Mark Mixter

Mark Mixter
Mark is a Solution Consultant at Open Text and a relentless client advocate with 18+ years experience designing, implementing, and managing Integration Solutions for the Financial Services Industry. His expertise is in the area of: Corporate to Bank Connectivity and Integration, Global Treasury and Cash Management, Global Product Management, and Global Project Management.

“It’s all About the Information!”

information

Chances are you’ve head this before. And if you are a Ben Kingsley or Robert Redford fan you even recognized the line from Sneakers (released in 1992).  Yes 1992. Before the World Wide Web  Remember Netscape didn’t launch the first commercially successful Web browser until 1993. Actually it’s always been about the information, or at least the right information – the information needed to make an informed decision, not just an intuitive one. Now in many ways the information, the data, has always been there; it’s just that until recently, it was not readily accessible in a timely manner. In today’s internetworked business climate we are more aware of how much data is available to us through technology, like the mobile device in your pocket –at 12GB an iPhone 6S is massively more than the 6Mb programs IBM developed to monitor an Apollo spacecraft’s environmental data. Which demonstrates the reality of Moore’s Law, but that’s another topic. Yet because it’s so easy to create and store large amounts of data today, far too often we’re drowning in data and experiencing information overload. Chances are right now you’re reading this in between deleting that last email, before your next Tweet, because the conference call you are on is being dominated by someone repeating the same information you provided yesterday.   Bernard Marr, a contributor to Forbes, notes “that more data has been created in the past two years than in the entire previous history of the human race.”  Marr’s piece has at least 19 other eye-opening facts about how much data is (and is starting to become) available to us but the one that struck me the most was # 20. “At the moment less than 0.5% of all data is ever analysed and used just imagine the potential here.” 0.5%! Imagine the opportunities missed. For example what if the transaction patterns of a customer indicated they were making more and more purchases of auto parts as well as making more  payments to their local garage (or mechanic). Combined with a recent increase in automatic payroll deposits, might that indicate this customer would be a good prospect for a 0.9% new car financing offer? Or imagine the crises which could be avoided. Think back to February 2016 and the now infamous multi-million dollar Bangladesh Bank heist. As you may recall thieves managed to arrange the transfer of $81 million to the Rizal Commercial Banking Corporation in the Philippines. While it’s reasonable to expect existing controls might have detected the theft, it turns out that a “printer error” alerted bank staff. The SWIFT interface at the bank is configured to print out a record each time a funds transfer is executed. But on the morning of Feb 5 the print tray was empty. It took until the next day to get the printer restarted. It also turns out the New York Federal Reserve Bank had sent queries to the Bank questioning the transfers. What alerted the Fed? A typo.  Funds to be sent to the Shalika Foundation, were addressed to the “Shalika fandation.” There’s obviously more to this story, but you can look at WIRED Magazine’s story now. Consider the difference if a certain the bank had the toolset able to flag the anomaly of a misspelled beneficiary in time to generate alerts and hold up the transfers for additional verification? As we know the thieves timed their heist to take full advantage of the week-end, it’s only a small step to have these alerts sent as an SMS text, or email to the bank’s compliance management staff. To best extract value from the business data available to you requires two things:  An engine and a network. The engine is one designed to perform the data driven analysis needed.. With OpenText™ Analytics Suite, financial institutions can not only derive data-driven insights to offer value added solutions to clients they can also better manage the risk of fraudulent payment instructions, based on insights derived from a client’s payment behavior, and the correlating fact that the beneficiary accounts had been opened in May 2015 and not been a previously used  beneficiary. But the other equally important tool is the network. As trains need tracks, analytical tools engine needs data (as well as the network to deliver it). Today more and more of this data needed to extract value comes from outside the enterprise. OpenText™ Business Network is one way thousands of organizations exchange the data needed to manage their business, and provide the fuel for their analytical engines. For example, suppose a bank wanted to offer their customers the ability to generate ad-hoc reporting through their banking portal.  With payment, collection, and reporting data flows delivered through Business Network’s Managed Services, the underlying data would be available for the bank’s analytical engine. Obviously much of the data involved in the examples I’ve provided would be sensitive, confidential, and would need robust information security controls to keep it safe.

Read More

Data Protection in the Information Age – What Questions Should I ask?

data protection

“Keep it secret, keep it safe” While most you, I hope, recognize this line from Peter Jackson’s Lord of the Rings, The Fellowship of the Ring, as Gandalf’s charge to Frodo regarding the One Ring, I submit this line represents the primary goal of information security in today’s age of information. The ocean of the blogosphere and twitter-verse is awash with wave after wave of the opportunities available to organization’s able to capitalize on their digital assets by harnessing the power of analytics engines, fed by robust business networking solutions. Check these blogs out for some wonderful examples. 2016 Data Breaches set records But these waters are not always safe.  Googling ‘2016 data breaches’ yields more than 5.6 million results in less than ½ a second. Bloomberg contributor Olga Kharif writes 2016 “was a record year for data breaches.” From the DNC, to LinkedIn; from the IRS to SnapChat; from Wendy’s to Yahoo; it’s clear that pirates sail the waters of the Information Age.  And the pirates may be getting bigger and bolder.  On Mar 22, the  WSJ reported  “Federal prosecutors are building cases that would accuse North Korea of directing one of the biggest bank robberies of modern times, the theft of $81 million from Bangladesh’s account at the Federal Reserve Bank of New York last year.” So how can today’s digital organization successfully navigate these waters?  How can CIO’s, CISOs, and other C-level executives be comfortable their own harbors won’t crumble under the next attack?  As more and more data inside the enterprise originates outside the enterprise, what about the defenses of those external harbors in one’s digital ocean?   More urgently as more and more business data applications move to cloud based solutions, what questions do I need to ask to be comfortable my data is kept both secret and safe? Questions to “keep it secret, and keep it safe” When evaluating current or prospective solution providers here are the basics questions you need to ask your provider, if not your own internal team, about how your data is secured. Will you show me you’ve thought about this before? This question goes to the Information security policies, certifications and audits in place.  Is there a framework of policies and procedures which include all the necessary controls in an organization’s Information Risk Management processes?   Are these processes certified against ISO 27001 or NIST etc.   Do you undergo regular external audits?  Can you provide copies of your SSAE-16 SOC1, SOC2, and/or SOC3 reports? Where is it? This question speaks both to network typology and architecture as well as to the physical and environmental controls of the locations where your data is stored and processed.  What firewalls are in place? Is there a DMZ?  Are proxies used to move data from the DMZ into the processing applications?  If stored is the data encrypted? How does it get there? This question speaks the controls surrounding data transmission.  Are secure protocols used? Is the actual data being sent also encrypted or digitally signed? Who can see it? This question speaks to access control.  The goal is the only the right people can see the right information at the right time for the right reasons. Here is where you want to ask if multifactor authentication is used?  Is there Data Leakage Protection in place? How do you know? What monitoring – automated and manual is in place?  Are access points secured by Unified Threat Management tools?  What about Intrusion Prevention?  What’s the process when an incident is detected, or even suspected? How do you keep up? The only constant in the information age is change.  From the amount of the data being created – IDC estimates the digital universe is growing at 40% per year – to the ever increasing and changing nature of cyber threats.  How does the organization stay current?  What is the policy and process for applying patches?  What level of technical debt is in place  (what version of the hardware and software components are in place) This is by no means an exhaustive list of questions, but these are some of the essential ones to ask.  And good answers to serve to keep the pirates at bay.

Read More

For Usable Insights, You Need Both Information and the Right Analytical Engine

Data

“It’s all about the information!” Chances are you’ve heard this before. If you are a Ben Kingsley or Robert Redford fan you may recognize the line from Sneakers (released in 1992). Yes, 1992. Before the World Wide Web!  (Remember, Netscape didn’t launch the first commercially successful Web browser until 1993). Actually it’s always been about the information, or at least the right information – what’s needed to make an informed decision, not just an intuitive one. In many ways the information, the data, has always been there; it’s just that until recently, it wasn’t readily accessible in a timely manner. Today we may not realize how much data is available to us through technology, like the mobile device in your pocket – at 12GB an iPhone 6S is 2,000 times bigger than the 6MB programs IBM developed to monitor the Apollo spacecrafts’ environmental data. (Which demonstrates the reality of Moore’s Law, but that’s another story).  Yet because it’s so easy to create and store large amounts of data today, far too often we’re drowning in data and experiencing information overload. Drowning in Data Chances are you’re reading this in between deleting that last email, before your next Tweet, because the conference call you are on has someone repeating the information you provided yesterday. Bernard Marr, a contributor to Forbes, notes “that more data has been created in the past two years than in the entire previous history of the human race”.  Marr’s piece has at least 19 other eye-opening facts about how much data is becoming available to us, but the one that struck me the most was this one: 0.5%! Imagine the opportunities missed. Just within the financial industry, the possibilities are limitless. For example, what if the transaction patterns of a customer indicated they were buying more and more auto parts as well as making more payments to their local garage (or mechanic). Combined with a recent increase in automatic payroll deposits, might that indicate this customer would be a good prospect for a 0.9% new car financing offer? Or imagine the crises which could be avoided. Think back to February 2016 and the Bangladesh Bank heist where thieves managed to arrange the transfer of $81 million to the Rizal Commercial Banking Corporation in the Philippines. While it’s reasonable to expect existing controls might have detected the theft, it turns out that a “printer error” alerted bank staff in time to forestall an even larger theft, up to $1 billion. The SWIFT interface at the bank is configured to print out a record each time a funds transfer is executed, but on the morning of February 5 the print tray was empty. It took until the next day to get the printer restarted. The New York Federal Reserve Bank had sent queries to the Bank questioning the transfer. What alerted them? A typo. Funds to be sent to the Shalika Foundation were addressed to the “Shalika fandation.” The full implications of this are covered in WIRED Magazine. Analytics, Spotting Problems Before They Become Problems Consider the difference if the bank had the toolset able to flag the anomaly of a misspelled beneficiary in time to generate alerts and hold up the transfers for additional verification. The system was programmed to generate alerts as print-outs. It’s only a small step to have alerts like this sent as an SMS text, or email to the bank’s compliance team, which may have attracted notice sooner. To best extract value from the business data available to you requires two things: An engine and a network. The engine should be like the one in OpenText™ Analytics, designed to perform the data-driven analysis needed. With the OpenText™ Analytics Suite, financial institutions can not only derive data-driven insights to offer value-added solutions to clients, they can also better manage the risk of fraudulent payment instructions, based on insights derived from a client’s payment behavior. For example, with the Bangladesh Bank, analytics might have flagged some of the fraudulent transfers, to Rizal Bank in the Philippines,by correlating the fact that the Rizal accounts were only opened in May 2015, contained only $500 each, and had not been previous beneficiaries. Business Network: Delivering Data to Analytical Engines But the other equally important tool is the network. As trains need tracks, an analytical tools engine needs data (as well as the network to deliver it).   Today more and more of this data needed to extract value comes from outside the enterprise. The Open Text™ Business Network is one way thousands of organizations exchange the data needed to manage their business, and provide the fuel for their analytical engines. For example, suppose a bank wanted to offer their customers the ability to generate ad-hoc reporting through their banking portal. With payment, collection, and reporting data flows delivered through the Open Text Business Network Managed Services, the underlying data would be available for the bank’s analytical engine. Obviously much of the data involved in the examples I’ve provided would be sensitive, confidential, and in need of robust information security controls to keep it safe. That will be the subject of my next post.

Read More