Developing and operating finance software takes courage. Because hackers have a pretty big appetite. mammut soft computing plc has managed the leap to the safe side.
Text: Anton Neuenschwander, Images: Michael Meier, 25 april 2018
mammut soft computing plc is a leading manufacturer of international multi-bank-capable software solutions for e-banking and cash management. Founder and CEO Iwan Vogel has experienced a lot in his 25 years on the job. So he was initially sceptical when a Swisscom consultant suggested that he operate his software products in the cloud. “In the past, many of those responsible for IT saw it as their sacred duty to keep the data in the company’s own environment,” he says, explaining his initial reservations.
Security loopholes, ISO 20022 migration: What needs to be done?
Since 2017, the business banking software industry has been facing big challenges. In order to harmonise Swiss payment transactions, every customer requires an update that adapts the ISO 20022 standard. And this must be done by summer 2018. And that’s not all: The Swiss Federation’s Reporting and Analysis Centre for Information Assurance (MELANI) is sending urgent warnings about attacks from the big bad world of hackers. And the environments of payment transaction systems are particularly exposed. If they have even the smallest security loophole, this throws open the door to intruders with criminal intentions.
Locally installed and poorly maintained is much more dangerous than a reputable cloud-based solution.
Iwan Vogel is pensive. The parking spaces in front of his company are empty: All of his support staff are visiting customers to perform updates on their systems. “I gradually started to question a mantra that had been in place for years, namely: ‘locally installed = secure – cloud = dangerous’. I found out more about Swisscom’s cloud approach, thoroughly analysed various products, talked to the Swisscom specialists again … in the end my motto had changed to: ‘Locally installed and poorly maintained is much more dangerous than a reputable cloud-based solution!’” Poorly maintained? Unfortunately this is too often the case, according to Vogel. Many companies didn’t have the time, the know-how, the resources, or a combination of all three, to keep their own IT environment up to date and secure. This led to considerable risks that not even very high-quality software is always capable of handling.