2014 and the Rise of Smart Software
I have been thinking about 2014 and the obligatory new year post. I long ago stopped the prediction list business and am more interested in directions and trends that will bring shifts in financial services applications.
Software is smart isn’t it so what does the title imply you might ask. My general experience in watching software development in financial services has been that it automates things that we used to do manually. Automation by definition is just that. This is not a surprise and reflects natural limits created by limitations of three business drivers:
- Business executive impatience seeking that improvement sooner. This is driven by shareholder value targets.
- Budget constraints. Projects are a contest for finite budgets.
- Business requirements limitations. People creating business requirements are not just limited by points 1. and 2. but also by limits in the requirements framework that they have to work within.
Points 1. & 2. will always be there, but point 3. is my focus for this post.
For there were two big stories in 2013
- Snowden and more particularly the National Security Administration (NSA). But my take on that is not privacy. I leave that to the privacy diehards. No the real issue that the NSA revelations uncovered are related to software.
- Target hack and access to 40 million debit and credit card information. More on that here.
First we had the depth and breadth of the NSA internet monitoring. This included not just email and messaging but browsing and any other activity they perform.
Latest this week, is the extent of integration of snooping activity with what we used to consider innocent hardware.
- Your USB cable, the spy: Inside the NSA’s catalog of surveillance magic – Latest batch of documents from Snowden shows NSA’s power to pwn
The Rise of Smart Software because of the end of “Security by Obscurity”:
What do the breadth of the NSA information access and the Target hack have in common? Software. Or rather weaknesses in software. One of the dirty secrets in software programming is that it not a seamless flow of information. Rather it is a series of Go and Stop. It is not like the human brain that can assemble a large amount of data, assess it, compare it to known knowns (apologies to Donald Rumsfield) and instantly produce a conclusion.
Computer software does not work that way at least in our world. Data arrives and is stored in databases. Software will look for a prompt to act such as a client login and will then perform programmed actions using the data in the database. This is a dramatic simplification, but this is what I have observed for many years now.
Working closely with smart developers one term you quickly hear is “Security by Obscurity”. The concept is simple; keeping information quietly in databases that you believe are not obvious to external intruders means security. This world is gone. That is why hackers go after BBC and Washington Post. These supposedly soft targets have information we all count on and hacking brings their credibility into question. The average consumer makes little distinction between the Washington Post and their bank anymore in the sense that computers are fallible.
So let me digress; the elephant in the room is the government work going on. NSA is not just listening to phone calls. NSA is quietly mentioned in this paper outlining US DoD developments in drones. Drones are not just about sending missile carrying unmanned aircraft into enemy territory. Drones include almost 8,000 ‘ravens’ that we saw in the recent ‘Act of Valour”. We are also talking about miniaturized gizmos with wafer thin construction and batteries that could spy into places such as Iranian nuclear locations. The point though is that the software and intelligence to manage a network of various large and miniature devices is significant and involved governments from many capable countries.
Here is some background on the breadth of drones and after that we will get back to why this matters. This is a DoD document that has one sentence which leapt out at me bolded below. It frames why Cyber domain is as important as traditional military. Government developed internet, and they are developing the next level of software development. Lets not underestimate the power of government to advance innovation by step levels.
The Snowden revelations brought that out.
Un manned System Integrated Roadmap FY 2013 – 2038 | US DoD & Navy
Cyber domain will be a conflict environment as readily as land, sea, or air and
It’s a long document, so let me summarise why it matters. The challenges the US military face are no different than business and banks. Budgets, extreme customer expectation, and geographic spread. These shifts result in a need to get really smart in managing technology beyond automation. There is a need to make software the centre of the conversation. The old way of conference calls and business debates will no longer work. The complexity of the business environment is reflected in the complexity facing the military. It can only be managed with computers.
Most importantly we are not talking about automation of transactions here. We are talking about automation of business decisions which are not just based on events such as a client log in. This presents a new level of intelligence that software is only just touching on today. It requires software to work smartly on behalf of clients behind the scenes. The trigger event cannot be limited to client log in. The triggers have to be generated by creative business requirements from the bank.
Software frameworks – something else to thing about:
Typically software frameworks evolve every 10 – 15 years, but that timeframe is quickly reducing to almost annually. The rise of new software frameworks that lever the advantages of objects and macro languages are enormous. This from Wikipedia.
- 1.1 ASP.NET
- 1.2 C++
- 1.3 ColdFusion Markup Language (CFML)
- 1.4 Haskell
- 1.5 Java
- 1.7 Scala
- 1.8 Perl
- 1.9 PHP
- 1.10 Python
- 1.11 Ruby
- 1.12 Others
These frameworks are all compromises between the mutual exclusions of computational speed, programming efficiency and institutional knowledge.
Relevance to Bankwatch:
Ok, now that we have circled the world lets get back to what matters and what this tells us. We have done the automation of old style transaction thing. The external shifts we have just covered illustrate a shift in computing that banks need to get behind.
The software capabilities are advancing rapidly and we need to understand those shifts.
A bank will be defined by its ability to not just provide secure computing but smart and intelligent computing that understands the risks and mitigates them, understands client concerns and needs and satisfies them.