Trading Venue Availability
Citihub was engaged by a Tier 1 European Equities Venue to conduct an infrastructure availability review of their European Dark Pool platform.
The provider had experienced unplanned outages and needed to identify potential availability risks and single points of failure affecting business systems.
The scope included all underlying infrastructure for matching engines and messaging and external connectivity. The study necessitated a full physical audit of data centre assets, and a full review of network infrastructure and Metro WAN inter-site connectivity.
How Citihub Helped
Citihub’s Application Risk Assurance (ARA) methodology was used to complete the review. This is a holistic, structured, and evidence-based approach covering all factors that affect infrastructure availability. ARA measures infrastructure availability through design reviews and analysing planned and unplanned infrastructure fail-overs.
Citihub’s review found that the infrastructure which was designed for high availability (HA) and fault tolerant capabilities still had a number of high-risk components compromising the HA design. These included: subtle but unintended single points of failure (SPOFs), latent run-time silent configuration errors, placement of HA services on shared frames, DNS issues, EOL hardware issues, and evolving BCP plans and insufficient testing of contingency plans.
Our review identified more than 80 risk items and categorised these as either High, Medium or Low based upon the potential for future impact and the probability of impact occurring. Risk items were also aligned by theme – covering such areas as Strategy and Architecture, Database Design, SPOFs, Operations Models and tools, BCP, and DC and Networking design.
The Client’s infrastructure SMEs reviewed risk items and took required remedial actions. “Red Hot” items identified as immediate risks to the business were resolved as they were identified, and other High Priority items were remediated through normal infrastructure investment upgrade plans.
Some risk items identified during the ARA were known to the client, but independent verification enabled the client to secure funding for full remediation.
Externally verified and validated Dark Pool Infrastructure design
As a result of this review, our client was assured that critical infrastructure was well implemented in practise – all designs were verified or proposed to be verified as part of this review. The client also benefitted from the experience of the Citihub’s consultants who have completed many of these types of reviews – experience, insight and knowledge transfer are key parts of these reviews.
An up-to-date findings Risk Log with prioritised remediations
A key output of this review was a detailed findings Risk Log with prioritised recommendations. This approach allows identified risks to be discussed, reviewed internally, and then, as required, funded and resolved.
Assurance through testing that their Infrastructure performs and is highly available
Citihub’s Application Risk Assurance methodology by design is data-driven, where all evidence about a client’s infrastructure is documented and all findings verified and supported by actual data. In line with an evidence-based approach to High Availability, we look to see all infrastructure components regularly fail-over tested to give clients the confidence of knowing that their critical infrastructure actually works.
Related Case Studies
BREXIT: CASS Client Money Asset Return (CMAR)
A tier one global Investment Bank required a business and functional analysis of their post-Brexit client money management solution. The bank’s...
NYU partnered with Citihub to offer a course on public cloud security technologies
Citihub was recently added as an industry partner to New York University’s (NYU Tandon) Cyber Security program. Exclusive to NYU Cyber...
Ian Tivey & Jim Oulton Named Technical Directors
Ian Tivey and Jim Oulton have been promoted to Technical Directors, a role reserved for senior leaders in Citihub who provide...
In the press
Using a ‘Three Lines of Defense’ Program to Balance Development Stakeholder Needs
Using the NIST three layers of defence as a framework, Citihub’s Glen Notman outlines how to leverage agile development capabilities and underpin them...
In the press
The Balancing Act
In this podcast, we will go into the details of how the “technical” automation-for-speed perspective is shifting to a “business-centric” perspective...
Life (and work) in the time of Corona
Less than two months after starting his job at Citihub, Senior Consultant Luis Carrazana, together with the rest of New York,...
In the press
Role of Security in a Digital First Enterprise
Join Citihub’s Glen Notman as he injects practical insights on how to enable security practices in a digital enterprise.
In the press
Compliance Challenges in a Lockdown World
The ongoing coronavirus crisis has changed business norms around the world, but as organisations struggle to come to terms with large-scale...
In the press
Institutionalizing DevSecOps in the Large Enterprise
Citihub’s Chris Zanelli, joined by several industry peers, will discuss topics across DevOps & DevSecOps, Enterprise Compliance as Code, Cloud Compliance...
Military Veterans are Welcome at Citihub Digital
This Memorial Day, when the rest of the United States of America will pay tribute to the military personnel who have...