Prime pickings: Application security

Share this article:
Prime pickings: Application security
Prime pickings: Application security

Applications provide the juicy data that organizations must protect, says Marcus Prendergast, CSO of ITG. Dan Kaplan reports.

In today's digitally connected world, where most companies' competitive advantage largely is based on how well they interact and serve customers over the internet, Investment Technology Group (ITG) is an anomaly. 

The New York-based brokerage and financial markets technology firm has an attractive-enough internet presence, but the site isn't as highly programmable or littered with forms, fields and interfaces as one is used to finding in cyber space. To the contrary, the highly regulated ITG purposely maintains a limited web footprint, choosing to conduct the brunt of its business behind the corporate firewall.

“We're very much disconnected from the internet,” says Marcus Prendergast, the company's global head of security since 2010. “We don't expose anything unless it's necessary to expose it. It's not as though we have to use the internet to communicate.”

As a result, the 1,100-employee company is able to mostly avoid a major risk that other organizations simply cannot: cyber intrusions designed to pierce through web applications – those front-line attacks, like SQL injection and cross-site scripting, that can lead to a jackpot of customer data. It's become arguably the most preferred vector of attack by hackers, and is believed responsible for many of the headline-grabbing breaches of the past two years, including major personal information heists at Sony and LinkedIn.

But, applications still play a vital role in ITG's business model. It's just that Prendergast is less concerned about the public-facing ones and much more interested in the security of the roughly 55 backend legacy programs, which handle stock orders and provide confidential data to ITG's 700 customers. He says about three percent of all equity trading volume in the United States is conducted via these applications and systems.

Page 1 of 6
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Features

Transparency reports useful, but more info needed on 'digital searches'

Transparency reports useful, but more info needed on ...

Transparency reports are common these days, but the information they provide can still be difficult to read and understand.

Same battle, different field

Same battle, different field

Cyberwarfare is so new that the ground rules are still being established. Nazan Osman provides an overview.

Passwords are passé

Passwords are passé

New solutions are gaining traction to complement, or replace, the legacy use of username and password, reports Ashley Carman.