Disruptive innovation in today’s digital world demands an extremely rapid time to market from enterprises – whether it is changes to existing capabilities, new capabilities being added, or completely new businesses being built from the ground up. However, this means that a lot needs to be considered
Innovation extends to enterprises in the financial world as well – payment gateways, processors, banks, regulatory bodies, or providers of alternate payment methods are all expected to cater to this rapid pace of change demanded by the businesses of today. From the perspective of financial institutions, the problem is infinitely more complex and multi-dimensional.
Go deeper with GlobalData
The past few years have seen significant changes in the way an increasingly ‘phygital’ customer base pays for things bought both in store and online. Payment methods have evolved from chip and pin devices to NFC to wearables like smart watches, biometric payment methods and more recently – the ‘selfie’ as a mode of payment. While retailers aim to decrease the number of actions a customer needs to carry out in order to place an order, supporting each of these new payment methods and managing the security implications of each has been no easy feat.
One common initiative amongst all enterprises today is the need to differentiate themselves to the customer. Evolving IT systems have resulted in businesses having a ‘fragmented view’ of their own customer; increasing access to information about their customers from social media have added new fragments; access to levels of detail that was simply not possible before; detail that can be utilised to create a significantly better customer experience. This, however, means increasing levels of private information are being stored and managed – for example, paying for an order through a selfie needs a photograph to be stored and retrieved, facial recognition capabilities enabled in the applications, and support within protocols and message formats to structure, transfer and validate this information in a secure manner millions of times per second.
On the B2B side, the need for better scalability, reliability and interoperability between application systems has led to the development of new standards and protocols. The rapid time to market needs from today’s enterprises have seen a tremendous ‘shift’ in both the design and adoption of some of these technologies, from proprietary products owned and managed by a single large vendor to an increasingly standards-based, polyglot style of products and implementations. Architectural styles have also evolved – from large monolithic application systems to significantly componentised micro-services style models – designed for very rapid changes, minimal downtime, and extremely customisable scalability.
While options to improve scalability have increased, so has demand – it is predicted that the internet of things will bring the number of connected devices to over six billion in 2016, and the number is expected to cross 38 billion by 2020. More than the sheer number, the challenge with IoT lies in autonomous decision-making: imagine if your dishwasher could automatically alert the support team if it detects a fault, or if it could place an order automatically through a retailer when it detects low levels of dishwasher salt – and all the security implications.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataLast, but not least, are changes to the core of all financial transactions: money itself. Use of alternate digital currencies like bitcoin have been on a steady increase – adoption of these currencies has also grown across enterprises, leading to new integration challenges. More importantly, the underlying technology, blockchain, offers a distributed no-trust open ledger, which is expected to change the way secure transactions are conducted.
In the light of above, the banking industry would need to enhance their existing security to rollout fraud monitoring, detection, and prevention systems.
Today, technologies are available to deploy large scale fraud detection monitoring and prevention systems. While a few banking industry leaders have adopted such mechanisms and deployed systems, others would need to increasingly focus on building systems that protect and monitor against threats originating from piggy backing on network vulnerabilities, financial transaction frauds, inter-system communication, data movement across various systems (on-prem, cloud and SaaS), and API based integration with ecosystem partners while keeping the threat surface isolated from bank’s core business processing systems.
Architecting secured systems
This is driven by security architecture principles and standards, and is enabled through secure engineering methodologies like building and refreshing secure coding guidelines, continuously defining and refining security for data-in-motion and data-at-rest, securing data footprints across IT ecosystem that includes big data stack, securing incoming and outgoing end-points and securing API and associated downstream systems. White-box testing and Penetration testing will continue to be the key components of system security validation practices.
Monitoring for vulnerabilities
The banking industry has invested in building NOC (network monitoring centres), which closely monitor the availability and performance of its systems. It enables them to proactively identify and address various bottlenecks. We believe that banking industry will need to start building, if not already, SOC – security operations centres, which will monitor security vulnerabilities and threats across various dimensions like infrastructure, applications, data-in-motion, data-at-rest, potential financial transaction frauds through real-time stream data analytic processing, API security and, device security.
Proactive threat identification through non-systemic measures
Traditionally, security is addressed through planned penetration testing, security risk and compliance auditing, security trainings, guidelines, and standards. Due to the increasing cybersecurity threats and emerging vulnerabilities which have resulted from new emerging business and computing models, we see an increasing need for proactive in-house identification and the uncovering of security vulnerabilities.
Drawing a parallel from the Netflix ChaosMonkey tool, which identifies and introduces component failures to check how systems react to such failures and how they impact on system availability, it will not be long before such tools exist in the cybersecurity domain to identify security holes in the systems and create incidents. These will enable enterprises to continuously monitor and proactively address any security vulnerabilities in their system landscape.
By Dinesh Sharma, Chief Architect – Digital Business and Rajamani Saravanan, Chief Architect and Head of Central Architecture Group (EU) at Mindtree
