Home » Features » General » Dollars and sense

Dollars and sense

By Computerworld Hong Kong staff | Mar 11, 2009

Thumbnail:

At a recent banking/finance event held in Hong Kong, a variety of experts spoke on Asia-Pacific’s financial infrastructure.

Commoditized

“Services are becoming commodities,” coming under “competitive pricing pressure,” said Chia Chong Hai, manager of engineering solutions, Sterling Commerce Asia, who operates out of the global firm’s A-Pac office in Singapore. He added that the bank’s brand was most important in keeping the business collaboration network vital.

Chia said that one of his firm’s signature products is a multi-enterprise finance gateway (MEFG), and one of its major challenges is the standards and networks required to connect across the financial services community. Chia added that a module-based approach is the best way to connect the diverse financial ecosystem—including major systems like SWIFT.

He said that the product was based on feedback from his firm’s clients, and the file gateway helped configure rules based on secure standards to allow those clients to transfer files securely. Asia-Pacific MEFG clients include China Unionpay (CU), Tune Money (Malaysia) and National Australia Bank.

Preventing data loss

William Tam, senior head of technical consultancy, A-Pac and Middle East, Websense, said that according to a Frost & Sullivan survey, data loss prevention is a key worry for security experts. The F&S survey, said Tam, reported that of those who were laid off, fired or changed jobs in the last 12 months, 59% admitted stealing company data and 67% used their former company’s confidential info to leverage a new job.

“How we implement DLP strategy is to start with data classification,” said Tam. He added that pros for this approach included awareness of where data is stored, remediation limits risk of exposure and it fulfills compliance requirements. But cons include exposing gaps in data security.

Tam described DLP as a “necessary evil,” and offered a case study for an unnamed Hong Kong customer. The deployment took two months and included a PCI DSS compliance policy template, and users’ personal data protected by the Hong Kong Personal Data Privacy Ordinance Policy, so the firm leveraged its OCDB database to effect the deployment.

Tam pointed out that data leakage isn’t limited to deliberate theft or thumb-drives left in public places. “Imagine a hardworking employee who needs to work on a file over the weekend,” said Tam. “He may send it to himself via email if denied USB-access, and leakage may happen in any form and shape—such as hidden columns in an Excel spreadsheet.”

The charm of BI

Toa Charm, regional head of the Business Intelligence Competency Centre (BICC), Asia-Pacific, HSBC, also heads the BI Special Interest Division of the Hong Kong Computer Society. He said that board-level executives demanded certain things from a BICC: customer value optimization, increased customer retention, compliance management, risk management and performance management. “We spend a lot of money to acquire a new customer,” said Charm, “so if we lose a customer we suffer a substantial loss.”

As for the financial downturn, Charm said a recent survey indicated that 2009 spending on BI would not diminish from 2008 levels. He said that compliance was a driving factor in this, but added that the danger of “guessing” was another factor. “The beauty of BI is that we can reach a ‘single version of the truth’,” said Charm, adding that accurate analysis of data addressed questions from the front office to the back office. He also said that according to the Gartner CIO Agenda 2007 survey, the top CIO priorities ranked BI as the number one priority.

“Hong Kong does not have enough BI experts,” said Charm. “That’s why we have the HK Computer Society BI Division: to encourage more IT professionals to understand the value of BI and drive deployment within the industry.”

Budgets trump tech

Trevor Lewis, business partner, large projects, Asia-Pacific, Orange, said that his emphasis was on IT budgets rather than technology, and that shortage of short term credit is affecting companies’ ability to finance their day-to-day short term working capital, like accounts payable, salaries, rent and inventories. Lewis said that according to IDC, likely effects include limited budget growth at best, but questioned the numbers of “any analyst anywhere in the world...they’re wrong.” Despite this, Lewis said that analyst-weighting was fundamentally accurate, and that Asia-Pacific is the “place to be” compared to North America and Western Europe.

Lewis emphasized that “flexibility and agility are paramount,” especially in this era where mergers and acquisitions are becoming more frequent. He said that controlling costs through increased visibility of your infrastructure is important, but travel costs could be reduced even more quickly through use of telepresence, and also controlling data roaming costs. Lewis also said that optimization of infrastructure and outsourcing or offshoring operations could also help reduce operating expenses.

Discussion synergy

A panel discussion hosted by William Yin (partner and MD, Boston Consulting Group) featured Arthur Wong (SV, head of business technology management, Fubon Bank (Hong Kong)), Michael Ma, (corporate V, IT, AIA), Edward Scheckler, (global head of infrastructure IT, CLSA) and Thio Tse Gan (executive director, Deloitte and Touche enterprise risk services.

Scheckler said many of his firm’s clients had suffered not only from the financial downturn, but also currency volatility here in Asia. “Our challenges are manageable at this time, and we see this as an exciting time to help IT become a forefront of the business,” said Scheckler. “There’s more willingness to have a robust discussion with IT, as during a bull market, executives are interested in having things work and little more.”

Wong said his bank was keen on pushing their new systems but now the focus is on cost-reductions and compliance. “It’s now very difficult to introduce new products in the wake of items like the Lehman minibonds,” said Wong.

Ma said that in these times, you must distinguish between the discretionary and the ‘absolutely necessary.’ “I’m not saying we should stop spending, but it’s a good time to evaluate our spending,” said Ma. “I see—especially in large organizations—a reevaluation of capital spending, and it’s a necessity to reexamine those projects for both the economy now and the economy we’ll experience in the future.”

Scheckler said that these economic times helped show his firm’s real partners “It’s quid pro quo,” he said, “if you don’t give us discounts now, your revenue from us in the future will be zero.” He also said that it’s a good time to look for new talent, especially for project managers, as firms are facing “hard decisions” at present.

Thio said he sees technology-refresh cycles being pushed back, but a new emphasis on business focus in terms of “doing more with less”: getting maximum value out of existing systems. He added that he sees more examination of investments and making sure that the investments deliver quick value. Thio also said that IT people are learning more “business language” to better communicate with executives.

Ma said it was useful to query existing processes. “Firms should look at processes that have been around 10-15 years,” he said. “For example, people are used to getting daily or weekly reports, but do they really need them?” Ma suggested that traditional rituals be examined to see if they’re still essential, or can be streamlined or eliminated.

“We’ve been here before,” said Scheckler. “During the dotcom bubble, a lot of vendors wanted to sell me products I didn’t need, rather than ones I did need. Getting back to basics and rethinking things is good—do I really need to attend that meeting or can I use videoconferencing? A lot of this is not technology-related, it’s people-related.”

Secure consulting

Thomas Parenty, managing director of Parenty Consulting, said he’d been in the security field for about 25 years and while the attack vectors of financial cyberattacks have changed, the fundamental principles of theft haven’t. “Spear-phishing is made easier by personal information gleaned from social networking sites like Facebook and MySpace,” said Parenty. “A newer version is whale-phishing, which targets higher-level executives.”

Parenty said that some of the latest malware included polymorphic keylogger software that include remote screen captures, and forged digital certificates—he described the latter as intellectually interesting, but not a threat yet.

He said that a bigger problem was the “lessons not learned”—including Nick Leeson’s single-handed destruction of Barings Bank, and today’s still unresolved PCI-compliance issues.

PCI-compliance is a “sensible, actionable requirement,” said Parenty. “It evolves over time and is domain-specific. But every company I’ve talked to views it as a burden rather than a security measure.” Parenty pointed out that it’s a compliance issue, and compliance itself is not security.

Orignal Author:

Computerworld Hong Kong staff

Comments

Please leave us your valuable comments
Login or Sign Up (free)

Similar

Related Articles

Recent popular content

knowledge_central_tab

Knowledge Central

Computerworld Hong Kong User Guide: Next-Generation Data Centers

Things you need to know for building a dynamic, green, and virtual infrastructure.

Delivering the business benefits of cloud with IP VPN

The role of IP VPN is a key enabler of cloud.

China Merchants Bank leads the credit card industry with SAS

China Merchants Bank (CMB), a pioneer of China’s credit card market, issues the largest volume of standard international credit cards in China. At the beginning of 2007, the CMB Credit Card Center began using SAS software to manage risks for its growing business.

Octopus Maximizes Business Opportunities

SAS enabled Octopus to increase its business by gathering intelligence from its data and then utilizing that intelligence to work for its retail customers.

Dollars and sense