Patching Smarter and Faster

By Israel Hersh, SVP Business Development, tekVizion

IT departments are fighting a constant stream of security patches, bug fixes, and software upgrades, a reality that is well known. It even has its own ‘day’ – “Patch Tuesday” being the day when Microsoft pushes out its patches.

However, not all patches are created equal. While some may be a critical security patch, others may be a bug fix for a rarely used feature. So how do you make sure that the you’re focusing your attention on the areas that really do matter?

Security is invariably going to come at the top of the list for banks and for good reason.

When the SEC updated its guidance to public companies for disclosure of cybersecurity risks and incidents in 2018, this essentially created a new regulatory disclosure category for cybersecurity incidents. It is a similar picture in the UK, where the Financial Conduct Authority (FCA) includes cybersecurity in its regulatory compliance agenda and outlines specific expectations for disclosure of incidents. Similarly, in Singapore, the Monetary Authority of Singapore (MAS) has taken decisive action towards placing cybersecurity at the top of its agenda by setting up an international advisory panel and appointing its first Chief Cyber Security Officer to drive regulatory standards compliance for the financial services market.

We know it’s a given to prioritize security patches, but even then, installing a patch isn’t straight forward. Such is the complexity of the systems that a fix in one place can end up causing a critical break elsewhere. Prioritizing the patches is a start, but it doesn’t go far enough.

You can’t apply patches across the system and expect everything to run smoothly. Patches must be deployed, tested, and certified and the only available time to get this this done is over the weekend when the trading floor is closed. In fact, the very nature of the highly regulated, compliance-bound trading floor is such that the infrastructure behind it must be tested to within an inch of its life.

In many cases, a bank will have multiple pre-production environments, taking weeks or even months for any changes to move into the production environment – and even then they can still be plagued by last minute problems.

The solution, until now, has been for all this to happen first in the lab, and then only be rolled out into the live trading floor over the weekend, with the Ops team having to quite literally walk the floor to check every voice trading Turret and Dealerboard.

But compounding things, the Global Banking Annual Report by McKinsey indicates post Covid 19 revenues impact to the financial market that will linger for 2-4 years. The revenues will face headwinds due to credit crunch, lower interest rates and accelerated digitalization in retail banking. The slowdown in revenues will require operational transformation that will reduce cost while maintaining productivity. While many functions in the banks transitioned, the voice trading operational workflows are the next in line to be scrutinized.

If you estimate that one person can on average manually test about 50 turrets over the weekend, and that even a mid-sized trading floor can have as many as 2,000 turrets, that is a lot of weekend overtime, overtime that occurs at least once a month as new security patches are deployed.

It is clear that the banks do not have the capacity, budget, and risk appetite to deploy all the patches. They pick and choose the software releases, break/fix patches and security patches that will be deployed. As a result, the traders’ productivity is impacted and the bank is exposed to vulnerability and reliability risks.

However, there is another way. By automating testing, patches can quickly and safely move from the lab into the production environment, without any need for teams to spend their weekend walking-the-floor.

By automating the “walk the floor” process, banks’ operations teams can reduce the test time from hours to minutes, enabling repeated testing not only of turret features, but also validate the audio quality for each call for MiFID II compliance.

This equates to a 90% annual time saving and $1.3 million in annual costs saved for a typical FICCs trading floor.

But this isn’t just about saving time and money. It’s about cutting the cost of downtime by patching faster and smarter, and it’s about accelerating value so you get more from your voice trading system and don’t leave software upgrades languishing in the lab until someone has time to get round to them.

Augmenting manual testing of voice trading platforms such as Dealerboard or Turret systems with tekVizion’s fully automated Automation can dramatically mitigate risk and reduce the cost while increasing the coverage of testing. Find out more here.

© 2020-2021 IPC Systems, Inc. All Rights Reserved. The contents of this publication are intended for general information purposes only and should not be construed as legal or regulatory advice.