RE: Work update
Date: Tue, 2 Sep 2003 16:04:33 +0100
MY God - you are brilliant.
I am sure you guys can fill Glyn's schedule for two hours!!!!
V
02 September 2003
01 September 2003
An Ecosystem - Just What European Resellers Need?
Ghost-written article for Edzard Overbeek, Cisco Systems EMEA.
Published in European Reseller magazine, UK/Europe, September 2003.
As if leveraging, ramping up, and creating ‘synergies’ weren’t enough business jargon to choke any IT expert, we are now creating 'ecosystems' for resellers in the European channel to market. Recent analysis by Martin Canning, VP, European Services Research, IDC EMEA, suggests that the current linear, hierarchical method for manufacturers to work with their channel partners may be retired by, of all people, the end users. Why? Quite simply, end users want to be able to contact just one person if something goes wrong, they need an upgrade or they have any questions. Traditionally, an organisation might deal with many resellers for different things. However, those days are gone.
Our ‘ecosystem’ functions like a human networking cocktail party hosted both in the real world and in cyberspace. The aim is to ensure that the perfect fusion of specialised IT knowledge is applied to each end-user scenario, reducing duplication of activities and therefore cost to the customer. This tackles the main issue for resellers in that it is impossible for them to be all things to everyone. It is also the reason why the majority of IT vendors employ a mixture of channel partners and systems integrators to provide the ultimate in business flexibility. Furthermore, the ecosystem tackles two other key concerns for resellers – overstocking and keeping up with ever-evolving technology. Both are part of the same problem - rapid advances in technology are almost impossible for an individual reseller to match, resulting in a supply chain beset with yesterday’s technology.
We encourage resellers to specialise, firstly to reduce overlap between rivals and secondly because competing on price alone is a recipe for disaster. Preventing such duplication of expertise is vital to ensure a seamless and profitable channel. The combined market opportunity for the extensive range of networking products, from routers and switches to wireless LAN solutions, is worth up to €64 billion for product sales, plus €30 billion for advanced services. No single vendor can possibly claim to do all this single-handedly, which is why an ecosystem of specialised, complimentary organisations is the ideal scenario. Our goal is to help give those organisations a slice of this action.
If that isn’t incentive enough, the focused ecosystem approach acknowledges the strengths of each player – whether software publisher, distributor, ISP, or reseller - working on any end-user requirement without bias. To reassure all concerned we invoke a “traffic light process,” ensuring that once a partner has been engaged on a project, no other player can muscle in.
In February this year we announced an expanded partnership agreement with US operator AT&T, where AT&T agreed to use our indirect sales partners to sell its advanced services. However, the ecosystem doesn’t solely benefit the reseller community. AT&T obtains access to more SMEs than ever before, regarded by many industry analysts as the "sweet spot" of the multi-billion Euro managed services market.
Far from being simply a new approach tagged with new jargon, the ecosystem presents genuine opportunities for all involved. These range from an increased customer base to carrying more up-to-date or varied solutions, or being able to access one specialised section of a massive IT project that had never been deemed possible in the past. It just goes to show – some buzzwords really are a hive of activity.
Published in European Reseller magazine, UK/Europe, September 2003.
As if leveraging, ramping up, and creating ‘synergies’ weren’t enough business jargon to choke any IT expert, we are now creating 'ecosystems' for resellers in the European channel to market. Recent analysis by Martin Canning, VP, European Services Research, IDC EMEA, suggests that the current linear, hierarchical method for manufacturers to work with their channel partners may be retired by, of all people, the end users. Why? Quite simply, end users want to be able to contact just one person if something goes wrong, they need an upgrade or they have any questions. Traditionally, an organisation might deal with many resellers for different things. However, those days are gone.
Our ‘ecosystem’ functions like a human networking cocktail party hosted both in the real world and in cyberspace. The aim is to ensure that the perfect fusion of specialised IT knowledge is applied to each end-user scenario, reducing duplication of activities and therefore cost to the customer. This tackles the main issue for resellers in that it is impossible for them to be all things to everyone. It is also the reason why the majority of IT vendors employ a mixture of channel partners and systems integrators to provide the ultimate in business flexibility. Furthermore, the ecosystem tackles two other key concerns for resellers – overstocking and keeping up with ever-evolving technology. Both are part of the same problem - rapid advances in technology are almost impossible for an individual reseller to match, resulting in a supply chain beset with yesterday’s technology.
We encourage resellers to specialise, firstly to reduce overlap between rivals and secondly because competing on price alone is a recipe for disaster. Preventing such duplication of expertise is vital to ensure a seamless and profitable channel. The combined market opportunity for the extensive range of networking products, from routers and switches to wireless LAN solutions, is worth up to €64 billion for product sales, plus €30 billion for advanced services. No single vendor can possibly claim to do all this single-handedly, which is why an ecosystem of specialised, complimentary organisations is the ideal scenario. Our goal is to help give those organisations a slice of this action.
If that isn’t incentive enough, the focused ecosystem approach acknowledges the strengths of each player – whether software publisher, distributor, ISP, or reseller - working on any end-user requirement without bias. To reassure all concerned we invoke a “traffic light process,” ensuring that once a partner has been engaged on a project, no other player can muscle in.
In February this year we announced an expanded partnership agreement with US operator AT&T, where AT&T agreed to use our indirect sales partners to sell its advanced services. However, the ecosystem doesn’t solely benefit the reseller community. AT&T obtains access to more SMEs than ever before, regarded by many industry analysts as the "sweet spot" of the multi-billion Euro managed services market.
Far from being simply a new approach tagged with new jargon, the ecosystem presents genuine opportunities for all involved. These range from an increased customer base to carrying more up-to-date or varied solutions, or being able to access one specialised section of a massive IT project that had never been deemed possible in the past. It just goes to show – some buzzwords really are a hive of activity.
01 August 2003
No Need for Basel to ‘Sex Up’ Storage
Ghost-written article for Geoff Love, Business Development, Storage Area Networks, Cisco Systems EMEA.
Published in Storage magazine, UK, August 2003.
Mention ‘storage’ to a non-IT person and you’ll inadvertently conjure up images of a garage, cobweb-ridden attic, or dusty, crate-filled museum basement. Even in business the image isn’t much better – a storeroom on the top floor, filled with little-used filing cabinets. Sadly the image of storage in IT terms hasn’t been that different until developments over recent years with the realisation that data (voice and video) is one of most valuable commodities within the business. Storage now plays a core role in protecting and managing the digital assets of an enterprise to ensure operational productivity. Storage Area Networks, ‘SANs’, in particular have helped to change the image of storage from that of the redundant cyber-filing cabinet into something more flexible, more dynamic, that can positively impact an organisation’s bottom-line. The much talked about Basel II Accord, which builds on original directives from 1998 and, whilst late in the game, brings a political stamp of approval to what many financial organisations were considering or already in the process of implementing anyway.
However, as Samuel Johnson once said, “Change does not come without inconvenience, even from worse to better”, and financial institutions falling under the scope of the Basel Accord now have a lot to think about. There is work to be done in terms of improving reporting mechanisms and public disclosure. Most of all, the introduction of operational risk as a part of the criteria on which organisations are assessed brings a host of new scenarios that not only need to be planned for, but also budgeted for.
Basel Brushes Up Legislation
The impact of the original Basel Committee on Banking Supervision was significant. In general, financial organisations were advised to put aside capital to counter two issues. Firstly, the adverse effects of changes in financial market prices, which included currencies, interest rates and liquidity amongst others. Secondly, under the umbrella of ‘credit risk’, the scenario where the value of a bank’s position is adversely affected by a change in the credit quality of a counter-party i.e. default, or by the bank being downgraded by a credit agency.
The new accord dwarfs the former one in terms of implications for day-to-day business. Senior IT staff will need to take a strategic view of risk management, aligning the business needs of the enterprise with the technologies required to enable adequate reporting, data collation, exceptions monitoring, and compliance reporting. From an IT perspective, the new regulatory environment will require a common risk methodology across the enterprise which, in turn, is based on common definitions and report formats. It includes ‘operational risk’, where a bank must literally brainstorm, anticipate, and allocate budget to contingencies against anything from a simple missed deadline that impacts revenue, to terrorism or an Act of God. The deadline for senior management to do this isn’t until 2006, but much of the IT-related work will need to be commenced before this year is out.
AXA Technology Services, for example, is already reaping the benefits of IP technology. During the summer of 2003 it began deploying Cisco SAN technology as part of a global consolidation of its ‘IT Competency Centres’. To give some sense of scale AXA has the challenge of storing information pertaining to the many insurance products and financial services it provides to over 50 million individuals and businesses around the world, totalling $65 billion in annual sales. Its business depends on the quality and security of this information, which no doubt it considered when choosing to move towards SAN.
Yet despite such complexities, this shift of information strategy has been relatively straightforward for AXA. It established a storage-over-IP infrastructure without incurring much incremental cost, because it already had an IP network in place. The beauty of IP is that in allowing voice, video and data all to run over a single network, the addition of SAN functionality was relatively uncomplicated.
As well as cost this is an important demonstration of how businesses can, in real terms, address the Basel II stipulations that information must be relayed to storage sites located beyond specified distances from organisations’ main sites. Moreover, it is noteworthy that this can be achieved without additional expense to a company’s existing IP or Fibre Channel networks. In fact, different such networks are no longer separate as Fibre Channel over IP (FCIP) can easily link Fibre Channel storage area networks (SAN).
Dealing With Operational Risk
Here storage, SANs and networking in general comes into its own. Delve into the detail of the Basel II Accord and the factors that financial organisations need to consider include failure of key vendors to fulfil contracts, data entry error, model or system mis-operation, hacking, lack of integration, utility or systems outage and, of course, natural catastrophe, vandalism, or terrorism. In short, those organisations already moving from a traditional ‘points of risk’ approach to one covering extended supply chains, viewing IT security in a non-compartmentalised manner, and planning safeguards will be ahead of the game. Little wonder then that almost 40 per cent of UK banks consider enterprise-wide, data warehouse development a high priority, and 20 per cent consider implementing an integrated collateral management system similarly urgent.
One of the likely impacts of Basel II will be a massive increase in data storage. While Basel is an affirmation of what financial organisations should, and have been doing anyway, it is shifting the focus away from hardware-based resilience and simple backup solutions to end-to-end IT architectures that are resilient to data corruption or loss. The nature of this vertical sector means that SANs are ideally suited to multiple enterprise environments, especially those that have multiple locations globally, need to integrate with other organisations, and have business-critical systems, some of which being customer facing. The security and reliability of the network becomes paramount as more business critical information is held electronically.
These are some of the reasons why Euronext.Liffe, the derivatives business of Euronext, used Cisco to network its London and Paris data centres, backing up information to each other – despite being 650 kilometres apart.
SANity Check for CEOs, CFOs and CIOs Alike
Financial organisations responding to Basel or their own objectives to contingency plan may well look outside their organisation for help.
Using focus groups to identify ‘hot’ issues which cause the most headaches for IT managers, Cisco found three main areas of concern: the sheer task of managing large, disparate islands of storage from multiple physical and virtual locations; dealing with the complexity of maintaining scheduled backups for multiple systems or preparing for unscheduled system outages; and the inability to share storage resources for utility. In addition, IT managers complained of a shortage of qualified professionals to manage storage, and went on to admit confusion over the choice of storage technology alternatives. Further pressure is being brought to bear as IT budgets are continually restricted, and the IT department is put under more scrutiny than ever before.
One common concern is that as Basel II comes to fruition, the financial services sector will have less time, little money, and in some cases insufficient expertise to cope in-house. Worse still, in some cases different teams manage networks and storage, which is against the flow of networking evolution. At the same time, IT industry opinion is that direct attached storage is on the way out, and that SANs trump them anyway in terms of lowered cost of ownership, increased return on investment, and the ability to provide CRM, ERP, or even the basic e-mail function.
Spice Up Your Organisation with Basel II
Basel will not create panic in the financial services sector. It is not a reason for stomachs to churn, nor a dictatorial directive coming from ‘bureaucrats in Europe’. In most cases it will enforce banks’ existing or intended risk management strategies, but it is also an opportunity. Following a methodology to ensure compliance with Basel will be surprisingly satisfying. Assessing the current capability of an organisation’s network and identifying the weak points is something that is probably already completed. It might also be advisable to plan for significant increases in data storage requirements, and for a redesign of data warehouse and associated security issues. Again, this is part of best practice that IT managers will probably want to do anyway. Compliance with Basel also allows organisations to standardise their networks onto single integrated IP infrastructures, using SANs to enable them to maximise network and information management.
Given these benefits, perhaps it’s no surprise the market for SAN-attached storage in 2005 is expected to exceed US$22 billion – three million terabytes of data. Total cost of ownership of a SAN is typically less than half that of a traditional direct-attached solution, and backup and recovery applications can be much easier managed in a SAN environment. Then consider the perils of downtime that Basel is designed to help financial organisations avoid. In the specialisation of financial brokerage, unplanned downtime can cost an organisation US$6.5 million per hour, not to mention damage to other important areas such as reputation and brand. Basel will offer financial organisations validity for their risk management process, a chance for in-house IT staff to improve their lot, and a reason for the IT industry to get excited about what used to be one of its least glamorous specialisations.
Published in Storage magazine, UK, August 2003.
Mention ‘storage’ to a non-IT person and you’ll inadvertently conjure up images of a garage, cobweb-ridden attic, or dusty, crate-filled museum basement. Even in business the image isn’t much better – a storeroom on the top floor, filled with little-used filing cabinets. Sadly the image of storage in IT terms hasn’t been that different until developments over recent years with the realisation that data (voice and video) is one of most valuable commodities within the business. Storage now plays a core role in protecting and managing the digital assets of an enterprise to ensure operational productivity. Storage Area Networks, ‘SANs’, in particular have helped to change the image of storage from that of the redundant cyber-filing cabinet into something more flexible, more dynamic, that can positively impact an organisation’s bottom-line. The much talked about Basel II Accord, which builds on original directives from 1998 and, whilst late in the game, brings a political stamp of approval to what many financial organisations were considering or already in the process of implementing anyway.
However, as Samuel Johnson once said, “Change does not come without inconvenience, even from worse to better”, and financial institutions falling under the scope of the Basel Accord now have a lot to think about. There is work to be done in terms of improving reporting mechanisms and public disclosure. Most of all, the introduction of operational risk as a part of the criteria on which organisations are assessed brings a host of new scenarios that not only need to be planned for, but also budgeted for.
Basel Brushes Up Legislation
The impact of the original Basel Committee on Banking Supervision was significant. In general, financial organisations were advised to put aside capital to counter two issues. Firstly, the adverse effects of changes in financial market prices, which included currencies, interest rates and liquidity amongst others. Secondly, under the umbrella of ‘credit risk’, the scenario where the value of a bank’s position is adversely affected by a change in the credit quality of a counter-party i.e. default, or by the bank being downgraded by a credit agency.
The new accord dwarfs the former one in terms of implications for day-to-day business. Senior IT staff will need to take a strategic view of risk management, aligning the business needs of the enterprise with the technologies required to enable adequate reporting, data collation, exceptions monitoring, and compliance reporting. From an IT perspective, the new regulatory environment will require a common risk methodology across the enterprise which, in turn, is based on common definitions and report formats. It includes ‘operational risk’, where a bank must literally brainstorm, anticipate, and allocate budget to contingencies against anything from a simple missed deadline that impacts revenue, to terrorism or an Act of God. The deadline for senior management to do this isn’t until 2006, but much of the IT-related work will need to be commenced before this year is out.
AXA Technology Services, for example, is already reaping the benefits of IP technology. During the summer of 2003 it began deploying Cisco SAN technology as part of a global consolidation of its ‘IT Competency Centres’. To give some sense of scale AXA has the challenge of storing information pertaining to the many insurance products and financial services it provides to over 50 million individuals and businesses around the world, totalling $65 billion in annual sales. Its business depends on the quality and security of this information, which no doubt it considered when choosing to move towards SAN.
Yet despite such complexities, this shift of information strategy has been relatively straightforward for AXA. It established a storage-over-IP infrastructure without incurring much incremental cost, because it already had an IP network in place. The beauty of IP is that in allowing voice, video and data all to run over a single network, the addition of SAN functionality was relatively uncomplicated.
As well as cost this is an important demonstration of how businesses can, in real terms, address the Basel II stipulations that information must be relayed to storage sites located beyond specified distances from organisations’ main sites. Moreover, it is noteworthy that this can be achieved without additional expense to a company’s existing IP or Fibre Channel networks. In fact, different such networks are no longer separate as Fibre Channel over IP (FCIP) can easily link Fibre Channel storage area networks (SAN).
Dealing With Operational Risk
Here storage, SANs and networking in general comes into its own. Delve into the detail of the Basel II Accord and the factors that financial organisations need to consider include failure of key vendors to fulfil contracts, data entry error, model or system mis-operation, hacking, lack of integration, utility or systems outage and, of course, natural catastrophe, vandalism, or terrorism. In short, those organisations already moving from a traditional ‘points of risk’ approach to one covering extended supply chains, viewing IT security in a non-compartmentalised manner, and planning safeguards will be ahead of the game. Little wonder then that almost 40 per cent of UK banks consider enterprise-wide, data warehouse development a high priority, and 20 per cent consider implementing an integrated collateral management system similarly urgent.
One of the likely impacts of Basel II will be a massive increase in data storage. While Basel is an affirmation of what financial organisations should, and have been doing anyway, it is shifting the focus away from hardware-based resilience and simple backup solutions to end-to-end IT architectures that are resilient to data corruption or loss. The nature of this vertical sector means that SANs are ideally suited to multiple enterprise environments, especially those that have multiple locations globally, need to integrate with other organisations, and have business-critical systems, some of which being customer facing. The security and reliability of the network becomes paramount as more business critical information is held electronically.
These are some of the reasons why Euronext.Liffe, the derivatives business of Euronext, used Cisco to network its London and Paris data centres, backing up information to each other – despite being 650 kilometres apart.
SANity Check for CEOs, CFOs and CIOs Alike
Financial organisations responding to Basel or their own objectives to contingency plan may well look outside their organisation for help.
Using focus groups to identify ‘hot’ issues which cause the most headaches for IT managers, Cisco found three main areas of concern: the sheer task of managing large, disparate islands of storage from multiple physical and virtual locations; dealing with the complexity of maintaining scheduled backups for multiple systems or preparing for unscheduled system outages; and the inability to share storage resources for utility. In addition, IT managers complained of a shortage of qualified professionals to manage storage, and went on to admit confusion over the choice of storage technology alternatives. Further pressure is being brought to bear as IT budgets are continually restricted, and the IT department is put under more scrutiny than ever before.
One common concern is that as Basel II comes to fruition, the financial services sector will have less time, little money, and in some cases insufficient expertise to cope in-house. Worse still, in some cases different teams manage networks and storage, which is against the flow of networking evolution. At the same time, IT industry opinion is that direct attached storage is on the way out, and that SANs trump them anyway in terms of lowered cost of ownership, increased return on investment, and the ability to provide CRM, ERP, or even the basic e-mail function.
Spice Up Your Organisation with Basel II
Basel will not create panic in the financial services sector. It is not a reason for stomachs to churn, nor a dictatorial directive coming from ‘bureaucrats in Europe’. In most cases it will enforce banks’ existing or intended risk management strategies, but it is also an opportunity. Following a methodology to ensure compliance with Basel will be surprisingly satisfying. Assessing the current capability of an organisation’s network and identifying the weak points is something that is probably already completed. It might also be advisable to plan for significant increases in data storage requirements, and for a redesign of data warehouse and associated security issues. Again, this is part of best practice that IT managers will probably want to do anyway. Compliance with Basel also allows organisations to standardise their networks onto single integrated IP infrastructures, using SANs to enable them to maximise network and information management.
Given these benefits, perhaps it’s no surprise the market for SAN-attached storage in 2005 is expected to exceed US$22 billion – three million terabytes of data. Total cost of ownership of a SAN is typically less than half that of a traditional direct-attached solution, and backup and recovery applications can be much easier managed in a SAN environment. Then consider the perils of downtime that Basel is designed to help financial organisations avoid. In the specialisation of financial brokerage, unplanned downtime can cost an organisation US$6.5 million per hour, not to mention damage to other important areas such as reputation and brand. Basel will offer financial organisations validity for their risk management process, a chance for in-house IT staff to improve their lot, and a reason for the IT industry to get excited about what used to be one of its least glamorous specialisations.
22 July 2003
Thales e-Security Takes BACS to the Future
Case study written for Thales, UK, July 2003.
The key issue associated with making financial payments electronically is security, whether simple transactions between two parties via debit or credit card, or payment via the internet. ‘Skimming’ of consumers’ credit cards in restaurants and other retail outlets, misdirected payments via the internet, and fraud on a much grander scale are all issues that have hit the headlines this year alone. The responsibility for securing such payments, whatever the size, is a daunting task for any individual or organisation. Imagine then, undertaking to supply the security solution to the Bankers Automated Clearing System (BACS).
BACS is the organisation - owned by all the major UK clearing banks and building societies - that processes the majority of business-related electronic funds transfers in the UK. For example, every month businesses in the UK perform the payroll operations for their personnel, triggering thousands of money transfers as staff salaries are paid directly into their bank accounts. This is just part of what BACS does and by the end of the year, BACS will have processed more than 14,400,000,000 direct debit and direct credit payments on behalf of over 100,000 UK businesses.
With such an important system there is no margin for error, given that any difficulties could potentially affect all UK businesses. It is therefore great testimony to BACS that its payment delivery system, BACSTEL, has been almost 100 per cent reliable since its inception more than two decades ago. However, by early 2002, the BACS board had concluded that the BACSTEL infrastructure should be upgraded as the first stage of a comprehensive technology upgrade plan for all BACS systems. In 2002 BACS migrated BACSTEL’s infrastructure to run on internet protocol (IP), enabling BACS to offer a wider range of services to business users, as well as an improvement in existing services. These services would lead to cost savings for the UK businesses that used BACSTEL-IP, and with the flexibility of IP, would make it much quicker and easier to incorporate new payment services in the future.
However, BACSTEL-IP had to be secure, as the sheer quantity of payments and sums of money on the system made security critical. Further, the security solution had to fulfil a number of criteria in addition to simply authenticating UK businesses as they accessed the system. It had to be able to trace all the transactions made on the system if needed, and secondly for every transaction it needed to produce an audit trail. The size of the project also made it daunting – the solution had to be able to scale to a total of 500,000 users and up to 100 million payment items per day. Perhaps most complex of all, it would have to interoperate with 12 banks, operating seven different public key infrastructure (PKI) systems with five different smart card manufacturers. BACS called on Thales e-Security to help them secure the future of UK business electronic payments.
Thales e-Security’s implementation of the project was a true team effort. The Thales e-Security project team worked closely with the other vendors involved, as well as the BACS technical design and implementation teams, throughout the development cycle. This minimised the project risk, and ensured successful on-time delivery of the complete solution. BACS’ project security team had already recommended using smart cards to enable the solution. Once approved by the member banks and BACS senior management, the project was trialed with Royal Bank of Scotland for four months before being rolled out to all other member banks in the UK. Hardware and Thales software was installed around the UK by BACS approved solution suppliers.
In order to support the simultaneous connection to 12 banks required by BACSTEL-IP, Thales e-Security worked closely with BACS to develop the fourth generation of its digital signature messaging system, AssureTransaction. UK businesses wishing to organise payments via BACSTEL-IP from their office are issued the cryptographic smart card by their bank. That smart card is then used to digitally authenticate all payment instructions, tying them to the signer and ensuring that they cannot be accidentally or deliberately altered. Each bank was given the flexibility to select its own public key infrastructure (PKI) for the issuing of the digital certificates used on this card.
AssureTransaction ensures compatibility with all relevant PKI standards by verifying each transaction against the set of rules defined by the bank that issued the smart card being used to sign the transaction. It authenticates the smart card holder by generating a random number. The cardholder responds by signing the logon challenge using the smart card together with his or her secret PIN, a so-called two-factor authentication. AssureTransaction then cryptographically confirms the identity against the cardholder’s public key certificate, and validates this in real time with the issuing bank. Similarly, all payment requests and other transactions submitted to BACS are digitally signed by the user with his smart card and PIN, and verified in real time. AssureTransaction also digitally signs the reports sent by BACS to users, so that the user knows he or she can rely on the contents of the report.
Since all digital certificates used are verified in real time against the issuing bank, lost or stolen cards cannot be used to sign transactions, and changes in employee status are reflected in the system as soon as the bank is made aware of them. This substantially reduces the risk of fraud compared to the old system. Varying levels of security access are supported for different personnel working in the banks or businesses using the system.
After the system had been rolled out, BACS surveyed its member banks for their opinion on the new technology and its impact on their business. The results were very promising. Over 75 per cent of users expressed the intention to migrate to the new solution as soon as it was available to them. In the same survey, users rated the enhanced security of the new system the number one benefit to their business. Users particularly valued the ability to tightly define payment permissions for individuals in the business, allowing delegation of signing responsibility to specific cardholders within subsidiaries or departments whilst retaining full control at a corporate level. All in all, the feedback was so positive that BACS now intends to work again with Thales e-Security to develop and implement further service enhancements in the future.
The key issue associated with making financial payments electronically is security, whether simple transactions between two parties via debit or credit card, or payment via the internet. ‘Skimming’ of consumers’ credit cards in restaurants and other retail outlets, misdirected payments via the internet, and fraud on a much grander scale are all issues that have hit the headlines this year alone. The responsibility for securing such payments, whatever the size, is a daunting task for any individual or organisation. Imagine then, undertaking to supply the security solution to the Bankers Automated Clearing System (BACS).
BACS is the organisation - owned by all the major UK clearing banks and building societies - that processes the majority of business-related electronic funds transfers in the UK. For example, every month businesses in the UK perform the payroll operations for their personnel, triggering thousands of money transfers as staff salaries are paid directly into their bank accounts. This is just part of what BACS does and by the end of the year, BACS will have processed more than 14,400,000,000 direct debit and direct credit payments on behalf of over 100,000 UK businesses.
With such an important system there is no margin for error, given that any difficulties could potentially affect all UK businesses. It is therefore great testimony to BACS that its payment delivery system, BACSTEL, has been almost 100 per cent reliable since its inception more than two decades ago. However, by early 2002, the BACS board had concluded that the BACSTEL infrastructure should be upgraded as the first stage of a comprehensive technology upgrade plan for all BACS systems. In 2002 BACS migrated BACSTEL’s infrastructure to run on internet protocol (IP), enabling BACS to offer a wider range of services to business users, as well as an improvement in existing services. These services would lead to cost savings for the UK businesses that used BACSTEL-IP, and with the flexibility of IP, would make it much quicker and easier to incorporate new payment services in the future.
However, BACSTEL-IP had to be secure, as the sheer quantity of payments and sums of money on the system made security critical. Further, the security solution had to fulfil a number of criteria in addition to simply authenticating UK businesses as they accessed the system. It had to be able to trace all the transactions made on the system if needed, and secondly for every transaction it needed to produce an audit trail. The size of the project also made it daunting – the solution had to be able to scale to a total of 500,000 users and up to 100 million payment items per day. Perhaps most complex of all, it would have to interoperate with 12 banks, operating seven different public key infrastructure (PKI) systems with five different smart card manufacturers. BACS called on Thales e-Security to help them secure the future of UK business electronic payments.
Thales e-Security’s implementation of the project was a true team effort. The Thales e-Security project team worked closely with the other vendors involved, as well as the BACS technical design and implementation teams, throughout the development cycle. This minimised the project risk, and ensured successful on-time delivery of the complete solution. BACS’ project security team had already recommended using smart cards to enable the solution. Once approved by the member banks and BACS senior management, the project was trialed with Royal Bank of Scotland for four months before being rolled out to all other member banks in the UK. Hardware and Thales software was installed around the UK by BACS approved solution suppliers.
In order to support the simultaneous connection to 12 banks required by BACSTEL-IP, Thales e-Security worked closely with BACS to develop the fourth generation of its digital signature messaging system, AssureTransaction. UK businesses wishing to organise payments via BACSTEL-IP from their office are issued the cryptographic smart card by their bank. That smart card is then used to digitally authenticate all payment instructions, tying them to the signer and ensuring that they cannot be accidentally or deliberately altered. Each bank was given the flexibility to select its own public key infrastructure (PKI) for the issuing of the digital certificates used on this card.
AssureTransaction ensures compatibility with all relevant PKI standards by verifying each transaction against the set of rules defined by the bank that issued the smart card being used to sign the transaction. It authenticates the smart card holder by generating a random number. The cardholder responds by signing the logon challenge using the smart card together with his or her secret PIN, a so-called two-factor authentication. AssureTransaction then cryptographically confirms the identity against the cardholder’s public key certificate, and validates this in real time with the issuing bank. Similarly, all payment requests and other transactions submitted to BACS are digitally signed by the user with his smart card and PIN, and verified in real time. AssureTransaction also digitally signs the reports sent by BACS to users, so that the user knows he or she can rely on the contents of the report.
Since all digital certificates used are verified in real time against the issuing bank, lost or stolen cards cannot be used to sign transactions, and changes in employee status are reflected in the system as soon as the bank is made aware of them. This substantially reduces the risk of fraud compared to the old system. Varying levels of security access are supported for different personnel working in the banks or businesses using the system.
After the system had been rolled out, BACS surveyed its member banks for their opinion on the new technology and its impact on their business. The results were very promising. Over 75 per cent of users expressed the intention to migrate to the new solution as soon as it was available to them. In the same survey, users rated the enhanced security of the new system the number one benefit to their business. Users particularly valued the ability to tightly define payment permissions for individuals in the business, allowing delegation of signing responsibility to specific cardholders within subsidiaries or departments whilst retaining full control at a corporate level. All in all, the feedback was so positive that BACS now intends to work again with Thales e-Security to develop and implement further service enhancements in the future.
Salmon Helps PRI Swim Upstream
PR case study written for Salmon, July 2003.
The founders of PRI, one of the latest start-up companies to enter the UK and European insurance market, needed to achieve the impossible. Not only did they need to secure £130 million in funding from investors before a tangible company even existed, they also planned to use a new insurance underwriting application that was more advanced than any other available in the market, and would shake up the way that underwriting business was conducted.
This underwriting application would allow PRI to gain a significant competitive advantage, and also underpin the business model PRI wrote to engender a favourable impression from two key audiences. The first audience would be the potential investors in the company, and the second the Financial Services Authority (FSA), who had the power to offer or decline PRI’s accreditation and thus would decide whether or not PRI could legally trade once it was up-and-running. Within one year of trading PRI was so successful that it was snapped up by Brit, one of the UK’s largest insurance organisations, giving all PRI shareholders a healthy profit and demonstrating that such a complex application could be written from scratch, installed, and used to deliver return on investment within eight months.
In Spring 2002, founders Andreas Loucaides (now CEO) and Peter Matson (now Chief Underwriting Director) developed a radical new business case for a new insurance company. They intended to outsource absolutely everything possible, leaving only the specialised skill sets of professional underwriters untouched. While on paper this was recognised as being the ideal model, it relied upon back office operation, which was an integral part of the infrastructure that contributed to the stability and credibility of the company. This would be critical when Loucaides et al presented to the various financial institutions to secure investment, and later had to apply to the FSA for accreditation. It also had an impact on which organisation PRI would choose to outsource to, because its reputation and brand values would be considered crucial factors in determining PRI’s likelihood of success.
The outsourcing brief was won by the Ins-sure Services operating company, part of Xchanging, a business process outsourcing (BPO) organisation. Ins-sure accepted that everything including PRI’s office premises, furniture, fittings, and IT infrastructure would be outsourced to them. In turn, Xchanging put out to competitive tender the building of the underwriting application that was to be a crucial element in the overall integrated insurance system that Xchanging was offering to PRI. With its proven track record of delivering complex projects on time and to budget, Xchanging chose Salmon, a systems integration organisation, to build the underwriting application. Louciades explains, “By this time the investors also had a say in which organisation was chosen. They agreed that Salmon would be the right company to go with in addition to being more cost-effective than a previous company we had approached, but which was unable to deliver the required guarantees for service. The pressure was on, because PRI still had to be operational and trading no later than 1st September 2002, so we chose to use a temporary solution until January 2003 to allow Salmon enough time to deliver exactly what we needed. From the outset Salmon was very honest and transparent about delivering on time and to budget, which was important for us.”
Salmon’s work was to be the cornerstone to Xchanging’s outsourcing deal with PRI. Every insurance company has to have an insurance underwriting operational system that is relevant to all markets the company operates in, and compatible with the other applications. “It was critical that the application Salmon designed would enable us to deliver services to the standard we intended, given our revenue projections in the business case,” explains Louciades. “For example, without Salmon, debit notes and broker notes would have to be produced in another way, which adds time and administration into the underwriters’ day-to-day processes. The underwriting application would have an impact on every part of our business. This is why our investors had also expressed concerns that in the past, other insurance companies had underestimated the importance of this part of the business to the extent that it developed into a serious weakness over time.”
Within just nine months, Salmon delivered the underwriting application on time and to budget. Among the most significant hurdles that Salmon had to overcome was defining the application brief. Simon Ball, Salmon’s commercial director, explains: “Louciades is a visionary who intended PRI’s way of working to have beneficial long-term impact on underwriting in the UK. However, because the underwriting status quo hadn’t been challenged in years, PRI was more able to describe the shortcomings of the current system than the ideal new system. As a result, the application brief was defined over a longer period and almost by a process of elimination, during which we realised the work we were doing was going to be perceived as controversial by the insurance industry. Underwriters would be held more accountable for the work they did, and our application would record all the complex detail of every underwriting contract, to prevent issues caused by claims made by PRI’s clients in the future.”
This was also to be part of the challenge for Louciades. “The brief we gave Salmon meant they would come up with an application unlike any other,” he says. “Furthermore, it required slightly more of the individual underwriter’s time to use it, because it encouraged the recording of as much data as possible. We wanted to be able to maintain business continuity over decades regardless of which underwriters dealt with a particular contract in the future. Additionally we could see that the FSA and issues such as corporate social responsibility were going to play a role in shaping the insurance industry sooner rather than later. That said, user buy-in of the application was essential because the data inputted would later be cross-referenced alone and with other business applications. This would end up as part of the overall information management that would help deliver PRI’s competitive advantage. The fact that all information was stored in soft copy was also going to save PRI thousands of pounds in physical storage space. The application just had to work, or the business case put to both the investors and the FSA would unravel.”
Salmon had to bear all this in mind while writing the application that broke the mould for underwriting systems. However, Salmon’s multi-sector experience gave it an objective stance that perfectly complemented PRI’s visionary aims. A prime example of this was Salmon’s ability to deliver a web-based architecture as opposed to the standard client server based applications that are prevalent throughout the insurance sector. While some insurance firms might have a GUI front end, Salmon was able to deliver an advanced Java based architecture which few SIs in the insurance sector have experience of implementing.
It was paramount that Salmon delivered on all its promises at the soonest opportunity. This included breaking insurance sector history by devising a way to link the application directly to PRI’s document repository i.e. document management system, delivered by Xchanging. This was part of the automation Salmon built into the business processes required by the application, to compensate for the fact that underwriters charged by time and could afford to spend fewer hours with smaller underwriting projects. At the same time it would make PRI as a business more accurate, more accountable and more dynamic by enabling appropriate levels of information recording and sharing.
Weekly liaison between Salmon, Xchanging and PRI enabled a better understanding of the needs of the business, and the delivery of a complex yet user-friendly application. Underwriters populated the system the first time they logged on with a unique user ID and password, ensuring that initial access of the system was staggered, thereby avoiding any potential bottlenecks in data retrieval. They have freedom to customise the style and format of their individual GUI, but are governed by rules set in the system that dictate which information each individual has access to. Each underwriter is allocated an ‘identifier’ that associates them with a particular client company or companies, enabling free navigation of all necessary information for that company but simultaneously prohibiting access into other client company information. The system also automatically enforces varying levels of security access, so that authority for particular actions or documents is escalated to the appropriate level of management hierarchy. Similarly, each underwriter can customise document production and automated quotations, but only within parameters set at company level to ensure all necessary rules and regulations are adhered to. The system either displays an appropriate error message, or automatically logs out any user attempting to exceed their authority.
Individual underwriting documents are developed from a PDF or Microsoft Word template that automatically specifies field content and business actions the underwriter needs to complete. Paragraphs of copy are saved in a central repository that can be accessed by underwriters from different parts of the business, preventing unnecessary duplication of information that, if left unchecked, would use a disproportionately large quantity of storage space. The copy is stored in rich-text format to make it as flexible as possible and, because it is held centrally, can be updated in line with changes in legislation that affect the UK insurance market.
Perhaps the part of the application delivered by Salmon that had the most impact is the quotation rules engine. This helps underwriters develop project quotations almost automatically, by inviting as many details as possible to be inputted by the underwriter, before applying XML-based rules to any given situation to form the quotation.
The application’s computer architecture is based on J2EE standards for web applications written in Java, and both the data and application run on Sun Solaris central application servers using Oracle web server software. The modular application framework means that PRI can have system components added or removed without the need for reworking, and new software can be deployed easily. Again, this ensures rapid reaction to new legislation. In all, Salmon delivered a revolutionary application within nine months from a standing start.
The founders of PRI, one of the latest start-up companies to enter the UK and European insurance market, needed to achieve the impossible. Not only did they need to secure £130 million in funding from investors before a tangible company even existed, they also planned to use a new insurance underwriting application that was more advanced than any other available in the market, and would shake up the way that underwriting business was conducted.
This underwriting application would allow PRI to gain a significant competitive advantage, and also underpin the business model PRI wrote to engender a favourable impression from two key audiences. The first audience would be the potential investors in the company, and the second the Financial Services Authority (FSA), who had the power to offer or decline PRI’s accreditation and thus would decide whether or not PRI could legally trade once it was up-and-running. Within one year of trading PRI was so successful that it was snapped up by Brit, one of the UK’s largest insurance organisations, giving all PRI shareholders a healthy profit and demonstrating that such a complex application could be written from scratch, installed, and used to deliver return on investment within eight months.
In Spring 2002, founders Andreas Loucaides (now CEO) and Peter Matson (now Chief Underwriting Director) developed a radical new business case for a new insurance company. They intended to outsource absolutely everything possible, leaving only the specialised skill sets of professional underwriters untouched. While on paper this was recognised as being the ideal model, it relied upon back office operation, which was an integral part of the infrastructure that contributed to the stability and credibility of the company. This would be critical when Loucaides et al presented to the various financial institutions to secure investment, and later had to apply to the FSA for accreditation. It also had an impact on which organisation PRI would choose to outsource to, because its reputation and brand values would be considered crucial factors in determining PRI’s likelihood of success.
The outsourcing brief was won by the Ins-sure Services operating company, part of Xchanging, a business process outsourcing (BPO) organisation. Ins-sure accepted that everything including PRI’s office premises, furniture, fittings, and IT infrastructure would be outsourced to them. In turn, Xchanging put out to competitive tender the building of the underwriting application that was to be a crucial element in the overall integrated insurance system that Xchanging was offering to PRI. With its proven track record of delivering complex projects on time and to budget, Xchanging chose Salmon, a systems integration organisation, to build the underwriting application. Louciades explains, “By this time the investors also had a say in which organisation was chosen. They agreed that Salmon would be the right company to go with in addition to being more cost-effective than a previous company we had approached, but which was unable to deliver the required guarantees for service. The pressure was on, because PRI still had to be operational and trading no later than 1st September 2002, so we chose to use a temporary solution until January 2003 to allow Salmon enough time to deliver exactly what we needed. From the outset Salmon was very honest and transparent about delivering on time and to budget, which was important for us.”
Salmon’s work was to be the cornerstone to Xchanging’s outsourcing deal with PRI. Every insurance company has to have an insurance underwriting operational system that is relevant to all markets the company operates in, and compatible with the other applications. “It was critical that the application Salmon designed would enable us to deliver services to the standard we intended, given our revenue projections in the business case,” explains Louciades. “For example, without Salmon, debit notes and broker notes would have to be produced in another way, which adds time and administration into the underwriters’ day-to-day processes. The underwriting application would have an impact on every part of our business. This is why our investors had also expressed concerns that in the past, other insurance companies had underestimated the importance of this part of the business to the extent that it developed into a serious weakness over time.”
Within just nine months, Salmon delivered the underwriting application on time and to budget. Among the most significant hurdles that Salmon had to overcome was defining the application brief. Simon Ball, Salmon’s commercial director, explains: “Louciades is a visionary who intended PRI’s way of working to have beneficial long-term impact on underwriting in the UK. However, because the underwriting status quo hadn’t been challenged in years, PRI was more able to describe the shortcomings of the current system than the ideal new system. As a result, the application brief was defined over a longer period and almost by a process of elimination, during which we realised the work we were doing was going to be perceived as controversial by the insurance industry. Underwriters would be held more accountable for the work they did, and our application would record all the complex detail of every underwriting contract, to prevent issues caused by claims made by PRI’s clients in the future.”
This was also to be part of the challenge for Louciades. “The brief we gave Salmon meant they would come up with an application unlike any other,” he says. “Furthermore, it required slightly more of the individual underwriter’s time to use it, because it encouraged the recording of as much data as possible. We wanted to be able to maintain business continuity over decades regardless of which underwriters dealt with a particular contract in the future. Additionally we could see that the FSA and issues such as corporate social responsibility were going to play a role in shaping the insurance industry sooner rather than later. That said, user buy-in of the application was essential because the data inputted would later be cross-referenced alone and with other business applications. This would end up as part of the overall information management that would help deliver PRI’s competitive advantage. The fact that all information was stored in soft copy was also going to save PRI thousands of pounds in physical storage space. The application just had to work, or the business case put to both the investors and the FSA would unravel.”
Salmon had to bear all this in mind while writing the application that broke the mould for underwriting systems. However, Salmon’s multi-sector experience gave it an objective stance that perfectly complemented PRI’s visionary aims. A prime example of this was Salmon’s ability to deliver a web-based architecture as opposed to the standard client server based applications that are prevalent throughout the insurance sector. While some insurance firms might have a GUI front end, Salmon was able to deliver an advanced Java based architecture which few SIs in the insurance sector have experience of implementing.
It was paramount that Salmon delivered on all its promises at the soonest opportunity. This included breaking insurance sector history by devising a way to link the application directly to PRI’s document repository i.e. document management system, delivered by Xchanging. This was part of the automation Salmon built into the business processes required by the application, to compensate for the fact that underwriters charged by time and could afford to spend fewer hours with smaller underwriting projects. At the same time it would make PRI as a business more accurate, more accountable and more dynamic by enabling appropriate levels of information recording and sharing.
Weekly liaison between Salmon, Xchanging and PRI enabled a better understanding of the needs of the business, and the delivery of a complex yet user-friendly application. Underwriters populated the system the first time they logged on with a unique user ID and password, ensuring that initial access of the system was staggered, thereby avoiding any potential bottlenecks in data retrieval. They have freedom to customise the style and format of their individual GUI, but are governed by rules set in the system that dictate which information each individual has access to. Each underwriter is allocated an ‘identifier’ that associates them with a particular client company or companies, enabling free navigation of all necessary information for that company but simultaneously prohibiting access into other client company information. The system also automatically enforces varying levels of security access, so that authority for particular actions or documents is escalated to the appropriate level of management hierarchy. Similarly, each underwriter can customise document production and automated quotations, but only within parameters set at company level to ensure all necessary rules and regulations are adhered to. The system either displays an appropriate error message, or automatically logs out any user attempting to exceed their authority.
Individual underwriting documents are developed from a PDF or Microsoft Word template that automatically specifies field content and business actions the underwriter needs to complete. Paragraphs of copy are saved in a central repository that can be accessed by underwriters from different parts of the business, preventing unnecessary duplication of information that, if left unchecked, would use a disproportionately large quantity of storage space. The copy is stored in rich-text format to make it as flexible as possible and, because it is held centrally, can be updated in line with changes in legislation that affect the UK insurance market.
Perhaps the part of the application delivered by Salmon that had the most impact is the quotation rules engine. This helps underwriters develop project quotations almost automatically, by inviting as many details as possible to be inputted by the underwriter, before applying XML-based rules to any given situation to form the quotation.
The application’s computer architecture is based on J2EE standards for web applications written in Java, and both the data and application run on Sun Solaris central application servers using Oracle web server software. The modular application framework means that PRI can have system components added or removed without the need for reworking, and new software can be deployed easily. Again, this ensures rapid reaction to new legislation. In all, Salmon delivered a revolutionary application within nine months from a standing start.
04 July 2003
This was a fantastic piece of coverage for R.I.M. in the International Herald-Tribune, courtesy of their travel columnist, Roger Collis.However, it could have been very different.
R.I.M. was determined to expand its media coverage for its first colour BlackBerry device in Europe from its home sectors and into more mainstream publications. I suggested travel writers as their work schedule made having a BlackBerry a genuine boon, but travel journalists in the UK are not the most tech-savvy of people and the client insisted on doing the deskside briefing themself.
The client at the time upset the journalist, and the device was not formatted correctly so the journalist's e-mail reception failed to work. The result was a clutch of spam in the journalist's inbox, an angry journalist who threatened to pan R.I.M. in his article, name the client personally, and state that R.I.M. caused spam.
It took a week of damage limitation and troubleshooting to get the device swapped and couriered to the journalist, but the eventual story received made the effort well worthwhile.
Subscribe to:
Posts (Atom)
About Me
- Glyn
- Toronto, Ontario, Canada
- PR, internal communications and branding pro currently freelancing as a consultant, writer, DJ, and whatever else comes my way.
Posts
