News & Commentary

11:14 AM
Adrian Ungureanu and Tony Tummillo, Capco
Adrian Ungureanu and Tony Tummillo, Capco
Commentary
50%
50%

Electronic Signatures - Part II: Navigating the Vendor Space

In part two of our series on electronic signatures, we discuss the challenges in navigating the electronic signature vendor space and the intricacies that exist beyond the simple capture of an electronic signature.

A quick scan of the electronic signature vendor landscape shows a market jam-packed with competition. Although the technology has been around for more than two decades, the electronic signature vendor space is clearly in a growth cycle. According to an industry study recently published by Gartner, the overall market for electronic signature software and services grew by 48 percent from 2010 to 2011, with similar growth expected in 2012 and beyond. What is driving this growth? We believe a few factors are responsible. First, growth in the electronic signature vendor space is directly correlated with growth in mobile commerce (e.g., commerce conducted via smartphones, tablets, etc.). Second, the emergence of cloud-based/Software as a Service (SaaS) models has lowered the barriers to market entry, resulting in a rapid influx of new competitors. In 2009, only about 5 percent of electronic signature activity was SaaS supported; projections show that figure around 50 percent by 2014.

Rapid growth in the electronic signature vendor space presents a number of challenges to financial institutions seeking to select a vendor. For example, how do you know a vendor is reputable? Is it financially viable? How is it capitalized? Is the market ripe for consolidation? Will this vendor be around in five years? These questions and many others can be overwhelming when evaluating electronic signature vendors.

[See Related: Electronic Signature — Part I: Challenges and Business Justification]

How can you tell these vendors apart? In the end, the process of differentiating software vendors depends on an institution’s own business needs and requirements. Are data security and the ability to retain a complete audit trail of each signature transaction important to you? What about ease of use and deployment? In a recent discussion with Silanis, the company indicated that its key differentiator (since early on its products were developed to support the U.S. Army) is security. On the other hand, DocuSign’s solution is very consumer-focused (although its list of clients includes several major institutions) to the point that it has developed a mobile app (DocuSign Ink) and even sells its product individually on its website.

While there is no substitute for your own due diligence, the following considerations can help you navigate the electronic signature vendor space:

• Rely on the implied due diligence of other institutions, which provides you with an easy way to reduce your list of potential vendors. Look for software vendors that have financial services/ banking sector clients or customers in other highly regulated industries (e.g., federal government).

• Check out software vendors that have been evaluated by independent industry/market research companies. For example, Gartner and Forrester have analyzed the electronic signature software space and their reports are often free. The hidden value in these reports is that they provide a good indication of a vendor’s relevancy in this market space.

• Look for software vendors that have established key vendor relationships. This provides an indication of a potential vendor’s credibility.

• Focus on vendors that support both on-premise and off-premise (SaaS) software service models. Many newer and less-established vendors only provide their software in an off-premise (SaaS) mode. Vendors that support both models provide an indication of their viability as a software provider.

Navigating through the electronic vendor space can be a significant challenge in its own right. Add to that complexity your institution’s requirements for integrating with certain hardware components (e.g., signature pads) and software (e.g., sales and service platforms, enterprise content management, or ECM, solutions) and you have a monster of a challenge on your hands.

What typically happens once an institution has decided to implement an electronic signature solution is a scramble to evaluate the top vendors, assess their products and offerings, and then eventually put a selected few through an RFI/RFP process. While these are important steps in the overall process, they should not be completed until you develop a thorough understanding of the impact electronic signature will have on downstream processes and existing applications/infrastructure. Consider these important questions before selecting an electronic signature vendor:

• Which of your business processes are best suited for electronic signature (e.g., highly commoditized and standardized transactions)?

• Where should you start? How do you develop a strategic road map?

• What are the system/architecture constraints?

• How will electronic signature be integrated into existing applications (both from a technology and process perspective)?

• What are the legal or regulatory constraints?

• Are there any third-party constraints (e.g., loan syndications, mortgage securitization)?

• Once captured, how will electronically signed documents be used, retained and disposed of?

Overwhelmed yet? No wonder many financial institutions are still coming to grips with this capability. In our opinion, it’s not so much about the functionality itself, or the vendor space, but developing a thorough understanding of your business requirements, capabilities and constraints, and the alignment of that understanding with the right vendor.

If you have implemented an electronic signature solution, what were some of the lessons learned? If you’re in the process of implementing it, what challenges are you facing? If you’re in the planning phases, what are some of the hurdles you’re trying to overcome?

Adrian Ungureanu is a principal consultant, and Tony Tummillo is a senior consultant, in Capco’s Banking practice.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Here is what the client expects us to develop...
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.