Lëtzebuerger Gemengen

EMPLOI ET FORMATION

Ensuring secure and compliant data management in FinTech applications

Professor Lionel Briand, Vice-Director SnT, Head of Software Verification and Validation Laboratory (SVV), FNR PEARL Chair
 
 
You have had an international scientific carrier spanning the last 20 years with research positions in France, the US, Germany, Canada, Norway, and Luxembourg. What makes SnT different?
 
What makes SnT stand out is that we have a clear focus and an organization that supports collaborative research between the University and the public/private partners.
 
 
Tell us about your team at SVV?
 
My team is made of 25 people, including research scientists with a doctorate degree and PhD candidates. We work with both industry and public partners in Luxembourg, across various domains ranging from automotive to satellite and to eGovernment. In essence, our focus is to develop scalable and practical techniques to ensure that IT systems are secure, reliable and trustworthy.
 
 
What is your specific interest regarding FinTech?
 
The IT systems in fintech share many common characteristics with other IT systems. One of these, which is also particularly critical in fintech, is that IT systems must ensure that all the sensitive and confidential data they handle (i.e. personal, financial) are secure. From a more general standpoint, most fintech applications must be highly dependable.
 
 
What problems do you address?
 
Most fintech businesses must comply with regulations, including data protection and privacy regulations. A key problem we face is how can these businesses provide reliable and secure services to their customers in a cost-effective and compliant manner? This is, in a nutshell, the focus of the SVV lab.
 
 
In a few words, can you explain the SVV lab’s strategy for FinTech research and development.
 
We work on a complete portfolio of solutions to ensure compliant and secure data management. The types of projects we run focus on automated testing, program analysis, run-time monitoring and support for compliance analysis. Such techniques complement one another as they are applicable at different phases of development and deployment. Program analysis helps enforce secure programming practices; automated testing enables the detection of vulnerabilities before deployment, and run-time monitoring helps ensure the compliance of system usage to access control policies and business processes.
 
 
What type of FinTech organisations can start a partner project with SnT’s SVV lab?
 
The answer is very simple: any organization that needs to have strong guarantees about securing the data handled by its IT systems and their compliance with regulations. In the future, fintech providers will be subject to increasing pressure to demonstrate due diligence in ensuring the protection of financial and personal data. Innovative and cost-effective techniques will be required. Recent reports of high-profile security breaches appearing in the media as well as our own experience show that many systems, including those in the fintech area, remain vulnerable. By investing in a partnership project with SVV, the financial and legal risks of security breaches can be minimized.
 
 
Can you give us examples of R&D success stories where SVV has had a demonstrated impact on partners in the area of secure data management?
 
For a leading card transaction company, we have managed, through innovative automated security testing technologies, to find vulnerabilities in both its firewall and web services. For another company providing mission-critical web services, we have successfully developed automated solutions for the automated testing of access control mechanisms and the specification as well as run-time verification of complex access control policies. In the domain of eGovernment systems, we focus on legal and regulatory compliance through the modelling of the law and the run-time verification of business processes.
 
 
FinTech Gazette / January 2016