UK, 30 November 2016 – Sopra Steria, a European leader in digital transformation, announced today that it has achieved Amazon Web Services (AWS) Financial Services Competency status.

This designation recognises Sopra Steria for delivery of effective solutions and providing deep expertise to help organisations manage critical issues pertaining to the industry, such as digital transformation, core systems implementation, migration, data management, navigating compliance requirements and risk management.Achieving the AWS Financial Services Competency differentiates Sopra Steria as an AWS Partner Network (APN) member that has demonstrated relevant technical proficiency and proven customer success, delivering solutions seamlessly in the AWS Cloud environment.

To receive the designation, APN Partners must possess deep expertise in the AWS platform and undergo an assessment of the security, performance, and reliability of their solutions. “We are delighted to be one of the first APN partners to achieve AWS Financial Services Competency status because it cements our role as a digital enabler in the Financial Services market, and enables us to amplify our cloud services work across the industry,” said Melba Foggo, Managing Director of Sopra Steria Financial Services. “Cloud services are transforming the future of Financial Services and as such the AWS platform is a cornerstone of our business. We are already supporting organisations of all sizes and types in cloud services - regulators and firms – market entrants and established organisations - across Europe to help them take up the opportunities offered by the cloud, and our work with AWS provides an important foundation for our solutions in areas such as robotics-as-a-service and cognitive automation. Using the AWS Cloud helps us to enable digital transformation, the agility of our clients and improve the cost effectiveness of IT estates through pay-as-you go services.” The AWS Cloud is enabling scalable, flexible, and cost-effective solutions for banking and payments, capital markets, and insurance organisations of all sizes, from startups to global enterprises.

To support the seamless integration and deployment of these solutions, AWS established the Financial Services Partner Competency Program to help customers identify Consulting and Technology APN Partners with deep industry experience and expertise. Sopra Steria enables Financial Services firms and regulators to focus on their key business activities by identifying services that can be run more efficiently and cost effectively. Our services include core Financial Services platforms, and, together with Sopra Banking Software, bespoke digital transformation programmers.

These programmers comprise industry specialist modules including security, payments and lending, aimed at disentangling legacy applications and incorporating new digital technologies. We carry out extensive cloud migration work enabling clients and partner products to optimise IT estates technically and financially through provision of innovative cloud services. Using our expertise in ‘digital at scale’, we support clients in their end-to-end journey, leveraging our global industrialised service delivery model. Our customers and partners include: The Financial Conduct Authority, for whom we are implementing the UK’s largest Digital Market processing platform to satisfy the forthcoming MiFID II Regulation.

The platform is a big data solution using cutting-edge open source application components and hosted on AWS The Services Family, a UK military challenger bank, for whom we are digital partner of choice. We are providing the digital expertise and solutions to help build the bank and bring them to the UK market Sybenetix, with whom Sopra Steria recently announced a new partnership, are the leading provider of behavioral end-to-end market abuse surveillance, case management and conduct management systems.

The partnership will provide the next generation of scalable, real-time analytic platforms that can help firms meet regulatory challenges through a cost efficient SaaS model Taras Chaban, CEO at Sybenetix, said: “In order to become truly digital, financial services organisations need to re-assess their technology infrastructure and embrace new, flexible architectures.

The cloud is central to this, which is why Sopra Steria’s expertise with digital at scale and their use of Amazon Web Services made them an ideal collaborator. Working together, our AWS-based Market Abuse and Conduct Risk services will provide solutions to some of the biggest regulatory challenges currently facing investment firms, while helping them to deliver performance improvements and significant reductions in operating costs." About Sopra SteriaSopra Steria, a European leader in digital transformation, provides one of the most comprehensive portfolios of end-to-end service offerings on the market: consulting, systems integration, software development, infrastructure management and business process services.
Sopra Steria is trusted by leading private and public-sector organisations to deliver successful transformation programmers that address their most complex and critical business challenges.

Combining high quality and performance services, added value and innovation, Sopra Steria enables its clients to make the best use of digital technology. With over 38,000 employees in more than 20 countries, Sopra Steria had revenue of €3.6 billion in 2015. For more information, visit us at www.soprasteria.com ContactsSopra Steria: Catriona McCallum, catriona.mccallum@soprasteria.comSopra Steria Agency: Maureen Conlon, maureen.conlon@bm.com; +44 (0) 20 7300 6206
Security experts have long said that internet-connected systems and software need security controls and features built in by design, in the same manner they’re built into physical infrastructure. The National Institute of Standards and Technology agrees and has issued guidance to help software engineers build secure products. Titled “Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems,” the guideline emphasizes incorporating “well-defined engineering-based security design principles at every level, from the physical to the virtual,” NIST Fellow Ron Ross wrote on the Taking Measure blog. A holistic approach does more than make systems penetration-resistant; even after a compromise, they’re still capable enough to contain the damage and resilient enough to keep supporting critical missions and business functions. NIST’s guidance uses the international standard ISO/IEC/IEEE 15288 for systems and software engineering as a framework, and it maps out “every security activity that would help the engineers make a more trustworthy system” for each of the 30-plus processes defined by the standard. The activities cover the entire system lifecycle, from the initial business or mission analysis to requirements definition to the design and architecture phases, and they’re applicable for new, upgraded, or repurposed systems. “We have a high degree of confidence our bridges and airplanes are safe and structurally sound. We trust those technologies because we know that they were designed and built by applying the basic laws of physics, principles of mathematics, and concepts of engineering,” Ross wrote. Similarly, applying fundamental principles in mathematics, computer science, and systems/software engineering can give us the same level of confidence in our software and hardware. Taking a holistic approach A holistic approach requires coordinating across different specialties, such as information, software and hardware assurance, physical security, antitamper protection, communications security, and cryptography. It also demands addressing multiple focus areas, such as privacy, verification, penetration resistance, architecture, performance, validation, and vulnerability. The guidance addressed the dependencies and  subspecialties by grouping the processes in the system lifecycle into four families: Agreement Process: Tasks related to acquiring products and services, as well as providing services as a supplier. Organizational Project-Enabling Process: Lifecycle model management, infrastructure management, portfolio management, human resource management, quality management, and knowledge management. Technical Management Process: Project planning, project assessment and control, decision management, risk management, configuration management, information management, and quality assurance. Technical Process: All the activities related to business or mission analysis, defining stakeholder needs and requirements, defining system requirements, defining the architecture, defining the design, system analysis, implementation, integration, verification, transition, validation, operations, maintenance, and disposal. The processes outlined in the publication do not prescribe a mandatory set of activities and do not explicitly map to specific stages in the lifecycle, NIST warned. Engineers should rely on their experience and their understanding of the organization’s objectives to tailor the processes to meet the stakeholder’s requirements for a trustworthy system. The publication also did not attempt to formally define systems security engineering. There is something for everyone involved in the process, from business stakeholders to developers, administrators, and security analysts. Calling on engineers When civil engineers build a bridge, they have to consider the weight of vehicles and people crossing the bridge, the stress caused by wind and other natural elements, and the materials used to build the bridge itself. Buildings have to meet specific structural and fire codes to make sure they are safe and will not collapse. Similarly, software engineers need to build systems with security controls already included in the design and not added afterward as a separate component. If bridges were routinely collapsing, scientists and engineers would be immediately on the scene to figure out what went wrong and identify how to fix it for future projects. Currently, instead of asking engineers and scientists to perform root-cause failure analysis to find and fix the problem, cybersecurity focuses on add-ons. Changing how technology is designed and built—by strengthening underlying systems and system components, and developing with well-defined security requirements—would help reduce the number of known, unknown, and adversary-created vulnerabilities, Ross said. NIST’s approach echoes what Dan Kaminsky, chief scientist and co-founder of White Ops, said in his keynote speech at the Black Hat security conference earlier this year. Kaminsky called for an “NIH [National Institutes of Health] for Cyber” to study the security challenges and come up with engineering solutions addressing them. While Kaminsky was using the name of a different federal agency, his message was the same: Cybersecurity needs to be treated as an engineering discipline with tools and principles that can be used to build secure systems. “We didn’t stop our cities from burning by making fire illegal or heal the ill by making sickness a crime. We actually studied the problems and learned to deliver safety,” Kaminsky said in his speech. “If we want to make security better, give people environments that are easy to work with and still secure.” Addressing the IoT problem While NIST focused the language on systems and software, the guidance provides a welcome direction for the internet of things, most of which hit the market with little to no security controls. NIST’s authority extends to only government agencies and contractors, so the guidance is not binding for engineers working in the private sector. Even so, these recommendations can raise expectations on what features must be included to be acceptable for the marketplace. This NIST publication is the culmination of nearly four years of work, Ross said. The final draft was originally expected in December, but the release date was moved up after a crippling distributed denial-of-service attack against Dyn temporarily cut off access to large parts of the internet. The attack also revived discussions on whether the government should try to regulate the security of IoT, especially since there are currently no consequences for manufacturers selling subpar devices to consumers. Regulation would be difficult, as many of the embedded devices aren’t manufactured in the United States. “While I’m not taking a certain level of regulation off the board, the United States can’t regulate the world,” Rep. Greg Walden (R-Ore.), chairman of the Subcommittee on Communications and Technology said during a recent Congressional hearing on IoT security. Building trustworthy systems The rapid pace of technological innovation, the dramatic growth in consumer demand for new technology, and the boom in IoT have made it difficult to understand, let alone protect, the global information technology infrastructure. There are too many areas to cover—software, firmware, hardware components—and cyberhygiene efforts, such as patching, asset management, and vulnerability scanning, are not enough. “Our fundamental cybersecurity problem can be summed up in three words—too much complexity,” Ross wrote. “Creating more trustworthy, secure systems requires a holistic view of the problems, the application of concepts, principles, and best practices of science and engineering to solve those problems, and the leadership and will to do the right thing—even when such actions may not be popular.”
Partnership will provide leading-edge SaaS solutions across the investment banking and trading sectorsLondon, UK, 20 September 2016 – Sopra Steria, a European leader in digital transformation and recently selected by the Financial Conduct Authority (FCA) to implement the UK’s largest Digital Market processing platform to satisfy the forthcoming MiFID II Regulation, has today announced a new partnership agreement with Sybenetix, the leading provider of behavioural end-to-end market abuse surveillance, case management and conduct management systems. The partnership will enable investment firms to integrate market leading, highly innovative, proprietary behavioural management and compliance solutions with their existing trading systems and operations to help exceed the demand for ongoing regulatory compliance. As financial firms seek to reduce the cost of compliance across their trading operations, the challenges of managing compliance risk are huge and include operational costs, reputational damage, technical complexity and significant fines by the regulator. This partnership will provide the next generation of scalable, real-time analytic platforms that can help firms meet these challenges through a cost efficient SaaS model. Working with Sybenetix, Sopra Steria will provide solutions to some of the biggest regulatory challenges currently facing investment firms, including: Rising Compliance Costs – Sopra Steria and Sybenetix enable cloud-based compliance solutions, which provide smarter, faster detection and investigation of potential misconduct. We save time and money for compliance by removing false positives and more readily establishing behavioural intent, while improving engagement with the front office, transparency for the regulators and supporting superior investment performance. Regulatory Reporting – As banks have to comply with ever more stringent Market Abuse Regulations (MAR) and the global regulatory focus on individual liability and accountability, the availability of data and next-generation analytics to spot potential trading anomalies can provide firms with indicators ahead of any potential regulatory scrutiny. Melba Foggo, Managing Director of Sopra Steria Financial Services, said: “Our new partnership with Sybenetix cements our commitment to innovation within financial services. Financial organisations need to rethink their technology infrastructure and begin to embrace architectures that include cloud to become truly digital. The Market Monitoring capabilities we can now provide with Sybenetix will help our clients to converge onto a Cloud strategy to help deliver compliance in their market trading operations. Our clients will benefit from our expertise in Systems Integration, Regulatory Data & Compliance, Cloud, Big Data and Business Process Services. This partnership enhances our Market Data Services strategy to deliver fundamental reductions in our clients’ operating costs.” Taras Chaban, CEO at Sybenetix, said: “Our proprietary technologies have been developed to enable a paradigm shift within our industry, allowing organisations to optimise how they manage the increasingly complicated conduct and compliance requirements as well as enhance investment performance; a win-win for the boards of major organisations and leading regulators. By integrating with the Sopra Steria architecture we are able to implement our analytic solutions across the enterprise. We believe that this partnership is a significant development for the industry and will be a game changer for clients that adopt this architecture.” About Sopra SteriaSopra Steria, a European leader in digital transformation, provides one of the most comprehensive portfolios of end-to-end service offerings on the market: consulting, systems integration, software development, infrastructure management and business process services. Sopra Steria is trusted by leading private and public-sector organisations to deliver successful transformation programmes that address their most complex and critical business challenges. Combining high quality and performance services, added value and innovation, Sopra Steria enables its clients to make the best use of digital technology. With over 38,000 employees in more than 20 countries, Sopra Steria had revenue of €3.6 billion in 2015. For more information, visit us at www.soprasteria.com Sopra Steria Group (SOP) is listed on Euronext Paris (Compartment A) - ISIN: FR0000050809 About SybenetixSybenetix’s team of experts in technology, behavioural science and finance is working with leading financial institutions to transform investment decision-making and conduct management, helping firms to deliver higher returns and comply with growing regulation. Proprietary behavioural algorithms analyse exactly how investment professionals make decisions, using multiple sources of data to build unique behavioural profiles. Software identifies cognitive biases affecting performance. It then delivers insight to counter these biases, so enabling more skilful decision-making and basis-point improvements across the investment process. The system also uses this ‘behavioural fingerprint’ to identify abnormal behaviour in the context of suspicious activity. A highly accurate behavioural ‘heat score’ provides smarter, faster detection and investigation of potential misconduct. ContactsSopra Steria: Catriona McCallum, catriona.mccallum@soprasteria.comSopra Steria Agency: Maureen Conlon, maureen.conlon@bm.com; +44 (0) 20 7300 6206Sybenetix: richard.maton@sybenetix.com