Maya Sibul: Data silos/warehouses are increasingly a pain point for organisations. How do you remedy them?
Arthur Melkonian: If we think about the buzzwords around Cloud and non-physical infrastructure, we see that this architecture is really built around good vendors. We need to be able to select good vendors for funds our size, scalable up to the five billion mark. This is because you can find scale with good vendors, and they can replicate your environment.
Without getting into the nitty gritty, it’s important to have a dual-facet approach. First, you have a primary environment with your mission critical job items and live production and, second, a failover place for testing a couple of times a year. Then, your application site should mimic everything you’re doing with a completely independent power infrastructure and vendor makeup.
Maya: Which mindset do you think is more beneficial for an organisation and why: data as an enterprise asset or data as a departmental asset?
Arthur: Both – there’s not a catchall answer to this question. Data itself and the responsibilities around data are very important to the entire firm and enterprise. But within that kind of work structure, there are teams – and teams are responsible for different data sets and mission critical data initiatives downstream of data preparation, or the turning of data into usable information.
Firms must understand all the uses and responsibilities around data access and storage: who has it and where it lives.
At the end of the day, though, your ambassadors who are downstream of the actual data creation are still responsible for managing it. Each team must be responsible for their data, so the answer is both.
Maya: What are the regulatory challenges your team typically encounters, and how do you overcome them?
Arthur: Documentation is super important when it comes to regulations. There’s a lot written that folks both internally and externally – such as stakeholders, investors, and prospects – have access to, and the documentation phase is key.
"There's no grey area here. It’s black and white: know what you’re doing and do what you’re saying."
The main question is: are you doing what you say you’re doing? It’s imperative that you constantly backtrack and audit your processes to ensure that you’re doing everything you’ve documented – and that you’re documenting it in the framework that regulators have required.
There’s no grey area here. It’s black and white: know what you’re doing and do what you’re saying.
Maya: With hybrid working the new normal, organisations often have many employees using Virtual Private Networks (VPN) – and remote access in general – to log in from home. How do you determine the ways data can be accessed and utilised in different locations such as at home versus in the office?
Arthur: Using VPNs was already a part of our architecture before Covid-19 and the subsequent expansion of work-from-home initiatives. So, security is by far one of the most important things that we constantly assess and worry about.
"It’s one of those things that keep me up at night: who is responsible for what and where are the gaps? it’s very important that everyone is well aware of their barriers."
It’s one of those things that keep me up at night because you always have to pivot and reassess: who is responsible for what and where are the gaps? One thing we do is ensure that everyone is on board with the actual mission at hand. Are we doing things within the permission framework we’ve outlined for each team within the larger enterprise?
Permissioning is a big factor among the different vendors we use, licences we have, and drives that live in our servers. It’s very important that everyone is well aware of their barriers.
I worry, for example, about the infrastructure that folks use when working from home, whereas I worry less about the office infrastructure because it’s streamlined. At home, the security is mine alone to manage. So, it’s a lot more difficult to think through. VPN is definitely the way to go.
Maya: How do you go about designing uniform processes around these policies?
Arthur: It comes down to compliance: are you meeting all the different rules and requirements? We’re playing in a field that is constantly changing as regulatory bodies release new requirements. We’re constantly being tested.
Most recently, the Advisers Act was released this November, which requires us all in the industry to re-document and re-assess how we go about disseminating our information to prospects.
"The best way to keep this system in sync is to always audit your practices. You need to know how your enterprise handles different environments."
All that information lives in our data warehouses, so how do we ensure that it is secure and the information is constantly going in circles? The best way to keep this system in sync is to always audit your practices.
Make sure that you’re meeting all requirements and do a mock audit; hire a good consultant that knows the latest on what regulators are focusing on; run mock examinations and do penetration and phishing testing. You need to know how your enterprise handles these different environments.
Maya: Is the streamlining of processes sufficient protection against data breaches? Or are other structures required to lessen material risks?
Arthur: Penetration is something I worry about. The amount of phishing attempts and server attacks that exist on our servers increases daily, and I see it. Speaking to peers, I find that we have similar solutions.
"If you use outside firms, you notice things that you otherwise wouldn’t notice."
We do penetration testing, and we run audits – and do that all with outside consultants. That part is critical because you can’t do these things on your own. If you use outside firms, you notice things – unintended consequences of certain procedures, for example – that you otherwise wouldn’t notice.
But the structure itself is always evolving. There are so many security measures to keep up with, as well as regulations, and when new employees join or leave the team gaps are created. We need to plan properly for these.
Maya: Where do you stand on the outsourcing versus in-house debate?
Arthur: I'm very much an advocate for outsourcing. That being said, I’ve been especially cognizant of the software-as-a-service (SaaS) approaches we take on.
If you step back and think about SaaS, you’re paying someone to sell you back what’s already yours. That’s a disconcerting idea – that someone else is spending all their time packaging your data to turn it into usable information and sell it back to you. In most cases when done right, these “off the shelf” type solutions tend to be more plug and play and provide scale and efficiency that would otherwise be untenable.
To provide an example here hiring an in-house IT person would probably be cost-prohibitive. Whereas, if you hire a consulting/service firm, you get a dedicated team for about the same cost.
Please Sign In or Register to leave a Comment.
SUBSCRIBE
Get the recent popular stories straight into your inbox