Trading Venue Availability
Trading Venue Availability
Trading Venue Availability
Citihub was engaged by a Tier 1 European Equities Venue to conduct an infrastructure availability review of their European Dark Pool platform.
The provider had experienced unplanned outages and needed to identify potential availability risks and single points of failure affecting business systems.
The scope included all underlying infrastructure for matching engines and messaging and external connectivity. The study necessitated a full physical audit of data centre assets, and a full review of network infrastructure and Metro WAN inter-site connectivity.
How Citihub Helped
Citihub’s Application Risk Assurance (ARA) methodology was used to complete the review. This is a holistic, structured, and evidence-based approach covering all factors that affect infrastructure availability. ARA measures infrastructure availability through design reviews and analysing planned and unplanned infrastructure fail-overs.
Citihub’s review found that the infrastructure which was designed for high availability (HA) and fault tolerant capabilities still had a number of high-risk components compromising the HA design. These included: subtle but unintended single points of failure (SPOFs), latent run-time silent configuration errors, placement of HA services on shared frames, DNS issues, EOL hardware issues, and evolving BCP plans and insufficient testing of contingency plans.
Our review identified more than 80 risk items and categorised these as either High, Medium or Low based upon the potential for future impact and the probability of impact occurring. Risk items were also aligned by theme – covering such areas as Strategy and Architecture, Database Design, SPOFs, Operations Models and tools, BCP, and DC and Networking design.
The Client’s infrastructure SMEs reviewed risk items and took required remedial actions. “Red Hot” items identified as immediate risks to the business were resolved as they were identified, and other High Priority items were remediated through normal infrastructure investment upgrade plans.
Some risk items identified during the ARA were known to the client, but independent verification enabled the client to secure funding for full remediation.
Externally verified and validated Dark Pool Infrastructure design
As a result of this review, our client was assured that critical infrastructure was well implemented in practise – all designs were verified or proposed to be verified as part of this review. The client also benefitted from the experience of the Citihub’s consultants who have completed many of these types of reviews – experience, insight and knowledge transfer are key parts of these reviews.
An up-to-date findings Risk Log with prioritised remediations
A key output of this review was a detailed findings Risk Log with prioritised recommendations. This approach allows identified risks to be discussed, reviewed internally, and then, as required, funded and resolved.
Assurance through testing that their Infrastructure performs and is highly available
Citihub’s Application Risk Assurance methodology by design is data-driven, where all evidence about a client’s infrastructure is documented and all findings verified and supported by actual data. In line with an evidence-based approach to High Availability, we look to see all infrastructure components regularly fail-over tested to give clients the confidence of knowing that their critical infrastructure actually works.
Related Case Studies
BREXIT: CASS Client Money Asset Return (CMAR)
A tier one global Investment Bank required a business and functional analysis of their post-Brexit client money management solution. The bank’s...
Essential Capabilities for building Defense in Depth for Public and Hybrid Cloud
The explosive increase in Cloud Services consumed across the industry, coupled with a dramatic incre...
FT Names Citihub Digital as one of 2021’s Leading Management Consultants
“We’re thankful to be recognized for the 4th successive year for our leadership in financial ser...
Cyber Resilience is more than Detect and Prevent, it’s also about Respond and Recover
Joining forces with Synechron, our Risk & Cyber Security SMEs Graham Fletcher and Gavin Wilson share...
Digital Transformations in the age of COVID-19
Joining forces with Synechron, our Enterprise Transformation SMEs offer their perspectives on why a ...
Meeting your Data Obligations in the Cloud After Brexit
Joining forces with Synechron, our RegTech SMEs – Bob Mudhar & Anand Chandra - talk about the the ...
How to set up a Test Coverage threshold in Go and Github
Senior Consultant Luis Carrazana enumerates the steps needed to implement a Test Coverage Threshold...
Cyber security and the growth of untrusted infrastructure and hybrid workforces
Joining forces with Synechron, our Dev & Sec SMEs talk about the increasingly important role of clou...
Increasing test coverage without slowing down development
Are you confident about refactoring your legacy project? What are you doing to ensure stability with...
15 Minutes with: Utsav Ratti on Smashing the silos between IT and business teams
Has the pandemic made the divide between IT and business teams worse or has it presented an opportun...