Computer security being très in vogue these days I made a visit to 7Safe, the computer security and forensics firm bought by PA Consulting in 2011, very timely. 7Safe was founded by Australian-born-in-London Alan Phillips in 2001 after he’d spent five years in the IT security department at the London Stock Exchange. The firm has contracts with leading law enforcement, education, defence and financial organisations and has a robustly healthy IT security training arm that turns over £1m pa.
One of the newer contracts involves Cleartrade, whose platform delivers a processing system for the derivatives market. Earlier this year the Cleartrade Exchange built the platform for the Singapore Regulated Futures Exchange and the firm is now a Regulated Market operator in Singapore.
Cleartrade is also a 7Safe customer and very considerately Richard Baker, the firm’s CEO, agreed to come along to the chat with Alan, 7Safe’s CEO. Cue a mighty interesting discussion!
So how did the involvement begin?
“Morgan Stanley has a very rigorous approval policy,” says Richard, a Cork native who lives near Cambridge when he’s not in Singapore. “They’re a member of our exchange, so when they were joining they had a compliance process and as part of that we found we were not as well structured as we should have been and effectively asked 7Safe to conduct a fairly independent look at us.”
The global derivatives market is worth $700trn annually so the sort of financial security being discussed here is intense.
“Reputational risk for an exchange is everything,” Richard agrees. “You do not have the luxury of going off-air. It’s a mission-critical role – the notional value of an hour’s worth of daily trades is in the multi-millions of dollars.”
Richard and Alan actually met because their children go to the same school, and they got chatting, as you do. Richard asked Alan to get involved.
“7Safe undertook some penetration testing and identified some issues and we jumped on those pretty quickly,” Richard continues. “It took less than a week to resolve them.”
7Safe’s recommendations included enhanced terminal-to-server traffic protection, “obfuscating or encrypting that data, and making sure that you’re not transmitting data that you don’t need to transmit”.
Richard is delighted with the outcome: pointing to the Singaporean regulator’s June 2013 “Technology Risk Management Guidelines” on his iPad, he turns to page 29 where he points to the section that starts “Vulerability Assessment and Penetration Testing”. Then he says with the faintest of smiles that 7Safe’s solutions cleared all the hurdles. “I’m pretty pleased that we did it all 18 months ahead of everybody else”. (By the way, I should add that, when it comes to accessing the Cleartrade Exchange, the iPad, iPhone, Blackberry and Andoid systems are read-only. “We don’t believe those systems are safe enough,” says Richard.)
“Computer protection is sometimes seen as a cost,” says Alan, “but in this case it’s an investment and a security essential.”
7Safe employs 50 people and last year’s deal with PA Consulting, which employs 2,500 people worldwide, has proved constructive for both parties in a fast-moving sector. Alan is sagacious about the mindset of online hackers – Cleartrade, like the rest of the industry, uses the open internet. “There are two types of attack,” he says.
“The first are opportunist attacks which can do a lot of damage and they can be carried out by any individual, sometimes they’re too young to prosecute. The second is targeted attacks which can be worse.”
The opportunists tend to make a mess: industrial/government-backed snooping can be almost traceless – and very hard to prosecute. “Denial of service” – a knockdown – “is one attack that we advise on but a typical penetration test involves checking if someone is able to take over someone else’s user session, taking their passwords, enabling them to access the computer or computers and looking for vulnerabilities that can be exploited. The goal of the penetration tester is the same as the hacker – we try and get hold of Richard’s servers and if we can that’s bad news.”
Complete confidentiality is vital to Cleartrade, which was formed in 2010. Richard, who has an engineering background in technology and communications, is ceo and founding member. The firm came about in to response to a gap in the market following the introduction of the Dodd-Frank Act in 2009 – a response to the financial crisis which “was due to derivatives being used in inappropriate ways”. Basically, to ensure transparency, derivatives were obliged to trade using open platforms, which created an opportunity for those platforms to be developed. Clever stuff, in other words.
Cleartrade began “with one primary investor, it started small like all good entrepreneurial businesses” – another slight smile reminds you that you’re in the presence of a man with can-do access to markets that are still the merest twinkles in their creators’ eyes – “just three people, now it’s 15. My time is split between London and Singapore, the company was recently sold to a Nasdaq-listed company which has raised a lot of additional capital, and they’ll be a large client which expands the portfolio and means we can move into new markets”.
Indeed in May, Nasdaq-listed INTL FCStone, one of the largest independent futures brokers in the US, took a controlling interest in Cleartrade.
Richard is adamant that new regulations have seriously cleaned up the derivatives market: there have been three big changes in derivatives trading since the 2008 crash.
“Firstly, all trades have become electronic. Second, clearing houses were set up. And, thirdly, all trades have to be reported within 15 minutes.
“So I built a tech platform to cover these three areas and ran it as an unregulated exchange until it finally got regulated in 2011.”
So the bad feeling directed at one of the most blatant of the new financial instruments which brought near-ruin to the markets could be turned around?
“Derivatives have been a nasty word in the last three to five years but equally there needs to be an understanding of what got us into trouble and that was synthetic derivatives and they’re not real.” Richard is referring to the packaged-up debt with front-end investments which the market has subsequently been obliged to unpick. “Synthetic derivatives have been cleared out of the market in the last four years and 400,000 jobs in London have gone – 200,000 in the last two years alone. We don’t want to defend what happened, we’re one of the new guys.”
To find out how PA can help your organisation fight cyber crime, please click here or contact us now.
This article first appeared in Cambridge Business. To read the magazine online click here.