Invisible dependencies: The a part of the analytics stack we stopped questioning

Onur Alp Soner is the co-founder and CEO of Countly.

FinTech strikes quick. Information is in every single place, readability isn’t.

FinTech Weekly delivers the important thing tales and occasions in a single place.

Click on Right here to Subscribe to FinTech Weekly’s E-newsletter

Learn by executives at JP Morgan, Coinbase, BlackRock, Klarna and extra.

When an information breach makes the information, it’s often framed as an exception – a misconfiguration, an missed permission, a human error that would have occurred to anybody. The dialogue usually stops there, as if the incident itself had been the trigger. In actuality, breaches are extra usually alerts than failures. They expose dependencies that turned too central and too opaque lengthy earlier than something went flawed. By the point information is leaked, the danger has often been constructing quietly for years.

For a very long time, analytics sat in a secure psychological class. It was seen as observational, one thing that watched the system fairly than formed it. In contrast to funds, identification, or core infrastructure, analytics was not often handled as a layer that would materially have an effect on outcomes. 

In fintech, particularly, analytics now influences how methods evolve and the way selections are made, shaping product behaviour, threat controls, and even automation. But the infrastructure behind it’s nonetheless usually exterior, operating on third-party platforms outdoors the organisation’s direct management.

That is the invisible dependency we stopped questioning.

Why “no PII” stopped being a ample definition of security

When groups justify outsourcing analytics, the argument often centres on private information. Occasions are anonymised. No names or emails are collected. With out PII, the danger is assumed to be low.

Whereas that logic held when analytics was primarily about counting customers and classes, it breaks down as soon as analytics begins capturing how methods behave.

Fashionable occasion information does excess of describe particular person customers. It exposes the inner construction. Function names, inside URLs, experiment variants, error states, timing patterns, and backend responses reveal how a product is designed and the way selections circulate by way of it. None of this straight identifies an individual, but collectively it might reconstruct giant elements of a corporation’s inside logic.

That is the place the mosaic impact turns into related in observe. Particular person occasions seem innocent in isolation. Aggregated over time, throughout options and flows, they reveal how a product actually works. In fintech, this has actual penalties. Even anonymised occasions can trace at approval thresholds, threat scoring guidelines, or escalation paths. The sensitivity of analytics information in the present day lies much less in who it tracks and extra in what it reveals.

The bounds of “We deal with safety for you.”

Analytics distributors excel at scale, efficiency, and pace of integration. These strengths matter. What they don’t optimise for is long-term security, regulatory defensibility, or an organisation’s capacity to clarify its personal structure below scrutiny.

When distributors say they “deal with safety,” they often imply the complexity is hidden. You may’t see how information is mixed, retained, or what secondary alerts are derived. Invisibility is bought as simplicity, however management is changed with belief. Requirements like SOC2 validate controls, not architectural selections. A system will be totally licensed and nonetheless focus delicate analytics information in ways in which could be tough to justify below scrutiny.

That trade-off could also be acceptable elsewhere. For analytics that form selections, it creates structural threat by changing verifiable security with hidden methods and assumed belief.

Monetary ledgers already function below this logic: traceability, auditability, and possession are non-negotiable. Analytics now shapes selections simply as consequential, however it has not but been handled with the identical self-discipline.

How structural threat accumulates in analytics methods

Most analytics incidents don’t stem from a single unhealthy alternative. They emerge regularly, as methods tackle obligations they had been by no means designed to carry.

Groups add extra occasions, then extra context, then extra metadata. Function flags, experiment IDs, inside error codes, backend states, and consumer classifications slowly discover their manner into occasion streams. Over time, analytics turns into an in depth mirror of how the product really works. At that time, it stops being a passive reporting layer and turns into a type of institutional reminiscence.

When information is uncovered, what leaks isn’t simply uncooked numbers. It’s construction: how options are rolled out, how selections are staged, how companies work together, and the way edge instances are dealt with. Current incidents have proven this clearly,  with logs as soon as thought of innocent revealing inside routing logic, experiment configurations, admin paths, and behavioural patterns that ought to by no means have left organisational management.

AI doesn’t introduce this threat, however it amplifies it. Behavioral analytics more and more feeds automated determination methods, which means structural publicity can affect mannequin habits, bias, and determination logic. A single incident can have an effect on not simply transparency, however how methods act going ahead.

In fintech, the influence is amplified additional. Analytics information usually sits near methods that assess belief, detect fraud, or automate approvals. Even when analytics doesn’t make selections itself, it more and more shapes the methods that do.

Comfort as an alternative choice to scrutiny

For groups below stress to maneuver quick, polished dashboards, fast integrations, and instantaneous insights are arduous to withstand. Over time, although, comfort tends to exchange scrutiny. Few organisations map their analytics information flows intimately, assess how tough it might be to exit a platform, or account for the way a lot institutional data has successfully been outsourced. That is not often a deliberate alternative. It’s the results of treating analytics as tooling fairly than infrastructure.

This isn’t an argument in opposition to third-party companies basically. Actually, some layers are well-suited to being rented, particularly when failure is contained, and exit is easy. The excellence that issues is whether or not a system shapes outcomes.

To place it plainly, any system that influences entry, belief, eligibility, or core consumer expertise must be seen, auditable, and totally understood by the organisation that depends on it. Methods which might be straightforward to exchange and don’t encode institutional logic can safely reside outdoors the establishment.

A easy take a look at clarifies the boundary: if this technique disappeared tomorrow, would you continue to be capable of clarify how your product behaves and why selections are made the way in which they’re?

The broader accountability query

Fintech methods more and more operate as public-facing infrastructure. They form who can open accounts, entry credit score, or take part within the economic system. That actuality shifts the accountability mannequin. Architectural selections are not purely inside technical selections; they carry societal penalties.

When vital layers corresponding to cloud platforms, analytics methods, or AI fashions are concentrated in a small variety of opaque methods, failures and unexplained selections can ripple far past a single firm. Invisible dependencies do greater than enhance safety threat. They weaken accountability.

In the end, if a system can’t be seen, it can’t be ruled. And methods that can not be ruled shouldn’t be trusted with selections that materially have an effect on individuals’s lives. Analytics stopped being purely observational a while in the past. Our structure, requirements, and assumptions have but to catch up.

In regards to the writer

Onur Alp Soner is the co-founder and CEO of Countly, a digital analytics and in-app engagement platform. A technologist and self-starter, he bootstrapped Countly from the bottom as much as give corporations extra management over how they perceive and work together with their customers. Beneath his management, Countly has grown right into a trusted platform for enterprises worldwide that need to innovate rapidly whereas conserving consumer privateness on the centre of their progress methods.