Waters Rankings 2021: Best cyber-security provider—Options Technology

Speak to any capital markets chief information security officer about the possibility of their firm being targeted in a cyber-security attack and you’re likely to hear that it’s not so much a question of if but when. Recent high-profile attacks—which continue to increase in frequency and sophistication—on a variety of organizations across a range of industries illustrate just how critical it is for firms to implement the necessary technologies and operational rigor to mitigate the operational and reputational risks associated with such incidents. 

Options Technology, a London- and New York-headquartered provider of managed trading infrastructure and cloud-enabled managed services, won the best cyber-security provider category in this year’s Waters Rankings, thanks to the security features residing within its Options Managed Colocation offering. According to Micah Kroeze, senior vice president of product management at Options Technology, the industry’s fastidious regulatory framework is one of the principal drivers of the firm’s security strategy, given the level of scrutiny regulatory bodies now employ when monitoring the capital markets firms under their purview. “As you know, cyber-security is an ever-evolving landscape and remaining current and maintaining rigorous operational security controls is critical,” he says. “Our security program is designed specifically to meet regulatory requirements for our clients—ranging from small buy-side firms all the way up to tier-one sell-side institutions—and their security requirements from a regulatory perspective are extensive, which means those same obligations roll on to us and any infrastructure we manage for them.” 

Kroeze explains that Options tests its own defenses regularly and invites it clients to do the same through recognized security experts. This typically entails Options running its own quarterly penetration (pen) tests, while its clients run as many as 35 to 40 such tests each year across the firm’s global estate, utilizing as many as 10 separate security agencies. Beyond pen tests and the ongoing validation of the firm’s perimeter and internal security, Options also undergoes security audits from some of the industry’s largest financial institutions to ensure that it complies with their own internal security standards. “We underwent 20 of them last year and it’s a recurring certification we have to do for each one of our clients,” Kroeze says. “One of the key differentiators for us is that there are many firms that can talk the talk about their level of security, but when you’re undergoing the frequency and rigor of audit [that we are], whether they are our own internal audits, third-party security auditors or our clients’ security teams, you end up with an incredibly secure base and validation that you can’t get otherwise.”

According to Kroeze, in response to increased global cyber-security risks, the firm has developed an artificial intelligence (AI)-based Automated Security Operations Center (AutoSOC) service designed to aggregate and intelligently respond to the millions of security data points Options consumes throughout its global infrastructure on a daily basis. Looking forward, he explains that Options will continue to develop its AutoSOC functionality along with all the other associated machine learning security platforms sitting within the firm’s environment. “We’ve spent a lot of time over the past few years enhancing our R&D and product services, and one of the things to have come out of that is a tremendous amount of automation, which is critical for ensuring stability and rapid time to market. Part of that ties in to the security aspect of whether we can know for sure whether anything has changed across our network and how we can maintain the health of that network on a consistent basis. Over the next 12 months we will be rolling out auto-healing network services based on that automation so that even in the event that something does change on our network that we were not expecting, it will auto-correct itself and flag that something has changed.”