Dabble.addView({"_class": "View", "id": "d0db209b-9a37-4524-bad9-0c488220a804", "name": "Published SIN stories with texts", "fields": [64, 43232, 6687, 46288, 46316, 510], "entries": [
{"_name": "SIN tech feature: encryption", "_id": 816263, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=816263",  "values": ["SIN tech feature: encryption", "http://www.securitiesindustry.com/issues/19_61/22377-1.html", {"name": "May 12, 2008", "start": 1210521600, "end": 1210607999 }, "Though the lack of a single standard for e-mail encryption has hindered adoption of the technology, financial firms are pressing slowly forward. Case in point: BNP Paribas' announcement last month that it has implemented an encryption product from PGP Corp.", "Though the lack of a single standard for e-mail encryption has hindered adoption of the technology, financial firms are pressing slowly forward. Case in point: BNP Paribas' announcement last month that it has implemented an encryption product from PGP Corp.\r\n\r\n According to French bank BNP Paribas, the new software will help secure e-mails to business partners, regulators and customers. The system from Palo Alto, Calif.-based PGP permits the bank to set encryption policies based on content, sender and recipient, among other factors, and can also be used in conjunction with IBM's Lotus Notes.\r\n\r\nThe advantage of such technology is that e-mails are secured automatically, says Jamie Cowper, director of European marketing in PGP's London office, rather than managers having to encrypt e-mails one at a time. Encryption reduces the risk of a data breach and helps firms comply with partner demands and regulatory mandates for information security and privacy, says Cowper.\r\n\r\nThe BNP Paribas deployment reflects a growing trend in the securities industry, he adds. \"About five years ago, e-mail encryption was used by a very small number of organizations, perhaps by a few people in the HR department or the legal department,\" he notes. \"Or perhaps it was used by lawyers for discussing mergers and acquisitions. Now, we are increasingly seeing people looking to roll out gateway-wide encryption across every communication in an organization.\"\r\n\r\nBNP first considered encryption technology in 2005, when business partners began asking for it. Another factor was the security and privacy regulations in all the countries in which it does business.\r\n\r\nThe PGP system was attractive because it is compatible with systems used by the bank's business partners. \"We discovered that our partners use solutions based on either the OpenPGP or S/MIME [secure/multipurpose Internet mail extensions] encryption standard and if we used a compatible solution, we wouldn't have to send, receive or install any public keys because the exchanges were automatic,\" Stephane Detruiseux, manager in the risk and security expertise group at BNP Paribas, said in a prepared statement.\r\n\r\nNo Global Platform\r\n\r\nCompatibility is a problem for many firms. In fact, for several years the main challenge for encryption has been the number of standards on the market, says Eric Skinner, CTO of Addison, Texas-based Entrust, which provides products to secure digital identities. A medium-sized company could need to send e-mails to a large organization using PGP, one using S/MIME, and a small company that doesn't encrypt, which \"makes it difficult to send an encrypted message,\" Skinner says.\r\n\r\nFor incoming e-mails, gateways can be deployed that automatically route messages to the appropriate software for decryption. Gateways can also encrypt an outgoing message so it is compatible with the recipient's system. But that doesn't help when the recipient is using an unrecognized encryption system, or none at all.\r\n\r\nE-mail encryption is a \"steady but relatively slow growth market of 10 percent to 15 percent,\" said analyst Eric Ouellet in a November report from Gartner. \"Although the vendors' technologies are relatively mature, deployments are still focused on communities of need.\"\r\n\r\nHealth care organizations, for example, are required to implement e-mail encryption as part of the Health Insurance Portability and Accountability Act. \"But most organizations still consider e-mail encryption as a check-box solution to address auditors' and compliance officers' identified deficiencies, rather than as a strategic investment,\" said Ouellet.\r\n\r\nThough effective technology is out there, many firms are waiting for a clear winner to emerge or are implementing systems they use in limited ways. However, given the potential security risks--and compliance problems--of unencrypted e-mail, a wait-and-see strategy may not be the best approach.\r\n\r\n\"A general standard would have some advantages, but these institutions have immediate regulatory and business process requirements that have to be solved in the short term,\" says Terence Spies, CTO of Palo Alto, Calif.-based encryption vendor Voltage Security. \"We see standards emerging in the area of key management, which enables encryption for storage applications, but no active efforts in the space of customer and partner e-mail encryption.\" \r\n\r\n All the standards, and most of the available systems, have adequate security, says Spies. \"The factors that differentiate these technologies are, first, how easy they are to use for e-mail recipients outside the company, and second, how well they integrate with internal processes like content scanning and archiving,\" he adds.\r\n\r\nThere's one form of encryption that everyone has on their desktops--Internet browsers such as Microsoft's Internet Explorer and Mozilla Firefox. Online retailers and brokerages already take advantage of browsers' built-in technology to secure online transactions, in combination with a log-in and password. \r\n\r\n By setting up a mailbox inside a protected area on the site, online brokerage customers can see their statements and other sensitive data without worrying about virtual eavesdroppers. E-mails can be sent to people who don't have online accounts with a firm through identity-based encryption, or IBE, technology, which combines a Web-based delivery system with an authentication mechanism based on an e-mail address or other information unique to the individual.\r\n\r\n\"Some technologies--like Voltage IBE--allow for reading and replying to secured e-mails through a Web browser session, so no client software is required,\" says Spies.\r\n\r\nBut a common IBE standard is at least a year away, says Richi Jennings, analyst at San Francisco-based Ferris Research, and the technology is incompatible with the older systems. \"The standards-based approach has failed,\" he asserts. \"It was too difficult to manage, so was only usable in tightly defined circumstances. It's a pity, because e-mail encryption should be used by many, many more organizations.\"\r\n\r\nBroken Trust\r\n\r\nBecause e-mails typically travel the Internet as plain text and there is a lack of authentic information about senders and recipients, a breakdown of trust has occurred. Business partners and customers of securities firms have moved toward proprietary communications networks, dedicated lines and, for consumers, secure online mailboxes.\r\n\r\nMany firms are using IP security VPNs, or virtual private networks, \"to encrypt over fixed connections,\" says Bill Tan, CTO of Boston-based hedge fund technology provider Eze Castle Integration. He cites Nyfix as an example of a company \"using encryption technology to send out trade information to clients.\"\r\n\r\nAbout 10 percent of Eze Castle's fund clients use e-mail encryption, says Tan--mainly to communicate with their administrators. However, many hedge funds outsource a large part of their technology needs, which could bode well for widespread adoption of encryption, he says, with usage climbing to 50 percent over the next few years. \"The software solutions that they're using [are] basically increasing their support for encryption technology,\" he explains. \"And as it becomes available to them, they are using it.\"\r\n\r\nNick Holland, senior analyst at Boston-based Aite Group, says many partners and clients no longer believe e-mail is secure, even if it is encrypted. \"It is very hard for the end users or customers to trust that it is actually from a financial institution, rather than a phishing attempt,\" he notes. \"The difficulty is not so much in encrypting to ensure the message is safe--it is in reestablishing that trust between the end user and the firms.\"\r\n\r\n\"BNP Paribas is actually front-running with what it is doing with PGP,\" says Holland. \"It hopefully telegraphs that the e-mail channel isn't dead and that institutions should start thinking creatively about how they can reclaim it.\"\r\n\r\n\"When a bank makes a move to protect certain data that is about their clients, about their transactions, about their business dealings, and they encrypt it--that is a step in the right direction,\" says Jacob Jegher, analyst at Boston-based Celent. ", {"_id": 580020, "_name": "Mayur Pahilajani" }]},
{"_name": "Taiwan Stock Exchange and the ISE Sign MOU", "_id": 889235, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=889235",  "values": ["Taiwan Stock Exchange and the ISE Sign MOU", "http://www.securitiesindustry.com/issues/19_61/22372-1.html", {"name": "May 12, 2008", "start": 1210521600, "end": 1210607999 }, "The Taiwan Stock Exchange Corp. (TSEC) last week signed memorandums of understanding (MOUs) with a pair of U.S. markets--the International Securities Exchange (ISE) and Philadelphia Stock Exchange (PHLX). Through the cooperation agreements, the Taiwan exchange will provide information about options products to PHLX and exchange-traded funds (ETFs) to ISE.", "The Taiwan Stock Exchange Corp. (TSEC) last week signed memorandums of understanding (MOUs) with a pair of U.S. markets--the International Securities Exchange (ISE) and Philadelphia Stock Exchange (PHLX). Through the cooperation agreements, the Taiwan exchange will provide information about options products to PHLX and exchange-traded funds (ETFs) to ISE.\r\n\r\n \"U.S investors have been more willing to invest in the Taiwan stock market,\" said TSEC spokesperson Zuxin Wang, particularly in technology companies. The U.S. subprime crisis has mostly bypassed Taiwan, said Wang. \"Our benchmark, the TAIEX, posted constant growth during the first quarter,\" he noted. The TAIEX closed at over 8,300 on Jan. 2 and climbed past 8,500 on March 31. It continued to rise through the second quarter, surpassing 8,900 on May 7.\r\n\r\nThree ETF indexes containing Taiwanese industrial, technology and financial companies are listed for options trading on ISE, the New York-based Eurex subsidiary, and more will be added later this year, according to the exchanges. ISE president and CEO Gary Katz called the agreement \"an important first step in developing options on leading indexes and ETFs related to Taiwan. The MOU will also enable us to expand the international ETFs that will be traded on the ISE Stock Exchange and creates a strong foundation to foster closer ties and cooperation between our two exchanges.\"\r\n\r\nTSEC said that the agreement with the Philadelphia exchange, which is in the process of being acquired by Nasdaq OMX Group, is its first move to promote Taiwan's technology sector to U.S. index traders. The MOU could also stimulate the \"development of new financial instruments for both exchanges,\" said TSEC chairman Rong-I Wu in a statement.\r\n\r\nThe Taiwan stock market's total market capitalization is around $691 billion, making it Asia's seventh-largest equities market. It had 698 listings as of year-end 2007. ", {"_id": 44593, "_name": "Alex Dai" }]},
{"_name": "Russian Trading System Adopts FIX Protocol In Testing Stage On FORTS", "_id": 857437, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=857437",  "values": ["Russian Trading System Adopts FIX Protocol In Testing Stage On FORTS", "http://www.securitiesindustry.com/issues/19_60/22360-1.html", {"name": "May 5, 2008", "start": 1209916800, "end": 1210003199 }, "The Russian Trading System (RTS), the country's second-largest exchange by volume, will in June launch a FIX gateway, allowing foreign market participants to more easily gain access to the venue.", "The Russian Trading System (RTS), the country's second-largest exchange by volume, will in June launch a FIX gateway, allowing foreign market participants to more easily gain access to the venue.\r\n\r\n The FIX connectivity system, developed by Devexperts, a St. Petersburg, Russia-based software vendor specializing in options and foreign exchange, is being tested with the exchange's derivatives market--Futures and Options on RTS (Forts). Currently, firms connect to Forts over a proprietary trading platform and application programming interface (API).\r\n\r\nOver the next two months, said RTS vice president Dmitry Shatsky, the exchange hopes to provide FIX access to the main board as well, distributing market data to participants. That phase of the project will include order management, he said.\r\n\r\n\"A lot of global banks are among our trading partners--we count Goldman Sachs, Morgan Stanley, Merrill Lynch and Deutsche Bank amongst our clients,\" said Shatsky. \"Many of them use the API system, but some would prefer not to as it can require clients to modify their internal systems, which takes money and resources.\" Introducing FIX may encourage these firms to become more active, he added.\r\n\r\nThough new and existing participants will be able to take advantage of the FIX system, RTS will continue to support the API, said Shatsky.\r\n\r\nTwo brokers have already requested access to try out the FIX gateway, according to the exchange. \"The version we are currently testing does not differ much from the full version,\" said Shatsky. \"The testing version is available for all brokers, who can use it to coach traders and clients. We expect the FIX system to be fully operational by early June.\"\r\n\r\nAs Russia develops, it becomes more important to set up standards-based systems, asserted Shatsky. Trading volume across the RTS markets increased sixfold last year, to $690 billion from $118 billion. The Moscow Interbank Currency Exchange (Micex)--Russia's largest--reported $4.2 trillion in total trading last year, up from $1.9 trillion.\r\n\r\n\"Many foreign companies set up offices in Moscow last year,\" said Shatsky. \"Now that foreign participants are more active, we felt the time was right to introduce FIX.\"\r\n\r\nRTS chose six-year-old Devexperts to develop the system because of its FIX experience with U.S. clients, said Shatsky. Talks with the vendor began six months ago, he said; work began on the system in January. \"They have a good reputation for client support and maintenance,\" he noted.\r\n\r\nDevexperts did development and integration work for the DealBook 360 online trading platform of Ada, Mich.-based Global Forex Trading, a division of Global Futures & Forex, and a platform for Chicago-based online brokerage think-\r\n\r\norswim. Their most well-known client in the Russian market is Moscow-based investment bank CIT Finance. This is the first project the company has undertaken for an exchange.\r\n\r\n\"The Russian stock market is a few years behind the U.S. and other international markets,\" said Yan Stolyar, director of business development at Devexperts. \"The technology used depends on the volume of trade--and this volume is still extremely low when compared to other markets. FIX is the technology needed when operations get to a certain level and large international players come in, and this is where we are now.\"\r\n\r\nHigh oil prices and a stable economic and political climate are contributing to global optimism about the Russian markets, said Tom Price, analyst at Needham, Mass.-based research firm TowerGroup. \"Accordingly, there is the potential for a greater volume of order flow into RTS,\" he said. \"Without a modern trading infrastructure, the challenge of having to maintain FIX and non-FIX connectivity might deter market participants.\"\r\n\r\nRTS is also racing to catch up to Micex, said Price, adding that over the past decade, RTS's share of the Russian market has fallen to less than 5 percent. \"To regain lost ground, RTS has to initiate infrastructure development to recover market share,\" he said. ", {"_id": 846931, "_name": "Caroline Middlecote" }]},
{"_name": "NASDAQ OMX Signs Contract With the Tokyo Commodity Exchange", "_id": 846183, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=846183",  "values": ["NASDAQ OMX Signs Contract With the Tokyo Commodity Exchange", "http://www.securitiesindustry.com/issues/19_59/22316-1.html", {"name": "April 28, 2008", "start": 1209312000, "end": 1209398399 }, " The Tokyo Commodity Exchange (Tocom) plans to launch by May 2009 a next-generation trading and clearing system from Nasdaq OMX Group. Yuichi Fukui, executive director of the systems division at Tocom, Japan's largest commodity market, said on April 16 that the platform will help it \"grow and thrive in the global commodity marketplace.\"\r\n\r\n", " The Tokyo Commodity Exchange (Tocom) plans to launch by May 2009 a next-generation trading and clearing system from Nasdaq OMX Group. Yuichi Fukui, executive director of the systems division at Tocom, Japan's largest commodity market, said on April 16 that the platform will help it \"grow and thrive in the global commodity marketplace.\"\r\n\r\n The platform will allow Tocom to support larger transaction volumes and automate clearing, according to Nasdaq spokesperson Carl Norell. \"The system will enable faster and more efficient settlement of transactions, less complex and expensive hardware infrastructure and a centralized administration,\" he said.\r\n\r\nThe deal represents Nasdaq's first trading platform client in Japan and its biggest since the February merger of the New York exchange and Stockholm-based OMX. Other customers using the same integrated clearing and trading system include Hong Kong Exchanges & Clearing and Norway's VPS Clearing. NTT Data Corp., a Tokyo-based technology vendor, will help localize the platform.\r\n\r\nThe total cost to deploy and operate the system will depend on the exchange's trading hours, according to Tocom spokesperson Tony Crane. Though the market currently is open from 9 a.m. to 5:30 p.m., its closing will be extended to 11 p.m. once the new platform is in place. Eventually, Tocom plans to move to around-the-clock operations, with next-day trading hours from 11 p.m. to 7 a.m.\r\n\r\n\"The purchase amount, which includes the initial development cost and operational costs for five years, is about 8.8 billion yen [$85 million],\" said Crane. \"When the exchange further extends the trading hours ... there will be an additional operational cost of approximately 200 million yen [$1.9 million] per year.\"\r\n\r\nYumiko Manchu, analyst in Tokyo for Boston-based Celent, called Tocom's adoption of the Nasdaq technology a positive development for Japanese commodity markets. \"By using a software package, Tocom will be able to connect with other exchanges more easily and flexibly,\" she said. \"The bright side is that they could possibly boost their trade volumes, while the downside will be that with their globalized system, they could be targeted as an acquisition or partnering opportunity in the future.\" Average daily trading volume at Tocom reached 203,493 during the first quarter, up from 192,123 in the same period last year, according to Crane. ", {"_id": 42100, "_name": "Frances Wang" }]},
{"_name": "NYSE strikes deals with Malaysia, Tokyo", "_id": 866412, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=866412",  "values": ["NYSE strikes deals with Malaysia, Tokyo", "http://www.securitiesindustry.com/news/22329-1.html", {"name": "April 28, 2008", "start": 1209312000, "end": 1209398399 }, "The Tokyo Stock Exchange (TSE), historically reliant on technology from Japanese providers, announced today that it will implement an options platform from NYSE Euronext’s Advanced Trading Solutions unit. ", "Tokyo Taps NYSE for Options Platform as Trading Technology Competition Heats Up\r\nThe Tokyo Stock Exchange (TSE), historically reliant on technology from Japanese providers, announced today that it will implement an options platform from NYSE Euronext’s Advanced Trading Solutions unit. \r\nScheduled to launch in the first half of 2009, the new system, Tdex+, is based on the Liffe Connect platform used by the Euronext.liffe derivatives exchange and will allow TSE to introduce features such as market-maker functionality. The Tokyo exchange said it evaluated several electronic trading systems in use at major stock exchanges around the world before opting for the NYSE platform. \r\nTSE has almost exclusively used domestic suppliers such as Fujitsu, which the exchange has blamed for several technology glitches over the last couple of years, including problems that on Feb. 8 halted some derivatives trading. But the New York Stock Exchange and TSE signed a technology-sharing agreement early last year, and “this seems to be the first public initiative to come out of that relationship,” said Larry Tabb, CEO of New York-based Tabb Group. “While it remains to be seen whether TSE will sever Asian relationships and replace them with Western technology relationships, this certainly is a directional change.” \r\n“NYSE Euronext’s technical and operational expertise in various markets such as the capital and derivatives markets, within multiple localities in Europe and [the U.S.] is of indispensable value to us,” said TSE chief executive Atsushi Saito in a statement. \r\nNeil Katkov, analyst in Tokyo for Boston-based Celent, called it one of the most significant moves TSE has made in a long time. “This is the first time that the Tokyo Stock Exchange has put in a major piece of technology from a foreign supplier,” he said. What likely made the move easier is that there was no preexisting system in place, said Katkov. \r\n“The Tokyo Stock Exchange didn’t have to shut down a long-term relationship with an existing supplier,” he said. “Also, in the options market, international options exchanges are far and away the leaders--Japan has a very small options market. So it makes sense to use foreign know-how to try and set one up.” \r\nIt also may indicate that TSE has abandoned rumored plans to merge with the Osaka Securities Exchange, which trades futures and options. “The Osaka exchange is furiously independent and has resisted all offers,” he said. \r\nThough Katkov said that the deal with NYSE is not necessarily a sign that Tokyo is looking abroad for a suitor, it does reflect a trend toward partnerships among global exchange. “The business climate has turned to co-opetition replacing competition,” he said. \r\nNYSE’s deal with the Bursa Malaysia is a prime example, added Katkov. On April 21, Bursa Malaysia announced it had launched a direct-market access platform for its derivatives market that is based on NYSE’s Secure Financial Transaction Infrastructure, or SFTI, market access technology. “Five years ago, I don’t think NYSE would have done anything like this,” he said. “It would have protected its franchise aggressively.” \r\nSam Johnson, chief executive of Advanced Trading Solutions, the recently formed umbrella for the NYSE Euronext’s commercial technology business, called Asia an area of “tremendous importance” to the exchange. “As capital markets there continue to grow rapidly we hope to continue to build upon our meaningful partnerships with the most important exchanges in that region,” he said. NYSE last week said that the Philippine Stock Exchange has agreed to implement its NSC platform, and the Stock Exchange of Thailand is also a customer. \r\nSFTI had been used by U.S. brokers connecting with NYSE, said Tabb, and then expanded to Europe. The expansion into Asia “will enable them to better facilitate a global integration of both the NYSE and Euronext markets as well as with other markets they have relationships with,” he said. \r\n“As a node on the global SFTI community, this new solution provides truly open and global access to our market through a variety of networks and end-user applications,” said Bursa Malaysia COO Omar Merican in a statement. \r\nInternational growth is particularly important now, said Dushyant Shahrawat, analyst at Needham, Mass.-based TowerGroup, with slowdowns in North America and Western Europe and the growth of alternative trading systems in the developed markets. \r\n“While NYSE Euronext is a major force in U.S. and Europe, its limited presence in Asia, the Middle East and South America remains a weakness for it,” said Shahrawat, “especially as rivals like Nasdaq and CME Group make aggressive moves into these markets.” \r\n\r\n", {"_id": 720, "_name": "Maria Trombly" }]},
{"_name": "Chinese investors to buy and sell US securities", "_id": 807465, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=807465",  "values": ["Chinese investors to buy and sell US securities", "http://www.securitiesindustry.com/news/22236-1.html", {"name": "April 9, 2008", "start": 1207670400, "end": 1207756799 }, "The China Banking Regulatory Commission (CBRC) said Monday that it had reached an agreement with the Securities and Exchange Commission that allows Chinese institutions to invest in the U.S. stock market and in investment funds selected by the SEC.", "The China Banking Regulatory Commission (CBRC) said Monday that it had reached an agreement with the Securities and Exchange Commission that allows Chinese institutions to invest in the U.S. stock market and in investment funds selected by the SEC.\r\n\r\nThe U.S. joins Hong Kong, Singapore, Japan and the U.K. as the fifth foreign market accessible to Chinese retail investors under the government’s qualified domestic institutional investor (QDII) program. The move was welcomed by HSBC China and Bank of Communications Schroders Fund Management Co., both participants in the program.\r\n\r\n“Global investment opportunities are a natural trend,” said a spokesperson for the joint venture of Shanghai’s Bank of Communications and U.K.-based Schroders Investment Management, which acquired its QDII license last year. Bank of Communications Schroders plans to launch its first product by year-end, according to the spokesperson, as part of Schroders’ goal to double its assets in the greater China region, to $32 billion, by 2013. So far, five QDII products have been launched by other fund companies.\r\n\r\n“In the long term, we are still very confident in the QDII program and its investing value,” added the spokesperson, “despite the current weak performance of many QDII products from other banks.”\r\n\r\n“We welcome this development with the QDII” program, said an HSBC China spokesperson, though she declined to comment on any specific plans the bank has to expand QDII offerings of U.S. assets. HSBC China launched its first QDII fund last year.\r\n\r\nHowever, Zefeng Huang, policy analyst with Shanghai-based Haitong Securities Co., points to QDII funds’ recent disappointing track record. Most QDII products have suffered heavy losses due to volatile global market conditions and the rise of the yuan. Last month, Beijing-based China Minsheng Banking Corp. was forced to liquidate its QDII product after its value fell by more than 50 percent.\r\n\r\nAs of year-end 2007, there were 262 QDII products available, offered by 16 of the 23 Chinese commercial banks that had obtained QDII licenses. Total sales amounted to 41.4 billion yuan ($6 billion).\r\n\r\n“QDII products are still not very attractive for investors because of their weak performance since the launch of this program in 2006,” said Huang. “The current hard-to-predict U.S. stock market [further] reduces the attraction” of such products.\r\n\r\nAccording to Huang, the CBRC’s opening of the U.S. market is not likely to boost the program’s faltering numbers. “In the short term, it will not bring a large amount of capital away from the Shanghai and Shenzhen stock exchanges to impact the domestic market.”\r\n\r\nHowever, expansion into the U.S. market was inevitable, said Haochuan Zhang, analyst with Shanghai-based consulting firm Z-Ben Advisors. “The U.S. stock market is the most developed market with bigger capacity and many high-quality listed companies,” he said. “Besides Hong Kong, mainland investment managers are also more familiar with the U.S market than with Japan and Singapore.” Such familiarity will help them better assess risks, added Zhang.\r\n\r\nThe CBRC is one of four emerging market regulators the SEC has been talking to since it conducted its first Emerging Markets Conclave in February 2007, an event designed to promote effective cross-border market oversight and facilitate efficient capital formation. SEC chairman Christopher Cox has also met with regulators from Brazil, South Africa and South Korea.\r\n\r\nLate last month, the SEC said it had begun formal discussions with Australia on a mutual recognition arrangement for the nations’ securities markets, echoing a similar announcement made with the European Commission on Feb. 1. ", {"_id": 44593, "_name": "Alex Dai" }]},
{"_name": "Trend story: war of the virtualizers", "_id": 653242, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=653242",  "values": ["Trend story: war of the virtualizers", "http://www.securitiesindustry.com/issues/19_56/22220-1.html", {"name": "April 7, 2008", "start": 1207497600, "end": 1207583999 }, "Virtualization, in one form or another, has been around almost as long as computers. When the term arose in the 1960s, it referred to the partitioning of mainframe computers. But virtualization soon became a way to let people stop worrying about the inner workings of their hardware.", "Virtualization, in one form or another, has been around almost as long as computers. When the term arose in the 1960s, it referred to the partitioning of mainframe computers. But virtualization soon became a way to let people stop worrying about the inner workings of their hardware.\r\n\r\n In the earliest days, to put something in a computer's memory you needed to know the physical location of every byte of storage. Then virtualization tools came along. Instead of deciding to store data in location #84AF, a user could enter a command--LET NAME$= \"John Smith\"--and allow the compiler to decide where NAME$ would be stored. Shortly after, disk operating systems were invented: Users could assign file names to programs and data; the operating system figured out where to put them.\r\n\r\nWithout an OS, you would have to manually track files' locations, not to mention be sure to leave plenty of room between them--if you add data a file takes up more space, and without sufficient headroom other files would have to be rearranged. Today, information technology departments face a similar challenge, only on a much larger scale.\r\n\r\nIT teams have to decide which servers will run which applications, and which devices will store which data. And they have to keep track of what goes where and be ready to shift things around if a server goes down or a hard drive breaks, or a database or application gets too large.\r\n\r\nIdeally, virtualization eliminates the distinctions between all the hardware a company owns and keeps track of what goes where. Human operators simply make sure the total amount of available space is adequate.\r\n\r\nStorage virtualization effectively turns multiple storage units into a single device, with the software placing files and ensuring effective use of space. A hardware virtualization platform does the same for servers, deciding which application goes where, usually by creating virtual machines for each individual piece of software to run on, then moving them between servers as needed.\r\n\r\nEven networks can be virtualized, building virtual private channels on top of the existing infrastructure--to isolate different kinds of traffic, for example.\r\n\r\nVarious types of virtualization technology are in use on Wall Street, says Daniel Kusnetzky, president of Osprey, Fla.-based research firm Kusnetzky Group. \"And examples of this type of technology have been in use for well over 30 years.\"\r\n\r\nToday's virtualization technology is increasingly sophisticated. \"Virtual processing software makes it possible to achieve one of several goals for all processing on a system, including higher levels of performance, higher levels of scalability, higher levels of reliability, consolidation, improved levels of agility of applications and even isolating applications from one another, giving the organization better control,\" says Kusnetzky. \"There are also ways to improve network and storage performance that are equally important.\"\r\n\r\nAnd these options, relatively new for Wall Street firms, are becoming more and more important.\r\n\r\nAccording to research firm Gartner, virtualization will be the most important tool in technology infrastructure and operations through 2010 and will dramatically change the way IT departments work. At year-end 2006 there were over half a million virtual machines running in corporate back offices; by 2009 there will be more than 4 million, estimates Gartner.\r\n\r\nAt a conference in Sydney last year, Gartner VP Thomas Bittman predicted that virtual machine hypervisor technology will be nearly free by the end of 2008, embedded into hardware by manufacturers, and into operating systems by software vendors. \"It is now less about the technology and more about process change and cultural change within organizations,\" said Bittman.\r\n\r\nNew Hypervisors\r\n\r\nUntil recently, financial firms largely had one main source for virtualization technology. \"One year ago, VMware had no serious competitors,\" asserts Bittman in a report issued March 13. But now companies such as Citrix Systems, Microsoft Corp., Oracle Corp., Sun Microsystems and Virtual Iron have new offerings, points out Bittman.\r\n\r\nPalo Alto, Calif.-based VMware, which claims more than 100,000 corporate customers, including all the major financial services firms, provides a traditional \"bare metal\" hypervisor that sits between the physical processors and operating systems, says Parag Patel, VMware's VP of alliances. \r\n\r\n Microsoft recently released the beta version of Hyper-V, software that also uses a bare-metal approach. The product is likely to work smoothly with virtual machines running Windows and is built into the soon-to-be-released Windows Server 2008, according to the company.\r\n\r\nBare-metal hypervisors are the most common, say experts. \"The benefit is that it allows you to have different operating systems\" on the same server, says Yiping Ding, VP of research and development for systems modeling at Bethesda, Md.-based network management technology vendor Opnet Technologies, which counts the Philadelphia Stock Exchange, Charles Schwab & Co., State Street Corp. and T. Rowe Price Associates among its clients. \r\n\r\n A bare-metal hypervisor is more flexible than a system that runs on top of the OS, adds Ding. \"If you put all the eggs in one basket--one server, one OS--if one application screws up, you bring down the whole system,\" he says.\r\n\r\n\"The fact that these market leaders are using this hypervisor technology means that it's pretty much the market standard,\" says Richard Whitehead, director of product marketing at Novell, citing VMWare, Hyper V and Xen. Novell supports the open-source Xen virtualization platform, as do other third-party vendors like Citrix, which in October bought XenSource, the company that founded the Xen project and offers enterprise-level virtualization tools.\r\n\r\n\"Dell and others are working on embedding the hypervisor into the chip,\" Whitehead says. \"Hypervisors are here to stay. In fact, they're commoditizing in many respects.\"\r\n\r\nLast month, Renton, Wash.-based Parallels released a beta version of its hardware virtualization product and launched a new data center management tool, Parallels Infrastructure Manager. In contrast to bare-metal hypervisors, the Parallels Virtuozzo product sits on top of the operating system. The OS-based hypervisor approach, also known as containers, is the favorite of hosting providers.\r\n\r\nThe downside is that two different operating systems can't run on the same machine. On the other hand, a firm doesn't need several full copies of the operating system if it's using the same one for all its virtual machines. Installing a full copy of Windows on each machine uses significant amounts of memory and other resources. Sharing some of the OS reduces the overhead that comes with virtualization.\r\n\r\nTypically, a securities firm consolidating multiple systems into a single data center would be working with more than one operating system and need a bare-metal hypervisor, says Corey Thomas, VP of marketing at Parallels, formerly known as SWsoft.\r\n\r\n\"But as [securities] companies start to do virtualization on a larger scale, they start to have the same problems that services providers have had,\" notes Thomas.\r\n\r\nParallels offers both OS-based and bare-metal hypervisors, says Benjamin Rudolph, the company's director of corporate communications. Its deployments were up seven times last year.\r\n\r\nAs virtual machines are loaded on a single server, overhead costs add up quickly.\r\n\r\nA major Spanish bank recently implemented 1,000 virtual machines to run wealth management and trading applications. The machines sit atop 100 physical services, says Martin Migoya, CEO of Buenos Aires-based Globant, the vendor that managed the initiative. The bank spent $4 million on the project--which took about a month--a savings of approximately $2 million over a non-virtualized approach, according to Migoya.\r\n\r\nThe costs weren't cut in half, he explains, because of the additional overhead, including OS licenses, the cost of virtualizing, and the associated services expenses. In addition, the physical servers used for the project are larger than what the company would have purchased had it not gone the virtualization route.\r\n\r\nVirtualization--like any technology--can be abused. The ease with which virtual machines can be built could lead to an explosion if employees are allowed to create them unchecked. \"Virtualization without good management is more dangerous than not using virtualization in the first place,\" says Gartner's Bittman. \"Automation is the critical next step to help organizations stop virtualization sprawl.'\"\r\n\r\nSprawl happens when IT and business managers aren't aware of how many virtual machines are running, what's on which machine and, most importantly, what security these machines have, says Tim Pacileo, principal consultant of Compass, a technology consultancy whose clients include Royal Bank of Scotland, Citigroup, Credit Suisse, UBS and other top-tier financial firms.\r\n\r\n \"This is a major problem in the securities industry due to the amount of information that has to be stored and managed due to regulatory and compliance requirements,\" notes Pacileo.\r\n\r\nSurrey, U.K.-based Compass has recently completed several virtualization projects, he says. \"Even a very large, complex organization, such as a securities firm, can deploy ten new servers in an hour,\" says Pacileo. \"And when you have a much faster deployment model, the security team needs to be able to stay in front to make sure the deployments are secure.\" \r\n\r\n To help keep up with this growth, virtualization management tools will need to continue to evolve, and an increasing array of firms such as Compass will be helping companies to take advantage of them. Framingham, Mass.-based research firm Interactive Data Corp. (IDC) estimates that the virtualization services market will grow from $5.5 billion in 2006 to $11.7 million in 2011.\r\n\r\n\"Currently, the majority of the services opportunity lies in supporting customers' initial implementations of virtualization,\" says IDC analyst Matt Healey. \"However, over the next several years, IT consulting and systems integration will begin to become the dominant opportunity as the technology becomes much more mainstream.\"\r\n\r\nApplications, Networks\r\n\r\nThough servers and storage media see the most demand, applications and networks can also be virtualized. \"If you take an application and put it in a virtual environment, you can start up multiple instances if you need more copies to handle the load,\" says Chip Schooler, director of technology advancement at Radware.\r\n\r\nThe trick is being able to find these applications once they're running. Radware helps firms manage the programs so that users are automatically sent to wherever the application is currently in operation. It also balances the loads if multiple instances of the application are active at the same time.\r\n\r\nMahwah, N.J.-based Radware has more than 5,000 customers, with financial services firms making up a large part of its business, according to Schooler.\r\n\r\nAnd Wall Street has just started to embrace the virtualization of networks. In November, JP Morgan Chase & Co. installed technology from Billerica, Mass.-based Voltaire, which provides an InfiniBand-based grid backbone.\r\n\r\nAs a result of its virtualized network, JP Morgan's data centers will evolve \"from application-based silos to unified fabrics that allow for greater agility and utilization while improving the bottom line,\" said Cory Shull, VP of investment architecture, in a statement.\r\n\r\nThe Voltaire switches and routers were installed in a risk analysis grid in JP Morgan's North Harbor, U.K. data center. The compute backbone is available for JP Morgan's internal clients, says Patrick Guay, Voltaire's SVP of marketing. More than 35 different applications are running on it, he adds.\r\n\r\nOne of the benefits of virtualizing the network is increased security, according to Guay. \"When I take a single 20 gigabit InfiniBand connection and break it up into five 4 gigabit connections, each one of those five lanes of traffic is completely separate from an OS perspective,\" he says. \"Even though there is only one physical wire going into the server, the data is protected.\"\r\n\r\nThe isolation takes place at a lower level than that of the operating system--or of a hypervisor. As a result, the network is separated from the security flaws that are typical of operating systems, he says, and it doesn't add costs in terms of processing resources. \"We're able to segment traffic without additional overhead,\" he notes.\r\n\r\n", {"_id": 720, "_name": "Maria Trombly" }]},
{"_name": "Jasdaq-OSE merger stumbling at finish line", "_id": 791229, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=791229",  "values": ["Jasdaq-OSE merger stumbling at finish line", "http://www.securitiesindustry.com/issues/19_56/22225-1.html", {"name": "April 7, 2008", "start": 1207497600, "end": 1207583999 }, "The Japan Securities Dealers Association (JSDA) announced last week that it had approved plans to sell more than 50 percent of its 72 percent stake in the Jasdaq Securities Exchange to the Osaka Securities Exchange (OSE). However, the deal, which would make OSE Jasdaq's majority owner, still has some kinks to work out.", "The Japan Securities Dealers Association (JSDA) announced last week that it had approved plans to sell more than 50 percent of its 72 percent stake in the Jasdaq Securities Exchange to the Osaka Securities Exchange (OSE). However, the deal, which would make OSE Jasdaq's majority owner, still has some kinks to work out.\r\n\r\n Jasdaq, which lists mainly technology-oriented start-ups, is Japan's answer to the Nasdaq Stock Market. OSE, the country's biggest derivatives venue and second-largest securities exchange, has since 2003 operated a similar market--Hercules.\r\n\r\nTwo years ago, fraud allegations against Internet services start-up Livedoor caused massive sell-offs on the Tokyo Stock Exchange (TSE). \"The Livedoor case gave the whole emerging [companies sector] a difficult time,\" said Jasdaq spokesperson Kensuke Morimoto. Each of Japan's six exchanges runs a start-up board, noted Morimoto, which is \"too many\" and \"could cause problems.\" He said that \"the JSDA wants to combine the Jasdaq and Hercules to stabilize the market.\"\r\n\r\nThe JSDA has also talked with the Tokyo exchange about the merger, said Morimoto, \"but the TSE is now focusing on its initial public offering so it doesn't want to be distracted.\" He added, \"There will be a three-party conference between JSDA, Jasdaq and OSE early [this] week and the final decision is expected to be made then.\"\r\n\r\nAccording to Morimoto, integrating Jasdaq and OSE should be straightforward since both run on platforms made by Tokyo-based technology company Hitachi. But differences of opinion about how to proceed have raised questions about the proposed merger, he said. \"We want to integrate the management first, but the OSE wants the systems integration first,\" explained Morimoto.\r\n\r\nOSE spokesperson Toshiyuki Nishikoji agreed that system integration is key to the deal. \"Jasdaq is developing a new system to replace its old one,\" he said. \"But if they are acquired by us, the new system is not needed.\"\r\n\r\nHowever, Yumiko Manchu, Tokyo-based analyst with Boston-based research firm Celent, said the real issue is that Jasdaq wants to remain independent. \"It has been resisting the offer from OSE,\" she said. \"If OSE conducts its takeover bid without the Jasdaq buy-ins, they are most likely to fail.\" ", {"_id": 42100, "_name": "Frances Wang" }]},
{"_name": "New joint Instinet-Samsung crossing network for Korean equities", "_id": 766590, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=766590",  "values": ["New joint Instinet-Samsung crossing network for Korean equities", "http://www.securitiesindustry.com/issues/19_55/22202-1.html", {"name": "March 31, 2008", "start": 1206892800, "end": 1206979199 }, "Samsung Securities Co. and agency brokerage Instinet are announcing today that they will launch Korea's first crossing network, KoreaCross, on April 7.", "Samsung Securities Co. and agency brokerage Instinet are announcing today that they will launch Korea's first crossing network, KoreaCross, on April 7.\r\n\r\n New York-based Instinet will jointly operate KoreaCross, which has received approval from Korea's Ministry of Finance and the Korea Exchange (KRX), with Seoul-based Samsung Securities, the country's biggest investment bank. The companies anticipate the platform attracting more liquidity to the budding Korean equities market.\r\n\r\nInstinet--a subsidiary of Japan-based Nomura Holdings--already has two alternative trading systems (ATS) operating in the Asia-Pacific region, both in Japan: JapanCrossing, an undisplayed block trading venue that opened in 2001; and matching platform CBX Japan, which started up in 2003. It is currently seeking regulatory approval to add an ATS in Australia to its Chi-X-branded platforms in Canada and Europe.\r\n\r\n\"The large portfolio managers, who are already in Japan, can easily access Korea- Cross since they all know the system,\" Christian Chan, Instinet's head of electronic trading for Asia, told Securities Industry News. He pointed to a noticeable shift in \"investors' attention from developed countries to emerging markets in Asia. They first went to Japan, and now they will get a chance to enter Korea easily and anonymously.\"\r\n\r\nInstinet's 1,500 global institutional clients, including hedge funds, traditional asset managers, mutual funds and pension funds, will all have access to KoreaCross through the firm's Newport execution management system. And the Samsung partnership will bring even more flow, noted Chan--Samsung Securities has about 450 institutional customers globally and another 120 domestic institutional and retail clients.\r\n\r\n\"What sets KoreaCross apart from some other platforms is the liquidity from Samsung's Korean institutional and retail clients that will be provided for Instinet's non-Korean client base to match with,\" he said. \"Liquidity is the most important factor in the success of any crossing network, and we feel as if we bring that through our relationship with Samsung.\"\r\n\r\nThe ATS will allow clients to trade large blocks while avoiding market impact, according to Y.K. Joo, head of equity sales at Samsung Securities. \"It is useful for traders who wish to move large numbers of shares without revealing themselves to the open market.\"\r\n\r\nKoreaCross will match buyers and sellers at market-neutral benchmark prices at 8:30 a.m. Korean time--half an hour prior to the opening bell at KRX. Orders will be aggregated to more easily allow customers to meet the Korean market's 100 million won ($1 million) minimum size. The liquidity will not be displayed on order books, but all KoreaCross trades will be settled through KRX in compliance with the Korea Securities and Futures Exchange Act of 2004, said Joo.\r\n\r\nKorean Transformation\r\n\r\nThe new venue's arrival could signal a transformation for the Korean market, similar to what has already taken place in the U.S., according to Sang Lee, managing partner at Boston-based research firm Aite Group.\r\n\r\n\"We have seen a trend toward smaller trade sizes,\" Lee said. \"There is also an increasing difficulty in taking care of large institutional orders in the open public markets and making sure that the orders don't end up causing serious market impact. The Korean Stock Exchange is also fully electronic--when you add up all these things together, obviously it does create an environment where alternative trading systems can be successful.\"\r\n\r\nThe slowdown in the U.S. and European economies is also likely to have an effect, noted Instinet's Chan, causing flow to move to Asia. KoreaCross could see volumes similar to ATSs in Japan, Europe and the U.S., he suggested. \r\n\r\n But unlike the U.S., noted Lee, Korea's market is dominated by a single exchange, which could make it difficult to jump-start a new system.\r\n\r\n\"If you take block trading as an example, a lot of the relationships that exist right now are built on personal relationships,\" said Lee. \"And just because you are launching an electronic trading platform, it doesn't mean that those long-established relationships will go away.\" \r\n\r\n As investor interest in Asian securities increases, other providers may follow with venues of their own, observed Neil Katkov, SVP of Boston-based Celent's Asia research group in Tokyo. \"BNP Paribas has also started a crossing network in Japan and a number of other firms are planning to soon,\" including Merrill Lynch & Co. and UBS, he said. BNP Paribas launched its BIX crossing network in Tokyo last summer and plans to open one in Hong Kong in May.\r\n\r\nSecurities firms are receptive to these platforms because trading revenues have been dwindling due to competition, he said. \"They are looking to boost revenues and to hold on to customers by introducing services that would appeal to the buy side,\" Katkov said. These include crossing networks, algorithmic trading, dark pools and other execution services.\r\n\r\nCrossing networks are similar to dark liquidity pools--platforms that allow investors to remain anonymous and not disclose prices that might move markets--except that dark pools are typically managed by independent firms, while crossing networks are typically run by brokerages, said Katkov.\r\n\r\n\"There is a lot of movement and this Instinet initiative in Korea is part of the early wave,\" he said. \"Global brokerages are trying to enter the market early because they see change coming and they want to be prepared for it.\"\r\n\r\n-------------\r\n\r\nInstinet announced last week that it is adding smart-order routing capabilities to its Chi-X Canada platform. Beginning in early April, Chi-X will route to all displayed Canadian venues, enabling users to capture the best available price, said Instinet, adding that Chi-X will be the first Canadian market center to offer such functionality.\r\n\r\nTal Cohen, head of Chi-X Canada, which launched on Feb. 20, explained that a customer will be able to route an order on Chi-X Canada and, \"if the best price exists on one of the other three displayed market centers in Canada--the Toronto Stock Exchange [TSX], Pure Trading, Omega ATS--we will automatically route the order to it. This is a major factor in whether a client receives best execution.\"\r\n\r\nAdded Cohen, \"We believe that this functionality, combined with advanced order types and its fast-speed, low-cost model makes Chi-X Canada an extremely unique and attractive market for Canadian equities.\"\r\n\r\nChi-X Canada also said last week that it has completed symbol migration of all TSX-listed securities. The symbol migration of approximately 2,200 stocks was completed ahead of schedule, according to the ATS, which rolled out with ten names. \"Our intention from day one has been to offer trading for TSX senior equities,' which provide the overwhelming majority of Canadian liquidity,\" said Cohen. \"We're pleased to have completed this migration in less than a month.\"\r\n\r\nTony Mackay, CEO of Chi-X Global, the holding company for the Chi-X platforms, said the company is \"encouraged by the early results of Chi-X Canada and expect trading volumes to continue to increase now that our symbol migration is complete.\" ", {"_id": 580020, "_name": "Mayur Pahilajani" }]},
{"_name": "Security and SaaS", "_id": 699677, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=699677",  "values": ["Security and SaaS", "http://www.securitiesindustry.com/reports/19_49/22183-1.html", {"name": "March 24, 2008", "start": 1206288000, "end": 1206374399 }, "Salesforce.com reached a milestone last fall: 1 million people using the online software company to host their customer relationship management systems and other key business processes. Those users were at more than 1,600 financial services firms including ABN Amro, SunTrust Banks, Daiwa Securities and Bear Stearns--Merrill Lynch & Co. alone accounted for 25,000.", "Salesforce.com reached a milestone last fall: 1 million people using the online software company to host their customer relationship management systems and other key business processes. Those users were at more than 1,600 financial services firms including ABN Amro, SunTrust Banks, Daiwa Securities and Bear Stearns--Merrill Lynch & Co. alone accounted for 25,000.\r\n\r\n That amounts to a big cultural shift. As recently as 2005, financial firms kept all their customer data close, behind corporate firewalls, in steel safes. Wall Street hardly seemed ready to entrust that data to a start-up. However, Salesforce.com challenged that thinking by proving, first to Merrill Lynch and then others, that its security was as good as a bank's. With trust came respectability and customers, as well as unwanted attention from hackers.\r\n\r\nIn October, the San Francisco-based company acknowledged that it had lost data in an attack. \"A Salesforce.com employee had been the victim of a phishing scam that allowed a Salesforce.com customer contact list to be copied,\" said technology EVP Parker Harris in a letter to customers. \"To be clear, a phisher tricked someone into disclosing a password, but this intrusion did not stem from a security flaw in our application or database.\"\r\n\r\nAccording to Harris, the contact list included full names of Salesforce.com clients, company names, e-mail addresses, telephone numbers and other \"administrative information.\" The hackers used the data to send e-mails to Salesforce.com customers, attempting to gain access to their accounts. \"A small number of our customers began receiving bogus e-mails that looked like Salesforce.com invoices, but were not--they were also phishes,\" said Harris. \"Unfortunately, a very small number of our customers who were contacted had end users that revealed their passwords to the phisher.\"\r\n\r\nSunTrust and Automatic Data Processing (ADP) were reportedly among those firms. \"It has been determined that the stolen e-mail contact information in this database is being used to notify clients and others with the from' address spoofed to look like a valid ADP e-mail address,\" ADP said in a statement.\r\n\r\nIn response to the incident, Salesforce.com conducted a security analysis to find the source of the leak and contacted all of its clients, warning them about fraudulent e-mails. It also conducted an online security seminar for customers.\r\n\r\nHowever, some clients complained that it took Salesforce.com several months to react, with the initial breach reportedly occurring in March. Salesforce.com officials repeatedly turned down media interview requests following the incident, and provided no additional details of what went wrong. When contacted by Securities Industry News for this article, Salesforce.com declined to comment.\r\n\r\nPrecautionary Measures\r\n\r\nThe event underscores the potential dangers of putting sensitive data in the hands of a third party. Even otherwise innocuous information can give hackers ammunition against a target's defenses. To protect against that, financial services users of Salesforce.com and other software-as-a-service (SaaS) providers are working to safeguard client access to the applications, running security audits of the providers and educating users about how to interact with them.\r\n\r\nMessages between SaaS vendors and their users are sent over the public Internet. While this may seem risky, it's actually the most secure step--the messages are encrypted using the same techniques employed by online retailers and e-brokerages. The client computer, on the other hand, is extremely vulnerable: There might be a Trojan or a virus on it, secretly collecting passwords; it could be physically stolen; or the computer itself could be a hacker.\r\n\r\nTo bolster the client side of the SaaS relationship, some firms are requiring users to first sign in to the corporate network, running regular security checks on client machines, and using tokens or other two-factor authentication techniques.\r\n\r\nBut as on-demand applications proliferate, users can get lax about following correct procedures and keeping track of the different passwords and log-ins. Some companies are offering single-sign-on solutions, and vendors like Salesforce.com are working to integrate easier log-in procedures with individual firms' policies.\r\n\r\nSolutions are also available from vendors such as Los Gatos, Calif.-based TriCipher, which on Feb. 25 introduced a product, myOneLogin--also an SaaS offering--that can act as a gateway to multiple online applications. The service is compatible with Salesforce.com, Cisco Systems' online meeting platform WebEx, and Google Apps, which lets firms share online documents, spreadsheets and presentations. It also works with other vendors and even internally developed Web applications that use standards-based access and authentication controls. \r\n\r\n Another approach is to limit customers' access to information. For example, Forex Capital Markets (FXCM), a Salesforce.com client, enforces tight controls over security permissions and privileges. \"The flexibility that Salesforce allows us to have is paramount to our success,\" said Sharifa Shafi, a business analyst at New York-based FXCM, in a statement.\r\n\r\nLoss of Control \r\n\r\n For financial firms using SaaS, the biggest problem may be the loss of control. \"Even with service-level agreements in place, at the end of the day that's not going to save you if everything is lost or stolen,\" said David Boissonneault, IT infrastructure manager at Manitoba, Canada-based brokerage firm Wellington West Capital.\r\n\r\nBoissonneault said that his number-one concern is a vendor's systems being compromised along with his company's data. \"Not managing the infrastructure around this application, we would have no way of knowing for ourselves if this even happened unless we were told or found out the hard way,\" he said. \"I prefer to host data relating to clients internally since the risk associated with this is far too great to have a third party take responsibility for.\"\r\n\r\nHowever, Boissonneault said he does use SaaS vendors for applications that are not mission-critical--\"it won't make or break the firm if something unfortunate were to happen.\"\r\n\r\nOne security advantage that SaaS vendors might have is easier management of patches and other security fixes, he noted, since they all take place in a centralized location. \"I do believe that eventually there might be some [other] real security advantages, they just aren't apparent yet,\" added Boissonneault. He recommends that firms carefully screen their vendors, matching the sensitivity of the data to their level of trust in the provider.\r\n\r\n\"We get scrutinized against various reference models,\" said Steve McCalmont, CEO of Nashua, N.H.-based risk assessment software provider Avior Computing Corp. Avior offers an online service that guides companies through the process of evaluating their vendors. Most customers are large financial institutions, according to McCalmont, and the evaluation models include those from the Financial Services Roundtable's Bits division and the Gramm-Leach-Bliley Act standards, among others.\r\n\r\nThe risk analysis tools that Avior uses to rate third-party providers are the same ones it turns on its own hosting services, he added.\r\n\r\nVendors like Avior actually have an advantage when it comes to security, claimed McCalmont. \"The total resources of our company are dedicated to making sure our application is safe, secure and fireproof, whereas if we go to any of our major customers, their IT department may be supporting 2,000 or 3,000 different applications. It's a different model of security and threat analysis.\"\r\n\r\nHuman Fallibility\r\n\r\nBut as the Salesforce.com phishing incident illustrates, even the best security can't protect against human error--though it can help reduce the consequences. One of the biggest security problems that firms have faced over the past few years has been the human propensity to lose things.\r\n\r\n\"A lot of times what happens is that a third-party vendor has information on a laptop and then leaves the laptop in a taxi cab,\" said Bill Jensen, product marketing manager of Redwood City, Calif.- and Tel Aviv-based Check Point Software Technologies, which makes security gateways used at many top global financial institutions.\r\n\r\nTo prepare for such mishaps, said Jensen, firms should insist that any data that leaves the vendor's secure location be encrypted.\r\n\r\nAnd users need to be educated, experts say, on telling the difference between legitimate e-mails and phishing attempts, keeping their protections up to date, and guarding their passwords. Proper oversight can help here too. Check Point, for example, offers a product called Integrity Clientless Security that can scan a user's machine to ensure that there's a working antivirus program, a firewall, and no Trojans, spy programs or key-loggers running in the background.\r\n\r\n\"That does create a level of confidence in the end user,\" Jensen said. \"It makes sure he has a good clean machine.\"\r\n\r\nAccording to research firm Gartner, the SaaS industry will see a compound annual growth rate of 22.1 percent through 2011--twice the rate of software in general. At Salesforce.com, the phishing problems have not been a barrier to growth: 2,900 customers signed up for the service in the quarter ending Jan. 31, helping to propel the vendor to record-high earnings. ", {"_id": 720, "_name": "Maria Trombly" }]},
{"_name": "Security in a virtualized environment", "_id": 704922, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=704922",  "values": ["Security in a virtualized environment", "http://www.securitiesindustry.com/reports/19_49/22185-1.html", {"name": "March 24, 2008", "start": 1206288000, "end": 1206374399 }, "Dividing a server into multiple virtual machines has brought down firms' purchasing costs and allowed for more efficient use of existing hardware. However, virtualization also poses security risks and challenges, including managing a more complex network, additional layers of technology, potential data leaks as multiple virtual machines share common communication lines, and the threat of rogue machines.", "Dividing a server into multiple virtual machines has brought down firms' purchasing costs and allowed for more efficient use of existing hardware. However, virtualization also poses security risks and challenges, including managing a more complex network, additional layers of technology, potential data leaks as multiple virtual machines share common communication lines, and the threat of rogue machines.\r\n\r\n The most common form of virtualization entails creating a layer--a hypervisor--between the cold, hard metal of the server and the virtual machines that sit on top of it. Each virtual machine has its own operating system and runs its own applications.\r\n\r\nBut someone who gains access to the hypervisor level could damage all the virtual machines, potentially bringing down multiple applications. \"Server virtualization technologies are prone to security issues if the requisite security architecture and best practices are not in place,\" says Eric Greenfeder, director of product management at San Francisco-based technology consultancy Primitive Logic.\r\n\r\nProblems can also spread from one machine to another. \"Security vulnerabilities in a single virtualized guest operating system can undermine the security of other virtual machines as well as the virtualization layer,\" notes Greenfeder.\r\n\r\nOne difficulty is that the hypervisor layer exists outside the operating system--something without which most security applications such as firewalls and antivirus software cannot run. Security software vendors, virtualization technology providers and even hardware shops have all stepped forward to offer solutions.\r\n\r\nVulnerable OSs\r\n\r\nParag Patel, VP of alliances at Palo Alto, Calif.-based VMware, says his company's new VMsafe allows security vendors to connect directly to the VMware infrastructure. \"We're enabling security products to have a lot more power,\" he asserts.\r\n\r\nA hypervisor layer, which is much thinner than the heavy operating systems on top of it, presents a tiny target, points out Patel. \"The hypervisor has a much smaller footprint--so that gives you more protection, less holes, less vulnerability,\" he says. \"In fact, virtualization provides a more isolated and protected environment. A lot of vulnerability comes from operating systems.\"\r\n\r\nIntel Corp. is working on ways to build protection into the hardware of the server. \"Intel developed Intel Virtualization Technology--hardware assists for virtualization--to increase the robustness and reliability in virtualization software,\" says Radhakrishna Hiremane, product marketing engineer at Santa Clara, Calif.-based Intel.\r\n\r\nNetwork-based security tools such as firewalls, intrusion detection systems and monitoring applications can protect a server from the outside, says Greenfeder of Primitive Logic.\r\n\r\nOnPath Technologies, for one, provides network virtualization services, essentially creating separate networks within a single connection to keep data and messages isolated. The Marlton, N.J.-based company also provides monitoring tools to keep an eye on the network--and to shut down pieces of it quickly when necessary.\r\n\r\n\"If you were to have an application server or a file server on that storage device that contains sensitive financial data--trading records, customer data--and you were accidentally to plug in a network connection on the public side of the firewall, that sensitive data could be exposed to hackers or anyone else\" with access, says OnPath president and CEO Peter Dougherty. \"It's very simple to expose corporate data in that manner, due to human error. Our products guard against that.\"\r\n\r\nOnPath currently has over 300 installations, including more than two dozen of the world's largest securities firms, Dougherty says.\r\n\r\nLeaky Machinery\r\n\r\nWhen two or more virtual machines share a physical server, they also share the network cables, access to storage, and any other attached communication devices. As a result, data intended for one machine might wind up being read by another. Sensitive financial data could spill over into a less secure, or even public, environment.\r\n\r\nGreenfeder recommends that administrators consider the security requirements of individual applications when deciding how to arrange them on virtual hosts. Virtual disk encryption can help safeguard data stored on a disk accessible by more than one virtual machine, and the same applies for networked storage, he says.\r\n\r\n Some protection against data leakage can be built into the hypervisor level. Patel says that VMware's hypervisor product provides isolation for virtual machines. \"With the hypervisor, we have been able to create a lot of advanced features and functions because we can directly manage the hardware,\" says Patel. \"It allows virtual machines to be cordoned off, and create completely separate networks. It's up to the user whether they want them to share information.\"\r\n\r\nWhile it may be difficult to keep up with the security patches, antivirus definitions and software upgrades for one machine, management overhead increases substantially when that machine has ten different virtual servers running on it. Manual oversight becomes a major challenge, and management software comes into play.\r\n\r\n On the positive side, virtualization management tools create opportunities for system administrators to enforce security policies at system start-up and shutdown, when pausing virtual machines, cloning them or moving them, says Joe Fitzgerald, CEO of Mahwah, N.J.-based virtualization management software company ManageIQ. That allows security and compliance administrators to apply fine-tuned policies to their environment.\r\n\r\nBut to the extent that management software makes it easy to set up and create a virtual machine for legitimate uses, it also makes it possible for someone to do the same for nefarious reasons. \"Virtual systems are easy to copy, and the availability of portable media makes it easy for a malicious operator to walk out with an entire production system that they can attack at their leisure,\" explains Fitzgerald.\r\n\r\nThe speed at which virtual machines can be created also presents opportunities for worms and viruses to propagate within a corporate network, according to a study conducted by Tal Garfinkel, a graduate student in Stanford University's computer science department.\r\n\r\n\"When worms hit conventional networks they will typically infect vulnerable machines fairly quickly,\" Garfinkel says in the report. \"Administrators can usually identify which machines are infected quite easily, clean up the infected machines, patch them to prevent re-infection, and rapidly bring the network back into its steady state.\"\r\n\r\nFor networks populated with virtual machines, however, this approach doesn't always work. \"Infected virtual machines appear briefly, infect other machines, and disappear before they can be detected and their owner identified,\" says Garfinkel.\r\n\r\nRogue Machines\r\n\r\nForgotten virtual machines don't get patched on time and can provide viruses and worms a way into a corporate network. But the situation is worse when administrators don't even know they were there to begin with.\r\n\r\nVirtual machines can be created by individual users without any oversight from IT administrators--VMware offers free virtualization software that can be downloaded off the Internet. \"Virtual machines are really easy to create, to the point where you can create one on your desktop,\" says Richard Whitehead, director of product marketing at Waltham, Mass.-based Novell. \"What you end up with is virtual sprawl. You have so many of these things ... that you don't know what virtual machines are out there, if they're patched.\"\r\n\r\nA trusted employee can also create a virtual machine in order to have a safe place in which to release a virus, or do other things beyond the reach of prying eyes. \"You could run an application then delete the entire virtual machine to erase your tracks,\" says Whitehead.\r\n\r\nNovell offers software to help track virtual machines, and also to lock down computers so that users cannot create the machines on their own. \"The simplified side of virtual machines is that you can track them,\" says Whitehead. \"And your environment actually becomes more secure, in my opinion.\" ", {"_id": 720, "_name": "Maria Trombly" }]},
{"_name": "Tianjin wants to launch OTC market", "_id": 733382, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=733382",  "values": ["Tianjin wants to launch OTC market", "http://www.securitiesindustry.com/issues/19_54/22161-1.html", {"name": "March 24, 2008", "start": 1206288000, "end": 1206374399 }, "The China Securities Regulatory Commission (CSRC) is planning to develop a national over-the-counter stock exchange, according to the Beijing Times. The OTC market would be established after the launch of a proposed growth enterprise market (GEM) in Shenzhen for Chinese start-ups, said CSRC vice chairman Fan Fuchun at the Chinese parliament's annual session earlier this month.", "The China Securities Regulatory Commission (CSRC) is planning to develop a national over-the-counter stock exchange, according to the Beijing Times. The OTC market would be established after the launch of a proposed growth enterprise market (GEM) in Shenzhen for Chinese start-ups, said CSRC vice chairman Fan Fuchun at the Chinese parliament's annual session earlier this month.\r\n\r\n \"With the establishment of the OTC [exchange] and the GEM, companies will get more finance-raising options,\" Fan said. \"It will also help both investors and companies get an accurate assessment when making funding decisions, correspondingly reducing the risk.\" Although he did not disclose a timeframe for the OTC market, Fan said that GEM will be introduced soon after the annual session, which ended last week. CSRC officials declined to elaborate.\r\n\r\n\"There is a long way to go before the final establishment of the OTC exchange, as no related regulations or legal rules have been released yet,\" said Yan Xie, analyst with Shanghai-based Hai Tong Securities. If GEM does not operate smoothly, he noted, \"the OTC launch will probably be postponed until the regulator can solve the problems.\"\r\n\r\nThough the two markets may overlap, according to Xie, \"GEM will focus on fast-growing, small, tech-related companies, while the OTC market will focus on small, general companies.\" There are currently about 1,400 Chinese companies listed on the Shanghai and Shenzhen stock exchanges, he said, adding that the number of unlisted large and midsized enterprises could be much higher than that.\r\n\r\nTianjin in northern China has applied to host the OTC exchange, proposing that the market be built in the Tianjin Binhai New Area. \"To build the OTC market in Tianjin is in line with the government's policy to develop the Bo River economic zone,\" Li Zhantong, a Tianjin delegate, told the state-owned Securities Daily. \"It will enhance the city's financial power.\" Added Xie, \"Although Tianjin has a disadvantage in the lack of brokerages and large to medium-sized enterprises, it may still benefit from favorable policies from the government.\" ", {"_id": 44593, "_name": "Alex Dai" }]},
{"_name": "Future Bright for Japan's Alternative Trading Venues", "_id": 658045, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=658045",  "values": ["Future Bright for Japan's Alternative Trading Venues", "http://www.securitiesindustry.com/issues/19_53/22155-1.html", {"name": "March 17, 2008", "start": 1205683200, "end": 1205769599 }, "Volumes on Japan's alternative trading platforms rose 156 percent last year, driven by demand from both retail and institutional investors drawn by features such as off-hours trading, competitive prices and new trading tools.", "Volumes on Japan's alternative trading platforms rose 156 percent last year, driven by demand from both retail and institutional investors drawn by features such as off-hours trading, competitive prices and new trading tools.\r\n\r\n The fast-growing destinations--called proprietary trading systems (PTSs) in Japan--include retail-oriented Japannext and Monex Nighter, which offer over-the-counter and exchange-listed stocks when the country's exchanges are closed.\r\n\r\nAccording to the PTS Information Network, a subsidiary of the Japan Securities Dealers Association, over 1 billion shares were executed on PTSs in 2007, up from 398 million in 2006. In January 2008, volumes reached 144 billion yen ($1.4 billion), compared to 70 billion yen ($675 million) in the same month last year.\r\n\r\nThe continued growth of the venues will depend heavily on retail investors, according to Yumiko Manchu, an analyst in Tokyo for Boston-based research firm Celent.\r\n\r\n\"One of the major changes within the Japanese economy in recent years has been the increased participation in the securities market by retail investors,\" said Sang Lee, managing partner at Boston-based Aite Group, in a recent report. \"Driven by the rapid adoption of online trading, Japanese consumers have become an integral part of overall market growth.\"\r\n\r\nSBI Japannext Co., jointly owned by Japan's biggest online retail broker, SBI Holdings, and Goldman Sachs, is open from 7 p.m. to midnight, when its retail customers are home from the office. A recent market entrant--it received its securities license in March 2007 and its PTS license in June--Japannext uses a trading system supplied by AEMS, a Paris-based subsidiary of NYSE Euronext.\r\n\r\nUntil recently, PTSs--first allowed by Japanese regulators ten years ago--were typically run by securities firms that limited trading to their internal order books. That was preventing expansion, says Manchu, adding that \"PTS trading accounts for only 2 percent of the total trading volumes, and in retail trading, it is less than 1 percent.\" But Japannext's success may bode well.\r\n\r\nCurrently, three Tokyo-based brokers--Goldman Sachs (Japan), SBI E-Trade Securities and Click Securities--connect to Japannext, according to SBI spokesperson Tomoko Kamei. \"We estimate that this year, the number will go up to six or eight,\" she adds. Rakuten Securities, a large online brokerage firm, is expected to join soon.\r\n\r\n\"The average turnover volume of Japannext is around 1 billion yen [$9.3 million] per day and it is increasing rapidly,\" says Kamei--its biggest day thus far was $25 million.\r\n\r\nJapan's oldest PTS is Monex Nighter, which Tokyo-based securities firm Monex opened in 2001. It operates from 5:30 p.m. to midnight.\r\n\r\n\"The most attractive thing about Nighter is its trading method,\" says Monex spokesperson Mina Kanai, which is based on the Tokyo Stock Exchange's day-end closing price. Because it doesn't change overnight, \"it's easy for people to trade on a set price.\"\r\n\r\nRetail investors currently account for about 40 percent of PTS volumes, according to Celent's Manchu. To bring in new customers, the platforms will need to expand their hours and enhance their services, she adds, citing sophisticated trading tools, charts and analysis, real-time blotters and data feeds.\r\n\r\nMonex, which has 800,000 users, took a step in that direction last summer, with the introduction of mobile phone-based trading. It also offers its clients news reports, company background information and other trading tools. More complex quantitative analysis services are available for an additional fee.\r\n\r\nFor institutional traders, New York-based agency brokerage Instinet--a subsidiary of Japan's Nomura Holdings--operates dark liquidity platform JapanCrossing, which is licensed as a PTS and has been trading since 2001. Institutional investors can move large blocks on the undisplayed venue while minimizing market impact and information leakage.\r\n\r\n\"The average daily consideration traded in Q4 2007 was $117 million, which represents a 281 percent increase year-on-year,\" says Christian Chan, Instinet's head of electronic trading for Asia. \"Additionally, we are seeing roughly 2.5 percent of the Tokyo Stock Exchange's total daily turnover flow through JapanCrossing every day.\"\r\n\r\nThe majority of JapanCrossing users are non-Japanese firms trading Japanese equities, though the number of domestic clients has grown significantly in recent months, according to Chan. Unlike the PTSs that target retail flow, JapanCrossing's trading session runs from 8:00 a.m. to 5:00 p.m.\r\n\r\nOther dark liquidity venues are eyeing the Japanese market. New York-based Liquidnet, for example, reports that more than 35 of its members have trading operations in Japan. Last March, the company received a Japanese brokerage license, the first step toward opening formal trading operations in the country. ", {"_id": 42100, "_name": "Frances Wang" }]},
{"_name": "When Disaster Strikes: Infrastructure Issues Spurring New Approaches to Outsourcing", "_id": 650934, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=650934",  "values": ["When Disaster Strikes: Infrastructure Issues Spurring New Approaches to Outsourcing", "http://www.securitiesindustry.com/issues/19_52/22105-1.html", {"name": "March 10, 2008", "start": 1205078400, "end": 1205164799 }, "So far this year, a record-breaking snowstorm left much of China without power and two severed undersea cables took India off the Internet. Neither of these incidents made securities firms with outsourced operations particularly confident, and bad weather and infrastructure problems aren't the only cause for rattled nerves.", "So far this year, a record-breaking snowstorm left much of China without power and two severed undersea cables took India off the Internet. Neither of these incidents made securities firms with outsourced operations particularly confident, and bad weather and infrastructure problems aren't the only cause for rattled nerves.\r\n\r\n \"Rising wages, lack of attractive locations, a shrinking talent pool, cost factors and global financial turmoil,\" lists Sudin Apte, a Pune, India-based senior analyst at Forrester Research.\r\n\r\nBut Mother Nature is even more unpredictable. One day in 2005, Mumbai got 37 inches of rain--the damage was estimated at $690 million. \"Offices and homes were flooded with seven feet of water,\" recalls Shan Nair, director of Mumbai-based Nair & Co., which provides accounting and human resources support to U.S. financial firms. \"There was no power, there was no T1 line.\"\r\n\r\nNair was able to send accounting data to all his clients before the power and the Internet went out--except for one in Cupertino, Calif. Fortunately, the company had diversified its infrastructure and owned both a power generator and an alternate connection to the Web--a laptop with a satellite link. \"It was very slow,\" Nair admits. \"But we did manage to get this last key set of financial accounts out in time.\"\r\n\r\nGlobeOp Financial Services, a hedge fund administrator with offices in London and New York, opened its Indian operation in 2003. The firm was used to building redundant IT architecture to create competitive advantage, according to CEO Hans Hufschmid: \"We had the 9-11 attacks on the World Trade Center--we survived that with no problem.\" The key, he says, is building redundant architecture. \"We applied the same principles in India.\"\r\n\r\nAs a result, GlobeOp--which now has more than 1,150 of its 1,700 total employees in the Mumbai area--had redundant connections in place when the Internet cables were damaged in January.\r\n\r\nGlobeOp also has redundant data centers scattered geographically. Although the people using them may be in Mumbai, the physical servers are in New York City and in upstate New York, says Hufschmid. There is a small facility in India for the local network, but the Indian office accesses the U.S.-based center via a private wide area network--which makes the online connection that much more important.\r\n\r\n\"Best-practice vendors have been able to mitigate outages by having in place adequate backup of two, sometimes even three service providers for such services as telecom,\" says Arjun Sethi, who heads the offshoring consulting team at Chicago-based AT Kearney. \"In situations with natural disasters, vendors have been able to assure continuity because of adequate backup and disaster-recovery measures.\"\r\n\r\nFinancial firms in particular demand solid disaster-recovery plans. Vendors appear to be delivering on that count and as a result are retaining customers even as natural--and technological--disasters continue to make headlines. \"We have not seen financial firms bring work back specifically due to infrastructure-related challenges,\" Sethi says.\r\n\r\nStill, the most effective way to protect against such events is to not be there when they happen. Geographic diversity--using multiple outsourcing destinations instead of concentrating resources in a single location--allows companies to guard against massive failures in power or communication infrastructures and reduce operational risk.\r\n\r\n\"Diversification could help in terms of a disaster-recovery site or a hot site where an organization could maintain skilled manpower that could seamlessly pick up work that is of a business-critical nature,\" says Sethi. For example, \"A leading financial institution's back office is in Chennai and it maintains additional locations in and around Southeast Asia where they can maintain business-critical applications and processes.\"\r\n\r\n Having offices in more than one city in a country or in multiple countries is particularly attractive to financial institutions, notes Sethi.\r\n\r\nDiversifying geographically also helps protect a company against other physical challenges, such as a shortage of real estate or transportation bottlenecks. \"Tier-one cities are getting more congested with construction,\" observes Sourabh Kaushal, a Mumbai-based analyst with Frost & Sullivan. \r\n\r\n GlobeOp is currently looking for a replacement for its oldest office in Mumbai--but after that, says Hufschmid, the next expansion step will be outside the city. \"We have debated whether that is going to be somewhere else in India or whether we should look somewhere else in the Far East,\" he says. \"In that case, to me, the Philippines could be one of the logical places to go.\" Chennai and Hyderabad are currently Hufschmid's top candidates if the company continues to expand in India.\r\n\r\nConcentrating operations in Mumbai creates significant staff-retention challenges as an increasing number of foreign financial firms and international and domestic outsourcing vendors compete for the same employees.\r\n\r\n\"Because we train employees so well, they are in high demand from investment banks,\" says Hufschmid. \"They like to try to poach our people--often without even meeting them.\"\r\n\r\nAccording to Apte of Forrester, 15 percent to 18 percent of employees in the Indian outsourcing industry change jobs every year. That percentage rises to 21 percent for those who've graduated from college in the last three years.\r\n\r\n\"Today, international banks are looking for a lot of people, but they are not able to attract talent,\" says Apte. \"And the quality of available people is dropping. The number of educated candidates is not enough for the jobs being offered, so the available qualified candidates demand higher wages.\"\r\n\r\nEven Indian outsourcing firms are looking beyond their borders for employees. Wipro Technologies, for example, has acquired several consulting firms in the U.S. and Europe over the past few years. Wipro and other Indian vendors have also been among the leaders in setting up operations in China.\r\n\r\n\"The idea is also to tap into different talent pools in the local regions,\" says G.K. Prasanna, SVP of technology infrastructure services at Wipro, \"to provide resilient delivery of the solutions and a follow-the-sun delivery model\" whereby services can be provided to clients during their daytime hours. For securities firms, \"we will have two locations simultaneously engaged to deliver the services. For one client it will be in Bangalore and Pune, while for the other it could be in Bangalore and Singapore.\"\r\n\r\nDiversity may sound good on paper, but it's not necessarily a quick fix. Gaurav Agrawal, head of knowledge process outsourcing and operations at Hyderabad-based Karvy Global Services, says that smaller countries may have even more infrastructure issues than India. Agrawal says that Karvy, which provides research and analysis services to U.S. banks, brokerages and hedge funds, among other financial industry clients, was up and running 15 minutes after the recent Internet outage.\r\n\r\n\"It requires a lot to ensure a continuous engagement and delivery process,\" he says. \"In small countries, they might have network security issues, failures from virus attacks--and outages.\"\r\n\r\nThen there's the management overhead. Adding even a second country can create twice the hassles--\"two sets of contracts, the cost of coordination, two sets of people,\" says C.V. Ramachandran, a sourcing consultant at New York-based AlixPartners.\r\n\r\n", {"_id": 580020, "_name": "Mayur Pahilajani" }]},
{"_name": "NYSE Buys MCX Stake", "_id": 679681, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=679681",  "values": ["NYSE Buys MCX Stake", "http://www.securitiesindustry.com/issues/19_51/22070-1.html", {"name": "March 3, 2008", "start": 1204473600, "end": 1204559999 }, "NYSE Euronext has agreed to pay 2.4 billion rupees ($60 million) for a 5 percent stake in the Multi Commodity Exchange of India (MCX), the country's largest commodity exchange, the companies announced on Feb. 15. The deal is expected to close by June.", "", {"_id": 580020, "_name": "Mayur Pahilajani" }]},
{"_name": "Pre-trade Compliance: Better, Cheaper, Faster", "_id": 614652, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=614652",  "values": ["Pre-trade Compliance: Better, Cheaper, Faster", "http://www.securitiesindustry.com/reports/19_46/22038-1.html?page=1", {"name": "February 18, 2008", "start": 1203264000, "end": 1203350399 }, "At the heart of Societe Generale's recent EUR4.82 billion ($7.01 billion) in losses from unauthorized trades is the fact that the accused trader--Jerome Kerviel--was able to use his knowledge of the system to get around the checks and balances. Kerviel, an equities trader, started in the back office and had maintained the French bank's compliance technology. Societe Generale has acknowledged that he understood the trade processing and control procedures and knew how to avoid them.", " At the heart of Societe Generale's recent EUR4.82 billion ($7.01 billion) in losses from unauthorized trades is the fact that the accused trader--Jerome Kerviel--was able to use his knowledge of the system to get around the checks and balances. Kerviel, an equities trader, started in the back office and had maintained the French bank's compliance technology. Societe Generale has acknowledged that he understood the trade processing and control procedures and knew how to avoid them.\r\n\r\nThe alleged fraud comes as regulators and clients alike are demanding better transparency, reporting and accountability. Firms are beefing up their pre-trade compliance technology, turning to Web-based delivery to reduce costs and improve accessibility, expanding asset-class coverage, replacing in-house platforms with third-party vendors' and adding more checks and controls to existing systems.\r\n\r\nSmall hedge funds and traditional investment firms may not have the money to buy all the necessary hardware for compliance systems, nor the time to set one up, says Craig Weston, manager for London-based Fidessa LatentZero's Sentinel compliance product. A software-as-a-service, or application service provider (ASP), approach can give those firms online access to high-end tools.\r\n\r\nOpen to ASP\r\n\r\nThe ASP model also eliminates maintenance issues. Software is updated on the Web, and clients don't have to download and install upgrades or patches.\r\n\r\nA few years ago, securities firms were wary of Internet-based software because of the security risks--sensitive financial data is sent to a Web site and stored by an offsite company. But Salesforce.com, a San Francisco-based customer relationship management software vendor, did much to combat that perception in 2005 when it signed on Merrill Lynch & Co., among other high-profile firms. Today, many vendors are following Salesforce.com's example, conducting security audits, building backup data centers and working to assure the safety of data.\r\n\r\nSunGard Data Systems' Protegent PTA compliance platform has a disaster recovery site, says Christopher Aronis, general manager of the Wayne, Pa.-based company's compliance group. \"It is highly secure, with a firewall and intrusion protection,\" he notes. \"Everything is encrypted. There is no commingling of data--each client gets their own database. We are a paranoid company by nature, and given the type of data we handle, that serves us fairly well.\"\r\n\r\nThe Protegent platform is available in both traditional and hosted versions, but 85 percent of clients opt for the ASP model, according to Aronis.\r\n\r\nHe adds: \"This application is not available through the broad, unwashed Internet. Our clients give us the IP addresses from their offices, and only those IP ranges are able to access the information.\"\r\n\r\nMore Asset Classes\r\n\r\nOne result of the subprime crisis in the U.S. has been increased attention on the need to monitor investments across assets classes, including derivatives and other exotic financial instruments. Much derivatives valuation is done manually or using systems built in-house, says Helen Foo, compliance product manager at Burlington Mass.-based integration vendor Charles River Development. But more firms are adopting \"automated pre-trade checking for these asset classes,\" she says.\r\n\r\nFoo, who is responsible for the Charles River Investment Management System's compliance module and the Web-based Anywhere portal, points out that, unlike equities, which have an obvious market price, derivatives are valued based on a variety of complicated formulas. Vendors have begun building these models, and allowing clients to add their own formulas to the compliance systems.\r\n\r\n\"Firms typically have their own risk departments for determining the right valuation,\" says Foo. \"The Charles River compliance system enables you to take in the input and come up with the right calculation.\" \r\n\r\n In addition, third-party vendors can provide systems at a significantly lower cost than building one in-house. They can also assign dedicated staff to monitor new compliance technologies, regulatory changes and other developments. \"We do a lot of conversions for people who've built in-house applications,\" says SunGard's Aronis. \"It is difficult to keep up with this. And compliance is not revenue-generating--companies typically don't like to spend development dollars on non-revenue-generating items.\"\r\n\r\nSmaller firms may not be able to handle compliance demands on their own, says Alexander Zelvin, senior manager for securities compliance technology at Minneapolis-based Wolters Kluwer Financial Services, whose CCH Examiner software monitors personal trading activities of employees. \"A lot of the start-ups are finding that securities regulations are very tough for a small firm to meet.\"\r\n\r\nAnd potential violations are only the beginning. \"The financial impact of a scandal and the bad publicity of a scandal are so much larger than the fines that they really have to go above and beyond the rules,\" adds Zelvin.\r\n\r\nCall for Transparency\r\n\r\n\"The biggest trend right now is the adoption of third-party technology--either ASP or the systems coming out from order management systems vendors,\" says Mark Coriaty, director of strategic services at Eze Castle Integration, a Boston-based IT services provider. Most of Eze Castle's 500 clients are hedge funds, many of whom are trading complex instruments. \"A lot of these firms are getting institutional money--from pension funds as well as endowments--and the transparency requirements are becoming increasingly high,\" explains Coriaty.\r\n\r\nA growing number of firms are looking for sophisticated oversight tools that allow them to fine-tune compliance workflows, set multiple levels of authorization and establish fine-grained role descriptions. Coriaty says that hedge funds are looking to put better controls in place to limit trading, as well as to reduce overall operational risks. For example, a compliance system may monitor traders' activities to ensure that they stay within the guidelines for that fund.\r\n\r\n\"When you look at a company like Societe Generale, there are certain controls that you [could] put in place that would limit the amount of trading and the freedom to trade the way that they did,\" he says. \"It wasn't the best idea to have the technology in-house and also the controls.\"\r\n\r\nIt also helps to require more than one level of authorization for the riskiest trades. Denver-based CacheMatrix Holdings last month introduced dual-authorization functionality for its Web-based cash management compliance product, which major banks use as part of their online corporate services suite.\r\n\r\nCacheMatrix's customers want to improve pre-trade controls, especially for Sarbanes-Oxley Act compliance, says managing director Jim Etten. \"Dual-approval functionality requires a second approval process online before the trade is actually submitted,\" he explains.\r\n\r\n\"The Societe Generale example is a little bit out there, but it conveys the idea that these electronic trading systems should have checks and balances,\" says Etten.\r\n\r\nPre-packaged compliance solutions will continue to get more affordable, according to LatentZero's Weston, but \"we've also got to make it faster and more flexible. Our pre-trade checking is now three times faster than it was four years ago--and twice as fast as software created two years ago.\"\r\n\r\nOn top of faster processing, there will be a move toward tighter integration on the pre-trade side, says Charles River's Foo--\"adopting a single platform, consolidating different businesses.\"\r\n\r\nMayur Pahilajani contributed to this report. ", {"_id": 580020, "_name": "Mayur Pahilajani" }]},
{"_name": "Tokyo Exchange Pins Trading Glitch on Fujitsu System", "_id": 666644, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=666644",  "values": ["Tokyo Exchange Pins Trading Glitch on Fujitsu System", "http://www.securitiesindustry.com/issues/19_49/22011-1.html", {"name": "February 18, 2008", "start": 1203264000, "end": 1203350399 }, "The Tokyo Stock Exchange (TSE) said that a fault in its Fujitsu-made software was responsible for the problems that on Feb. 8 halted some derivatives trading.", " The Tokyo Stock Exchange (TSE) said that a fault in its Fujitsu-made software was responsible for the problems that on Feb. 8 halted some derivatives trading.\r\n\r\nThe glitch caused the trading screen to show incorrect orders for the March-dated futures contract on Topix, TSE's key equity derivatives index. A group of TSE and Fujitsu specialists worked through Japan's three-day holiday weekend and were able to restore trading by Feb. 12, exchange officials said last week.\r\n\r\n\"We have solved the problem,\" said TSE spokesperson Mitsuo Miwa. \"The most important issue for now is to stop it from occurring again.\"\r\n\r\nBetween 500 billion and 600 billion yen ($4.7 billion to $5.6 billion) in Topix futures are traded daily, mainly by institutional investors, said Miwa.\r\n\r\nThe software issue was in a new derivative trading system, launched on Jan. 15, that Tokyo-based Fujitsu had been developing since 2004. It was originally scheduled to roll out in October but was delayed due to quality-control concerns. Fujitsu declined to comment.\r\n\r\nPreviously, TSE had called the system ten-times faster than its predecessor, noting that it combines the functionality of the old futures and options platform and TosTNet, its extended-hours electronic trading system.\r\n\r\nThere are no immediate plans to upgrade the system again, said Miwa, though \"if we keep getting more orders,\" that will change.\r\n\r\n\"They didn't do enough testing before the launch, even though there was a delay,\" asserted Neil Katkov, analyst in Tokyo for Boston-based research firm Celent. He claimed that almost all Japanese exchanges have quality-control issues as a result of management and communication problems.\r\n\r\nFujitsu is one of three vendors supplying technology to exchanges in Japan, according to Katkov, along with Nihon Unisys and Hitachi--the provider of TosTNet.\r\n\r\nIn November 2005, Fujitsu was blamed for a faulty software upgrade that shut down trading for four and a half hours. The following month, Mizuho Securities, one of Japan's largest brokerages, lost $344 million as a result of being unable to cancel a bad trade--an event that led to the resignation of CEO Takuo Tsurushima and two other senior officials. Capacity problems forced the exchange to impose shortened trading hours during the first four months of 2006.\r\n\r\nSince then, TSE has taken a number of steps to improve its technology infrastructure, including spending over $500 million since 2006 on its next-generation trading system, also being developed by Fujitsu. TSE will start testing the new system this fall.\r\n\r\nLast year, the Tokyo exchange signed alliance agreements with the New York Stock Exchange and London Stock Exchange that include cooperation in technology areas. ", {"_id": 42100, "_name": "Frances Wang" }]},
{"_name": "IBM Supplying Risk System to Chinese Securities Firm", "_id": 611786, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=611786",  "values": ["IBM Supplying Risk System to Chinese Securities Firm", "http://www.securitiesindustry.com/issues/19_48/22001-1.html", {"name": "February 11, 2008", "start": 1202659200, "end": 1202745599 }, "IBM Corp. is building a risk management system for Guotai Junan Securities in collaboration with Algorithmics, a Toronto-based provider of enterprise risk solutions. IBM says that the risk system for the Shanghai-based brokerage is its first for a Chinese securities firm.", " IBM Corp. is building a risk management system for Guotai Junan Securities in collaboration with Algorithmics, a Toronto-based provider of enterprise risk solutions. IBM says that the risk system for the Shanghai-based brokerage is its first for a Chinese securities firm.\r\n\r\nImplementation has begun, according to Colin Lawrence, IBM's China risk management leader. \"The first phase will be finished by around the end of February,\" he added.\r\n\r\n\"The new system will help Guotai Junan to prepare for the future, when the index futures will be traded\" on the Shanghai Stock Exchange (SSE), said Lawrence. Chinese regulators have said that financial futures, initially scheduled for late 2006, will begin trading this year on five exchanges.\r\n\r\nWith the IBM system, Guotai Junan--which has the highest revenues among the country's 112 securities firms, according to SSE--will be able to evaluate the risks associated with any asset class, Lawrence said.\r\n\r\nIBM and Algorithmics will also provide management consulting on how best to set limits for traders, trade index options and create operational structures. Lawrence said that IBM already has a risk management team in China working with the brokerage.\r\n\r\n\"For local securities firms, foreign experience in the field of risk management is more important than the systems themselves,\" said Xie Yan, an analyst with Shanghai-based Hai Tong Securities. \"Although there are some local technology companies supplying risk management systems for financial institutions, they are still far away from international vendors in operational experience.\"\r\n\r\nForeign products also come with higher price tags, he added. Although IBM and Algorithmics declined to say how much the Chinese brokerage paid for the risk platform, Yan noted that such systems can cost tens of millions of yuan--millions of U.S. dollars--\"which many small securities firms can't afford.\"\r\n\r\nRegulatory Pressure\r\n\r\nHowever, good risk management will help companies survive China's turbulent markets, said Yan. Over the past couple years, Chinese regulators have worked to improve risk management at local brokerages, closing down badly managed firms and increasing customer safeguards.\r\n\r\n\"Risk management, internal controls and compliance will be some of the most important business aspects of the Chinese securities industry in the years to come,\" Feng Zuo, chief compliance officer of Guotai Junan, said in a statement. \"To compete in this environment, Guotai Junan Securities needs to speak the international language of risk management.\" Zuo said his firm, which has long been planning to enhance its risk systems, chose IBM because of its international standards.\r\n\r\n\"On the traditional brokerage business side, the risks are mainly operational,\" said IBM's Lawrence. \"The risks that we are more interested in are the risks from the buying and selling activities on the behalf of the securities firms' own capital or their customers.\"\r\n\r\nChina's qualified domestic institutional investor (QDII) program \"requires securities firms in China who wish to invest in derivatives and the overseas capital markets to establish a sound internal risk management process,\" said Andrew Aziz, EVP of risk solutions at Algorithmics. \"The China Securities Regulatory Commission is pushing for all financial institutions to adopt more robust risk management processes.\"\r\n\r\nAziz said that Guotai Junan's new system will allow the firm to comply with the QDII directive, enabling it to trade more complicated products and outside the mainland.\r\n\r\nAlgorithmics has three clients in China, according to Aziz. Its first client, state-owned China Construction Bank, uses its Algo Credit Exposure and Algo Credit Limits products to help measure and manage counterparty credit risk, and to view consolidated risk exposures across the whole enterprise.\r\n\r\nThe company will continue to work with IBM. \"Algorithmics and IBM will cooperate in expanding their joint risk services into Asian markets in general and into the Chinese market in particular,\" said Aziz. \"As more and more Chinese securities firms move to comply with the QDII directive, Algorithmics sees a key opportunity to expand its presence in this important market.\" ", {"_id": 44593, "_name": "Alex Dai" }]},
{"_name": "Interoperability: A Two-Edged Sword", "_id": 574453, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=574453",  "values": ["Interoperability: A Two-Edged Sword", "http://www.securitiesindustry.com/reports/19_45/21977-1.html", {"name": "February 4, 2008", "start": 1202054400, "end": 1202140799 }, "Technology vendors are bringing down the barriers between instant messaging (IM) networks, making it easier for traders to send messages to counterparties on other platforms. But such interoperability also brings security risks, opening the door for viruses and other malware, as well as social engineering attacks.", " Of the types of IM platforms available to Wall Street firms, the least secure and most popular are the public networks such as AOL Instant Messenger, Yahoo Messenger and Microsoft Corp.'s MSN. Enterprise IM systems--IBM Corp.\r\n\r\nand Microsoft both supply them--have additional security and functionality, while industry-specific networks like Reuters Messaging offer traders the most capabilities and are the least vulnerable.\r\n\r\nReuters, which has signed agreements with AOL, MSN and Yahoo, is the most interoperable network on Wall Street, according to Peter Delano, an analyst with Needham, Mass.-based TowerGroup.\r\n\r\nDavid Gurle, global head of Reuters Communication Services, says that preferences vary by region and market. \"In the energy markets, there are a large number using Yahoo for price distribution and, in some markets, even trade execution,\" he says. In New York, AOL IM is still used by many traders, even as large firms switch over to enterprise platforms. Without interoperability, a trader or adviser with customers or counterparties on different systems would have to sign up for multiple accounts, and stay logged in to several at once.\r\n\r\n\"Interoperability is very critical to our customers--not only because they don't want to have ten different systems they belong to, but also so they can manage their applications and security and compliance as well,\" Gurle explains.\r\n\r\nInteroperability helps extend the reach of the Reuters network, he adds. Reuters Messaging, which was developed in collaboration with Microsoft, has approximately 100,000 users, with about 95 percent penetration among Wall Street firms--but only 20 percent among end users. Some companies do install Reuters across the enterprise, Gurle notes, and this trend may accelerate in 2008, though Microsoft and IBM Lotus Sametime are also being selected as enterprisewide platforms.\r\n\r\nSametime, which has about 20 million users, uses industry standards to interoperate with platforms such as AIM, Yahoo Messenger and Google Talk. This \"effectively gives Sametime users access to approximately 65 percent to 70 percent of the whole business and consumer instant messaging communities,\" says Adam Gartenberg, IBM's product manager for Lotus unified communications and collaboration.\r\n\r\nFederated Systems\r\n\r\n\"In 2008, we are going to see accelerating development of what we call federation,\" says Gurle, in which individual firms issue IM addresses and manage access for their employees, passing messages back and forth either through bilateral agreements or a centralized clearinghouse.\r\n\r\n\"This is very much how an institution like Goldman Sachs can connect with, say, an institution like the Bank of Tokyo,\" he notes. \"It's not going to reach a critical size in 2008, but will prove its value and sort out problems on both the technical and business side.\" Such problems include interconnecting disparate systems, and ensuring security, policy-based access and compliance infrastructures.\r\n\r\nCurrently, according to Gurle, Reuters is the only enterprise IM service provider to connect to all the major public IM networks. This year Reuters \"will have a number of pilots that will enable us to connect with corporations which will deploy their preferred enterprise IM solutions,\" he adds. The company is currently in discussions with ten large firms worldwide that are interested in developing a federated IM system. \"We will interconnect with these firms and this will enable our customers to have a much broader and deeper reach in the market,\" he says.\r\n\r\n\"You're going to have people who will have a need for a more specific, more sophisticated application,\" he says. \"We don't want to just provide an IM service, but a workflow-focused collaboration solution. We provide much more efficiency to the market than just basic messaging.\"\r\n\r\nEventually, IM will be as interoperable as e-mail is today--an e-mail message can get to its intended recipient, regardless of the systems involved. \"But there's still a couple of years to go,\" asserts Kevin McPartland, analyst at New York-based Tabb Group. \"It's one of those situations where the companies that are pushing their brands have too much at stake to back down just yet. It's some years away, not because of technology but because of the business drivers.\" \r\n\r\n Security Threats\r\n\r\nClosed-access enterprise IM platforms can be less vulnerable to hacking, spoofing or malware threats than their public counterparts--but integration with those networks might expose firms to public threats, according to a recent report from Belmont, Calif.-based FaceTime Communications. The company reported 1,088 incidents of malware attacks on enterprise networks through IM, peer-to-peer file sharing and chat applications last year. About 85 percent of the IM attacks came from the three biggest public systems; only 15 percent originated on enterprise IM networks and other standards-based systems.\r\n\r\n\"One of the things that we've seen recently in IM is an increase in the use of dubious confidence tricks,\" says Chris Boyd, senior analyst and director of malware research for FaceTime Security Labs. \"Not long ago on the MSN network there was a story about have you seen this girl?' At the time there was a missing girl. There were instances of viruses going over IM playing off recent news. That seems to be on the increase.\"\r\n\r\nHackers can also communicate with key employees by accessing corporate instant messaging networks where they can trick them into divulging sensitive information. \"Social engineering is really targeted attempts at certain high-level people at companies, not just your blanket phishing attempts that go out to everybody and are much more obvious,\" says Alexander Southwell, an attorney with New York-based law firm Gibson Dunn & Crutcher and a former federal prosecutor in the Southern District of New York.\r\n\r\nReuters' Gurle says he hasn't seen hackers use public networks to spoof IM identities and trick key employees into thinking that they're trusted friends or coworkers. But interoperability with public networks does \"add a number of new threats,\" he notes. \"And to address those, we have obviously put a number of safeguards into place.\"\r\n\r\nReuters has service-level agreements with AOL, MSN and Yahoo that include security commitments that cover potential worms and viruses, as well as IM-based spam. \"There are a required set of security measures in place, and our audits enable us to track what's going on,\" he says.\r\n\r\nReuters also filters all messages, scanning for signatures of known worms and viruses. As a result, Reuters Messaging has not had any downtime due to such attacks, according to Gurle.\r\n\r\nIf a hacker spoofs return addresses of IM messages, Reuters' relationships with the public network vendors allows the company to request an investigation, Gurle says. \"If an organization is interested in pursuing something of that nature, the technology underneath that is in place,\" he says. That includes tracking hackers by the Internet addresses of their machines.\r\n\r\n\"It doesn't mean that someone isn't going to try,\" he adds. \"But because there's the possibility, there are measures put in place across a whole chain of connectivity limits to prevent such things from happening.\"\r\n\r\nSecurity is even tighter when accessing the Reuters network internally. Reuters customers have to request access for individual employees, and the firms themselves control identity assignments and passwords. \"Not just anybody can sign up for Reuters Messaging,\" notes Gurle.\r\n\r\nThere is also a movement toward interoperability between IM and e-mail--Google already bundles its Google Talk tools with its Gmail service, with IM transcripts deposited into e-mail inboxes. IBM announced on Jan. 22 that its Sametime unified communications will support not only e-mail and chat but also telephony and video conferencing, as well as integration with public IM networks.\r\n\r\nSuch interoperability would be a welcome development for IT and compliance departments, says Tabb's McPartland. \"They would have just one infrastructure to support, instead of one e-mail infrastructure and one instant messaging infrastructure,\" he says.\r\n\r\nMayur Pahilajani contributed to this report.", {"_id": 580020, "_name": "Mayur Pahilajani" }]},
{"_name": "The Web 2.0 Threat", "_id": 574800, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=574800",  "values": ["The Web 2.0 Threat", "http://www.securitiesindustry.com/reports/19_45/21979-1.html", {"name": "February 4, 2008", "start": 1202054400, "end": 1202140799 }, "As the Web 2.0 movement makes interactive applications and social networks such as Facebook ubiquitous on employees' desktop computers, financial firms are facing the daunting task of monitoring these so-called greynets.", " As the Web 2.0 movement makes interactive applications and social networks such as Facebook ubiquitous on employees' desktop computers, financial firms are facing the daunting task of monitoring these so-called greynets.\r\n\r\nInstant messaging security vendor FaceTime Communications estimates that there are more than 600 greynets worldwide, a number that will climb past 1,000 by the end of the year. These networks are called greynets because the peer-to-peer applications they are composed of operate in the shadows, without company authorization, and are difficult to police. According to a recent survey by FaceTime's Security Labs research unit, 90 percent of IT managers have experienced a greynet-related security incident in the last six months--despite deploying firewalls and intrusion prevention systems.\r\n\r\nOn average, IT managers spent $289,000 in 2007 to repair company computers infected by malware attacks over greynets, compared to $130,000 the previous year, according to the study. Greynet applications include IM as well as file-sharing, collaboration and other Web 2.0 tools. Some of the applications need to be downloaded; others load as a Web page, pop-up window or widget.\r\n\r\nWidgets--small interactive applications designed to perform a specific task--are becoming increasingly popular across the Internet, according to Chris Boyd, director of malware research at Belmont, Calif.-based FaceTime Security Labs. \"There's a lot more widespread acceptance of them now,\" he said. \"A lot of these gadgets and applications could be incredibly useful, and only a small portion actually do some sort of harm. The problem is, as they becoming increasingly popular, more and more people will try to exploit them. Thankfully, it doesn't seem to have hit just yet.\"\r\n\r\nBoyd noted that even sophisticated users are likely to download IM widgets that are part of social networking sites such as MySpace or Facebook or trusted research platforms like Google and Yahoo. \"If the networking site is good, they think that all the applications associated with them are good as well,\" he said. \"A lot of people become too complacent with security in the workplace.\"\r\n\r\nEach widget has different characteristics, added Boyd, and some are not easy to identify and manage. \"We can allow access to the MySpace Web page, but block the MySpace IM client--but some widgets are a different story,\" said Frank Cabri, VP of marketing and product management at FaceTime. \"That's the whole challenge right now. There are all these third-party widgets that need to be researched, need to be understood.\"\r\n\r\nSite Blocking\r\n\r\nAs an example Cabri pointed to LinkedIn, a site used by many Wall Street executives for business networking and recruiting. FaceTime products, he said, can allow access to LinkedIn but not the messaging function. \"We can block individual sub-sites like the mail within LinkedIn,\" he said. \"But it's tough for organizations to know all those details of all those different pages. What we see organizations doing is white-listing the places employees can go. Yes, it's going to result in people making their voices heard to the IT team. But there's thousands of sites and thousands of widgets.\"\r\n\r\nWeb 2.0 pioneer Google has a customizable home page, iGoogle, that is made up of widgets. In addition to its Google Talk IM platform, Google offers a messaging system as part of the collaborative tools around its Google Spreadsheet product, which \"allows people to simultaneously work on a common spreadsheet or document,\" said Kevin McPartland, analyst at New York-based Tabb Group. \"Pretty quickly, the major firms restricted access to many of these sites. Having a communications medium that is not trackable is risky.\"\r\n\r\nGoogle has an enterprise platform as well, noted McPartland, which might be attractive to smaller financial advisory firms or hedge funds, but the risks may outweigh the benefits. It's quickly implemented, \"easily available, and it's all for free,\" he said. \"But when it comes to analytics spreadsheets and tracking models, it's still not robust enough. And there's no guarantee that security is there for hedge funds.\" \r\n\r\n Some online software vendors, like Salesforce.com, are known for their enterprise-level security. \"I'm sure Google is quite secure, but they're not geared toward securities firms,\" McPartland said.\r\n\r\nGoogle and other Web 2.0 applications developers are putting another kind of pressure on IT departments--keeping pace with the available tools. \"Everybody is always trying to keep up with Google, and financial technology is no exception to that,\" said McPartland. There is usually an equivalent, enterprise-caliber product available, he added. \"All of these major firms have some form of collaboration.\"\r\n\r\nReuters, whose Reuters Messaging has more than 100,000 users, plans to open up its platform to third-party tools. \"In the second half of this year, we are going to release the Reuters Messaging Application Platform,\" said David Gurle, global head of Reuters Communication Services.\r\n\r\nAbout ten pilot customers are using the platform to deploy applications that run over the Reuters IM platform. These applications take the form of bots, or agents, Gurle said. An automated agent can, for instance, act as an online concierge, making dinner reservations for employees. Another agent can convert an IM into an SMS, or short message service, and deliver it to someone's cell phone.\r\n\r\nSome applications are developed by firms and others by third-party vendors, he said. However, to ensure security, only trusted parties are allowed to deploy applications over the network, Gurle said, \"and we run every application through a certification process.\"\r\n\r\nKey Behaviors\r\n\r\nIn addition to monitoring recognized IM networks, New York-based Orchestria Corp., a provider of compliance-policy management technology, tries to identify key behaviors, such as the point at which an application passes a message over the Internet.\r\n\r\n\"It's not uncommon for someone to download a specific application to the desktop and start using it,\" said Andrew Grygiel, SVP of global marketing at Orchestria. \"We can certainly block or monitor that activity. For complete coverage, some major financial firms block Web 2.0-based Web sites. These sites don't necessarily require an individual to download the interactive applications on his desktop; instead they run within online platforms like Facebook or Flickr.\"\r\n\r\nGrygiel said that Orchestria recommends a multi-level approach to security. \"One of the differentiators for us is that we have distributed, multi-agent capability architecture,\" he said. \"That means that there are agents that can reside on the desktop, and agents that can be placed on servers; we have an agent for Microsoft Exchange. In addition, we have network agents that sit out in the network boundary, which is the last protection point, and we can monitor anything on the client server or at the network to block any type of traffic.\"\r\n\r\nOrchestria's distributed architecture analyzes the traffic coming across a network from Facebook or any other Web 2.0 platforms. The agents are able to detect the start and stop of the flow of information and can assemble it into a content set, according to Grygiel. At that point, the messages can be stored or checked for key words or other sensitive content, he said.\r\n\r\nMayur Pahilajani contributed to this report.\r\n\r\n", {"_id": 580020, "_name": "Mayur Pahilajani" }]},
{"_name": "New Zealand Readies Infrastructure for Australian ECN", "_id": 569948, "_link": "http://tromblyltd.dabbledb.com/dabble/reports?view=480899&entry=569948",  "values": ["New Zealand Readies Infrastructure for Australian ECN", "http://www.securitiesindustry.com/issues/19_46/21942-1.html", {"name": "January 28, 2008", "start": 1201449600, "end": 1201535999 }, "Bolstering its infrastructure in anticipation of the launch of the AXE electronic communications network (ECN) in Australia, the New Zealand Exchange (NZX) has added hardware from Stratus Technologies and connectivity services from financial extranet operator BT Radianz.", " Bolstering its infrastructure in anticipation of the launch of the AXE electronic communications network (ECN) in Australia, the New Zealand Exchange (NZX) has added hardware from Stratus Technologies and connectivity services from financial extranet operator BT Radianz.\r\n\r\nAXE is a joint venture of NZX, which initiated the project in 2006 and owns 50 percent, and investment banks Commonwealth Securities, Goldman Sachs JBWere, Macquarie Securities and Merrill Lynch & Co. It is one of two ECNs that have filed for a license to trade securities listed on the Australian Stock Exchange (ASX)--Liquidnet Asia is the other.\r\n\r\nProposed rules from the Australian Securities and Investment Commission would expose ASX to competition from alternative trading systems, provided that transparency requirements are satisfied. The comment period ends Tuesday.\r\n\r\nAXE, which hopes to start trading early this year, will inject needed competition into the Australian market, according to NZX. \"The ECN will compete with the ASX in Australia and provide brokers with enhanced capabilities and better pricing,\" said Stuart Turner, head of strategy and projects at the New Zealand Exchange.\r\n\r\nTurner added that the move into Australia \"is good for NZX, as expansion opportunities in New Zealand are limited.\"\r\n\r\nThe exchange announced on Jan. 8 that it has installed six ftServers from Maynard, Mass.-based Stratus to act as gateway servers for AXE's trade reporting services. According to Stratus, the 2400 model ftServers--or fault tolerant servers--protect critical data and provide zero failover time.\r\n\r\n\"The fault tolerance for gateway servers means that any communications failure will not impact the link to the brokers,\" said Michael Fyson, Stratus' sales director for Australia and New Zealand. \"Similarly, with a fault tolerant server, NZX only needs a single image of the database and does not need to worry about keeping the database consistent across multiple systems.\"\r\n\r\n\"NZX required maximum availability as the new ECN allows for off-market trading, which means extended trading hours,\" he added.\r\n\r\nSome of the servers are located in Australia, according to Fyson, who noted that ftServers provide \"remote management and proactive alerting. Many of the normal system administration activities are automated under the ftServer, allowing the NZX to run a small and effective IT team.\"\r\n\r\nStratus also supplied six 4300 model ftServers for the New Zealand Exchange's equities trading systems, replacing blade servers from London-based technology vendor Computershare.\r\n\r\nThe exchange started using the servers in July, to support its new Trayport GlobalVision trading platform from London-based Trayport. The software allows for anonymous trading and a closing auction, two features NZX did not have previously.\r\n\r\n\"The decision to replace the equity trading engine was based on the functionality of the software that we wanted to introduce,\" said NZX's Turner. \"We chose Stratus, as the software is built on [Microsoft] Windows Server.\"\r\n\r\nGlobalVision will also be used for AXE. \"The trading platform for the ECN is the same as for the exchange, so we chose the same hardware solution,\" Turner adds.\r\n\r\n\"Trayport GlobalVision software has a proven availability uptime of 99.998 percent,\" said Paul Constantinou, sales manager for exchanges at Trayport. \"NZX provides a high-availability service and based on our previous experience with Stratus ftServers, we were confident in\" recommending them to NZX.\r\n\r\nDuring the seven months that the Stratus servers have been operating, the exchange has seen 100 percent uptime, Turner said.\r\n\r\nHe added: \"Stratus will remain the platform for both the ECN and the exchange in the foreseeable future and we are now investigating if we can move other business units to the Stratus platform as well.\"\r\n\r\nThe exchange's relationship with Trayport opened the door for the Stratus deal, noted Adam Honore, analyst at Boston-based research firm Aite Group. \"We've seen channel partnerships paying dividends for vendors who can't seem to open doors by themselves, particularly in hardware and integration services,\" he said.\r\n\r\nHonore said that NZX's decision to overhaul its technology was a result of infrastructure challenges it had been facing. In 2003, for example, the exchange had to shut down trading five times.\r\n\r\nA week after NZX announced the implementation of the Stratus servers, London-based BT Global Financial Services said that it would provide AXE, through its shared market infrastructure, with connectivity and hosting services for electronic trading access and low-latency market data distribution.\r\n\r\nAccording to BT, firms will be able to host their trading engines at a BT facility to achieve high execution speeds and avoid the natural latency caused by long-distance trading.\r\n\r\n\"We are enabling AXE to execute a clear strategy for advance