Q&A: Secure data centers and fintech companies

Phil has helped build multiple successful managed services businesses. Promoted in July 2017 from CTO to Managing Director, he is responsible for leading The Bunker’s development to achieve its future growth plans. 

The Bunker is now part of the Cyberfort Group of companies. Backed by Palatine Private Equity, the Group made its initial acquisition in July 2017 by securing ownership of The Bunker, the most physically-secure data center and managed services hosting provider in the UK.

Phil is a Certified Information Systems Security Professional (CISSP), and has experience of working across a broad range of technologies, industries and clients, both within the UK and internationally. 

He is a passionate exponent for basing cloud deployments on sound information security and management principles, seeing this as the foundation for achieving the anticipated business and operational improvements, without introducing new risks or vulnerabilities.

What are the key characteristics of a ‘secure’ data center?

Every data center that wants to consider itself a secure facility needs to focus on a number of aspects. Physical security, human security, disaster recovery and a secure encrypted network are all essential features that data centers must offer to their clients to ensure that they are a ‘secure’ data center.

However, a truly secure data center goes beyond simply ticking the compliance box. Auditable assurance is a vital process for data centers to prove that they are a secure facility. 

It gives Fintech businesses the complete transparency from their data center provider that they need in order to meet a compliance regime, in order to satisfy a regulator, in order to give consumers confidence in the services they're offering.

We're seeing a huge shift in a lot of compliance regimes, be that the general data protection regulations in Europe, the payment card industries, Digital Security Standard version 3, and recent guidelines from the Financial Conduct Authority.

Auditable assurance is critical, being able to consistently show current and prospective partners that the facility meets the relevant standards and regulations.

ISO 27001 should also play a key role in the security of a data center. Adherence to ISO 27001 demonstrates that a facility meets the internationally recognized standard encompassing both physical and logical aspects of information security.

What features make a data center attractive to Fintech businesses?

We believe there are two core aspects to a data center that make them attractive to Fintech businesses. The first is security. This does not just include physical and cyber security, which of course are immensely important, it also includes security of service. 

Fintechs need to know that their product will always be available, that they won’t experience any outages or disruption in service, that could potentially prove to be a huge cost financially and to their reputation. 

Data centers must ensure that they have a robust infrastructure in place to ensure that they can provide a secure and reliable service to their partners.

The financial services market is one that is highly regulated and this makes it essential for Fintech companies to conduct due diligence with regards to their outsourcing arrangements. 

Fintech businesses must be able to prove to the Financial Conduct Authority (FCA) that they are not introducing any degree of risk to the financial services environment, so opting for a data center provider who has a pedigree in compliance and security is vital. 

Working with a provider who has accreditations such as PCI DSS and ISO 27001 will alleviate the regulatory pressures that come with operating in this sector and can also provide a competitive advantage. But ultimately, working with a trusted provider will free up more time for innovation, which is what Fintech is all about.

The other feature that we believe makes a data center attractive to Fintech businesses is performance and reliability. Fintech products often need to operate at incredibly high speeds, with the most advanced platforms processing thousands of transactions every second. 

Data centers that want to partner with Fintech businesses need to offer the very highest standards of connectivity to ensure that their client’s products can operate with a seamless service at these high speeds.

We are seeing increasing numbers of early stage Fintech businesses looking for data center partners that can go beyond data storage. Obviously, high performance data storage and processing is critical for Fintech businesses, but many are looking for more than that from their data center partner. 

Many are looking for a secure, flexible and agile online space where they can develop their products, test them, ensure they are compliant with the relevant regulations and demonstrate them to potential customers. 

Ultimately Fintechs want to be able to scale their business securely while meeting customer demand, and they want a data center partner that can offer this service.

There are a number of different areas within Fintech that are showing significant growth. 

This includes Regtech, new technologies developed to help overcome regulatory challenges in financial services, Wealthtech, technology platforms that focus on enhancing wealth management and the retail investment process, and Insurtech, technology innovations designed to maximize savings and efficiency from the current insurance industry model.

The businesses working in these fields are not bound by legacy technology or infrastructure, and are free to make use of new and emerging innovations such as machine learning and artificial intelligence. 

This technology may hold huge potential
for the financial services industry – from enabling robotic customer service to advanced
trading algorithms and insurance analytics. 

Moreover, as Fintechs continue to make incursions into incumbent organizations’ territory, so the need to provide a smoother and more sophisticated customer experience will increase, and this technology will prove
a powerful tool for doing so. 

Effective AI
and machine learning, however, relies on processing vast quantities of complex data, and any Fintech business looking to utilize this technology will need to ensure that it has the infrastructure and data center in place to support it.

What are the most common pitfalls for early stage Fintech businesses?

Many early stage Fintech businesses understandably focus their efforts on creating the ultimate customer experience for their products, or developing a full suite of services to make their product as competitive as possible. 

In many cases compliance is an after-thought, with developers forced to try to adjust their product after it has been completed to make it compliant with the relevant regulations.

This can cause a very costly delay in the development of the product and, in some cases, it may even result in the product having to be completely rebuilt. 

This is not only incredibly damaging for the developers, but also for their investors, who risk diminishing returns if the Fintech businesses they put their money into do not deliver a successful product on time. 

Security and compliance must be built in from the very beginning of the product to ensure that Fintech businesses can avoid this common pitfall.

What do financial institutions most want to see from Fintech businesses?

Compliance. The financial services sector is one of the most highly regulated industries in the world. Banks, hedge funds, payment services and a wide range of supporting businesses are subject to myriad regulations and legislation, which can differ depending on the territory they are operating in. 

Adhering to this extensive and complex set of regulations is essential for a business to operate successfully in the financial services industry.

Financial institutions handle vast quantities of money from a wide range of sources, and the secure transition of these vital financial assets through the financial system is of paramount importance. 

Large financial organizations cannot take the risk of putting the resources and assets of their clients and customers into the hands of a service provider that may not be entirely secure and compliant with the relevant regulations.

It is therefore critical that early stage Fintech businesses prioritize compliance throughout the development of their products. Fintech businesses must be able to demonstrate that their product will not prove to be a weak link in security or compliance within a financial institution. 

Financial institutions demand the highest levels of compliance from any platform that operates within their ecosystem, so to stand a chance of launching a successful product and it being adopted by financial institutions, early stage Fintech businesses must focus on compliance.

What are the key regulations that early stage Fintechs must comply with?

The highly-regulated financial services sector features several significant regulatory hurdles – such as the European Union’s Revised Payment Services Directive (PSD2), which will force banks to open their data and infrastructure to third party developers, and the Payment Services Regulation 2009, which places strict conditions on any business operating within the payment industry to ensure maximum consumer protection and establishes the maximum processing times for payments in the euro and other EU currencies.

However, one of the major hurdles that every Fintech business needs to be aware of, particularly those operating in the consumer space, is the incoming General Data Protection Regulation (GDPR). 

GDPR will impose strict regulations on how businesses collect people’s data, how they manage it and what they use it for. 

As businesses operating in the financial services sector, Fintechs may well find themselves in possession of vast reams of personal data, and it is critical that they manage this in compliance with the regulations. If they do not, the penalties can be harsh. 

The Information Commissioners Office has the power to fine businesses €20 million or 4 per cent of global turnover, whichever is higher. For many businesses, this could be catastrophic, and reinforces how important it will be to prepare for the GDPR.

  • Phil Bindley is the Managing Director at The Bunker
Phil Bindley

Phil Bindley CISSP is the Information Security and Technology Leader. He is an experienced Information Security and Technology Specialist with a demonstrated history of working in the information technology, information security and services industry.