Higher regulatory burdens may be holding financial services and insurance (FSI) firms back from critical investments, even in Singapore.

Financial services and insurance (FSI) firms are subject to a high degree of scrutiny on their compliance with security practices, and are expected to implement forward-thinking security.

In the Asia Pacific region, Singapore’s Monetary Authority of Singapore (MAS) is one of the strictest authorities that holds FSI companies to the highest standards of compliance.

Rachel Lew, Singapore Country Manager of automation software firm Puppet, commented: “In Singapore, banks have varying levels of maturation in integrating security into their processes. They understand the importance of gearing up their compliance and have expressed interest in DevOps to solve for human error, ease manual processes and save resources when tackling potential threats.”

On the flip side, Lew noted that Singapore FSI firms are held back by red tape and bureaucracy to implement change management. In addition, the industry lacks automation to harden the security system and help in compliance.

According to Puppet’s 2019 State of DevOps: Industry Report Card, FSI firms are falling short of expectations to successfully apply automation to security considerations across the globe. Compared to other verticals, this industry is lagging behind on evolving their DevOps capabilities, likely due to constraints by a higher regulatory burden both in terms of volume and complexity.

The industry report suggests key practical steps that FSI leaders can consider taking to build security practices within their software lifecycle:

  1. Invest in automation to improve security posture
    Automation makes it easier to harden infrastructure and application configurations and prove compliance, in turn reducing audit time and giving teams time back to work on higher impact initiatives.
  2. Integrate security earlier in the software delivery cycle
    67% of respondents recognize the value in involving security earlier in the cycle. In fact, the cost of fixing defects increases exponentially as it progresses through the software delivery lifecycle. Adding security at the beginning is key to mitigating future risks and significantly reducing development costs.
  3. Empower teams to build security within the delivery process
    Only 26% of financial services and insurance firms have designated security experts embedded within the delivery teams. In large enterprises, these security teams can support hundreds of application development teams.  Having a security expert on the team can ensure that security is treated as a design constraint and eliminate bottlenecks to delivery.

By 2021 MAS will have announced digital banking licenses and this is expected to be a game-changer for the FSI industry. It is envisioned to liberalize the sector, deliver speed, convenience and choice. The excitement of new digital services brings along higher cybersecurity risks.

With this development, as vulnerabilities rise, there is a need to effectively find and fix known software vulnerabilities within a company’s infrastructure so they cannot be exploited.

The report asserts that companies in the APJ region need to move from using disconnected toolsets to a standardized solution. This also comes with the incorporation of a DevOps culture. It asserted that security integration requires a proactive approach, one that emphasizes cross-team collaboration and empowers IT delivery teams to autonomously prevent, discover and remediate security issues.