Peter Hainz, global head of product management, cloud and managed services at SmartStream Technologies, discusses the importance of cloud security for capital markets firms, the specific problems SmartStream is solving for its clients with regard to cloud-based services, and best practices for software-as-a-service (SaaS) delivery models.
Many cloud conversations inevitably focus on providers’ security measures. What is SmartStream doing to ensure the integrity of its cloud-based services and clients’ data residing in the cloud?
Peter Hainz: Security is a top priority for every financial services firm and, as a result, SmartStream complies with the International Organization for Standardization’s (ISO’s) standard 27001, SOC 2 and the Payment Card Industry Data Security Standard (PCI DSS). SmartStream has, for example, multiple clients in Singapore where the Monetary Authority of Singapore imposes one of the most stringent regulatory regimes in the industry, and we are seeing more and more client requests when it comes to different flavors of encryption. As a result, we have developed various encryption workflows where, for example, clients can use their own key and encryption engine within their own cloud, to which we connect via application program interfaces (APIs). In a recent article published on the AWS website, Banking Apps Built on AWS, the security features cited are applied to SmartStream’s on-demand solution, such as reconciliations, corporate actions, collateral and cash management. All of these products enjoy state-of-the-art
monitoring, alerting and logging workflows.
What are the key cloud innovations that capital markets firms can utilize to ensure they stay ahead of the curve?
Peter Hainz: There are many that come to mind—artificial intelligence (AI), for example, which is perfect for the cloud because of its scalability and automation. AI, in combination with data lakes, is also a very powerful tool. With cloud automation and orchestration, financial institutions can spin up instances quickly, and they can conduct testing and innovative research based on secure cloud-native templates. Openness is another important trend, which typically includes setting up cloud-native APIs to leverage third-party tools. Banks are not always in a position where they can innovate by themselves, which means they need to connect to third parties such as fintech providers.
Data is currency, and we are hearing increasingly that banks have large volumes of data that can be used in data lakes. Machine learning in combination with data lakes and connecting to third parties can create a powerful ecosystem resulting in innovative and disruptive technologies. Naturally, innovative cloud security is of the utmost importance. The head of IT at a bank we worked with recently stated that they started moving back-office applications to the cloud because it is a much more secure environment and there are no silos. Also, in the cloud, you can more readily manage tech resources and implement software-defined networking, which limits the blast radius of any cyberattack.
What cloud-related problems are being solved by SmartStream for clients now, and how is it going about solving them? What are you hearing from clients?
Peter Hainz: There are a number of innovative projects on which SmartStream has been working recently. For example, we recently established a data lake based on Amazon Redshift [Amazon’s cloud data warehouse offering]. Data lakes allow clients to develop deeper insights from the wealth of data they have and establish more detailed reporting.
With regard to AI, at the end of 2019 we launched SmartStream Air, our AI-powered reconciliation platform, which can match any datasets, structured or unstructured, in a matter of seconds rather than weeks. With regard to security, midway through last year, SmartStream achieved the highest level of the PCI DSS certification, which means we are certified against one of the most trusted qualifications in the industry for solutions providers. Finally, with respect to automation and orchestration, we offer our clients templates to spin up instances extremely quickly for the purposes of new initiatives and disaster recovery.
What are the best practices for SaaS delivery models that providers need to be aware of so their SaaS-based offerings are genuinely fit for purpose and deliver the efficiencies they were designed to?
Peter Hainz: This is the feedback we receive from our clients: who is best placed to operate and maintain a transaction reconciliation platform or any other solution than the people who built it? SmartStream offers on-demand SaaS and business process outsourcing services that entail us running clients’ IT infrastructure in the cloud and providing administration and operational controls. Cloud onboarding and maintenance should be conducted by an experienced team of cloud subject matter experts and, in this regard, SmartStream’s team has extensive cloud industry-standard certifications. Amazon Web Services (AWS) is our preferred cloud partner. Therefore, I am AWS professional solutions architect, security and database specialty certified. Clients have to rely more on audits and attestations when it comes to SaaS solutions. Therefore, compliance with ISO 27001, SOC 2, PCI DSS and country-specific standards like the German C5 [cloud security standard] are very important.