One for All and All for Cyber Security

By Philip Pettinato | 3 June 2016

Cyber security has caught the attention of the board as no board member, CEO or CFO wants to see their company headlined in the news in association with the latest data breach. Unlike just a few years ago, IT security initiatives are increasingly driven from the top down, and it is more than the IT department that´s working on maintaining high security levels. Anti-fraud programs are commonly rolled out across the entire company and often lead to investments in cloud technology.

In general, there are three components to enterprise-wide security programs:

• The Control Framework – Companies define their security objectives, policies and procedures by putting in place a program, which spells out clear responsibilities and dictates central authentication. Internal and external audits such as SSAE16 SOC2 are conducted on a regular basis to ensure the thoroughness and effectiveness of the security program. Often ISO 27001/2 are used as the framework for security programs.

• Staff Training – Security threats often come from within an organization. The aim of the control framework is to make it difficult for employees to make mistakes. Training staff on the latest security policies and processes is key to preventing unintended behavior and internal fraud.

• Technology infrastructure – Keeping technology current is key to a company’s security program and an investment that pays back in dividends, so to speak. A mashup of outdated legacy technology, disparate systems and spreadsheets cannot stand up to cyber criminals who are constantly changing their techniques. Only technology that´s robust and updated regularly can effectively help in preventing hackers from stealing or destroying sensitive information.

The importance and urgency of security not only motivates corporations to review the programs they have in place, but it also instigates a review of technology.

How Cloud Technology Increases Treasury Security

As legacy technology is rarely able to support current industry standards for security, outdated technology leaves companies vulnerable to hackers. Additional risks arise if locally installed software is configured incorrectly and not updated regularly by the in-house IT team. Increasingly, companies are switching to cloud technology, including those arming up against cyberattacks.

It is important to note, though, that not all cloud technology is the same. The most popular form of cloud computing is SaaS (Software-as-a-Service), according to North Bridge Venture Partners´ 2015 Future of Cloud Survey. The adoption of SaaS technology has reached an all-time high of more than 77% in 2015. Among finance teams, SaaS treasury systems are not only popular for their cost-effective delivery model, but also because they deliver the highest level of security as a service.

Here are just a few ways cloud-based SaaS technology improves security:

• Expert security protection – Outsourcing applications to vendors that are expert in hosting software provides companies with a higher level of service defined in a Service Level Agreement (SLA). Companies benefit from the vendor’s economies of scale in areas like security protection, and the company’s investments in the most recent security technologies.

A few questions you might ask a reliable cloud treasury software partner are:

  • Are you working under or in alignment with the ISO 27000 framework?
  • Do you have regular SSAE16 SOC2 security audits? 
  • Are there internal security teams, regular staff trainings and an incident management plan?
  • What intrusion detection and prevention systems are implemented in the data center(s)?
  • How is financial data encrypted? What authentication system is used?
  • How is activity monitored to investigate anomalies?
  • Are outside firms periodically conducting security vulnerability assessments?
  • Latest technology – SaaS technology delivers value because its multi-tenancy benefits all users at the same time.  This community effect benefits both the vendor and the users as SaaS systems are highly responsive and automatically updated, so in addition to the latest functional capabilities, the latest security upgrades can be delivered quickly, and to everyone simultaneously.

Vendors of a single-version, multi-tenant SaaS application, like Reval, need to continuously meet the security standards of all clients in one environment. With installed software, however, security is set one by one, on an individual basis, so mistakes are more likely to happen and security vulnerabilities more likely exploited. Companies that stick to an outdated version of installed software, have neither the functional, nor the security improvements available to them.

  • Connectivity services – It´s not only the treasury software itself that needs to be current, but also all of its interfaces. Incorrectly configured or outdated interfaces to ERP systems, money market platforms, trading and matching platforms, bank portals or the SWIFT network can cause security holes. With SaaS cloud technology, companies pass the responsibility of connectivity to their software provider, rather than maintain various interfaces themselves, in-house. In this case, the cloud treasury software vendor provides connectivity services that include:
    • Configuration of interfaces to partner networks, ensuring it is implemented correctly
    • Implementation of any security updates that network partners provide
    • Data process security throughout the entire process.

As IT security initiatives often include a review of the company´s software stack, treasury professionals should consider the return on investment that cloud treasury technology, in particular SaaS, can deliver as hackers continuously up their game.

By Philip Pettinato, Chief Technology Officer, Reval.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development