Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Trading Technology

03:55 PM
Larry Tabb
Larry Tabb
Connect Directly

Tony Soprano and My Social Security Number

We live in a world of trust. We want to believe that everyone is good, and Ozzie and Harriet live next door. Unfortunately this world does not exist -- especially online.

We live in a world of trust. We want to believe that everyone is good, and Ozzie and Harriet live next door. Unfortunately this world does not exist -- especially online. Many of us take data security for granted -- we use the same passwords, we don't encrypt our WiFi routers and we don't shred our financial statements -- in this day and age, this is insane.

Hacking has evolved from a teen prank to a major criminal enterprise that prods every security gap to find ways to rip off not only large financial institutions, but also individuals. These are not fly-by-night enterprises; these are crime syndicates that systematically corrupt insiders, exploit weaknesses, phish and dumpster dive to find sensitive information and rob people blind.

But how do we secure our infrastructure in an age of seamless connectivity, Wi-Fi, open access, data fabrics and shared services? And as we extend our infrastructure through edge computing, Web services and ubiquitous connectivity, one doesn't need to be next door to be a Peeping Tom. So how do we defend this infrastructure?

Traditionally, data security was protected by perimeter defenses such as private connectivity, hardened data centers, card keys, fire walls, encryption and password authentication. These tools, however, are not enough. Leased lines are too expensive, not all access points or technology is in the data center, and the Internet provides access not only to firms, but also to almost all technology within them. People also have so many passwords that they need to write them down. How safe is that?

From an outside perspective, security is more than the perimeters. We need to think about security at every point in the technology chain. Infrastructure defense needs to be thought of as concentric and isolated spheres that not only surround core assets, but insulate them from outside influences as well.

We need to think about security from the inside as well, since a majority of the security breaches are perpetrated from there. We need to implement technologies that know what employees are allowed to view, do, access and send. And if these rules are broken, compliance must be notified and empowered to act -- whether it is against a money transfer clerk, the head trader, the lead banker or the corner office.

But how do we get the budget to reengineer security? Security traditionally has been a non-ROI-based investment relegated to audit or compliance. Today, however, the investment criterion is different. With high-profile disruptions such as CitiGroup's closure of its ATM network in Russia, the U.K. and Canada, budget dollars will be easier to secure. No financial institution wants to be the poster child for lax security.

Security issues also are raising client visibility as we begin to see security promoted as an online feature. Recently, Bank of America added phishing protection, and Schwab and E*Trade are promoting fraud guarantees. These offerings will become common, if not standard, for financial firms trying to allay their clients' security fears.

But providing online security is not enough. As we move into the second online decade, we need to rethink how we manage technology security. We not only need to embed identity, authority and protection into virtually every piece of hardware, software and data we develop, deploy or implement, we also need to rethink how to manage our personal financial identity information; otherwise, our safe and protected lives will spiral into turmoil. And while Ozzie and Harriet may be a dream, it is certainly much better than the nightmare of Tony Soprano with my Social Security number. <<<

Larry Tabb is the founder and CEO of TABB Group, the financial markets' research and strategic advisory firm focused exclusively on capital markets. Founded in 2003 and based on the interview-based research methodology of "first-person knowledge" he developed, TABB Group ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
Exclusive: Inside the GETCO Execution Services Trading Floor
Exclusive: Inside the GETCO Execution Services Trading Floor
Advanced Trading takes you on an exclusive tour of the New York trading floor of GETCO Execution Services, the solutions arm of GETCO.