Kris Sharma
on 13 December 2022
Open source in financial services – start with a strong foundation
Financial Institutions (FIs) need to respond with agility and business velocity to keep pace with changing economic conditions. Yet, emerging competition from fintechs and challenger banks and increasing customer expectations is making this task difficult, especially as regulatory and compliance requirements increase. Embracing the next phase of digital transformation is an imperative for financial institutions to sustain and grow in a competitive environment of rising cost pressures. To meet these challenges, many FIs are adopting open-source software.
Why is the financial services industry choosing open source?
According to the findings of the Linux Foundation and FINOS’ State of Open Source in Financial Services report, 81% agreed or strongly agreed that “Innovation” was one of the main reasons their company participates in open source followed closely by “Time to Market” and “Total Cost of Ownership,” with over 80% identifying it as a reason.
Open source delivers strategic advantages to financial institutions that are developing and driving digital transformation initiatives. The ability to easily incorporate commercial-grade open source software building blocks in their technology landscape allows them to build a strong digital foundation. Financial institutions can leverage open source architecture and tools to optimise IT costs while increasing interoperability among various digital initiatives.
Still, managing open-source software and all of its dependencies securely can be challenging.
The need for secure open source
According to Synopsis’ 2022 open source security and risk analysis report, ”97% of codebases scanned contained open-source components and 81% contained at least one known open source vulnerability”. It is crucial that enterprises realise that open source itself does not create business risk, but its mismanagement does. This became evident after the Log4j incident. The discovery of the Log4j vulnerability, known as Log4Shell, brings to the fore the need for organisations to use secure open source software that is security patched, well maintained and has enterprise support.
A resilient digital infrastructure should provide financial institutions flexibility, portability, interoperability, and the control needed to consistently deploy and manage enterprise applications and workloads. The foundation of a future proof digital infrastructure that leverages open-source technologies is built on enterprise Linux.
Choosing the right enterprise Linux distribution – get the freedom to innovate
The right operating system (OS) gives financial institutions the ability to deploy and run applications anywhere — physical, virtual, private, and public clouds — and delivers a consistent foundation to support a financial institution’s digital transformation needs. When it comes to evaluating a platform that can handle workloads across various infrastructure stacks, from bare metal servers to virtual machines and containers on private and public clouds, financial institutions look for a security-oriented operating system that provides the following:
- Enterprise-grade security
- Long-term stability with a predictable release cadence
- Compliance and hardening features
- Support that’s available when needed
Why do enterprises prefer Ubuntu?
Ubuntu is one of the leading enterprise Linux distributions both in the public clouds and in the private clouds. It is also one of the most secure end user operating systems according to UK Government Communications Headquarters (GCHQ). A long term support (LTS) version of Ubuntu is released every two years, and all LTS releases benefit from five years of free security maintenance (which can be extended to ten years). To keep Ubuntu users secure, the Ubuntu Security Team applies thousands of security patches.
Ubuntu Pro expands Ubuntu’s ten year security coverage to include additional thousands of packages beyond the main operating system giving financial institutions access to various tools for compliance management and hardening, including FIPS 140-2 certified cryptographic packages.
Open source software and programming languages are widely used within financial services. For example, Python is an open source object-oriented programming language. It is one of the most popular programming languages in financial services that is used in a broad range of applications – from building analytical tools that process massive financial data sets to building banking software. Python is also used to create and maintain a large number of payment gateways and to build algorithmic trading tools.
Given the extensive use of open source software packages and open source programming languages to build financial services applications and toolchains, security coverage for these software packages is crucial.
Ubuntu Pro expands security coverage for critical, high and medium Common Vulnerabilities and Exposures (CVEs) to thousands of applications and toolchains, including Ansible, Apache Tomcat, Apache Zookeeper, Docker, Drupal, Nagios, Node.js, phpMyAdmin, Puppet, PowerDNS, Python 2, Redis, Rust, WordPress, and more. It is available for every Ubuntu LTS starting with 16.04 LTS.
Want to learn more about secure open source for financial services? Read our white paper!
Wrapping up
Security cannot be an add-on, it is central to IT and business strategy for financial institutions. For close to two decades, Canonical has been committed to the open development model as the path to more stable, secure and innovative open source technologies.
At every stage of a financial institution’s digital transformation journey, building applications on Ubuntu Pro is a strategic decision that delivers a stable and secure platform for digital transformation requirements.
Photo by FLY:D on Unsplash