Security is the new reputation management in financial services

Technology has redefined competitive edge for traders – so much so that banks are becoming IT companies with a banking license – and it’s revolutionized how banks manage and protect billion-dollar funds and transactions.
Author: Bart Coole, Country Manager VMware Belux

What can you accomplish in a minute? In 30 seconds? In a second?

Michael Lewis famously wrote about the importance of small units of time to create significant advantages in his book Flash Boys. Lewis highlights the masses of sensitive data, traveling via ultra-fast connections over big networks, and the milliseconds (thousandths of a second) traders have to see other buyers’ orders before they are executed. This miniscule advantage, enabled by technological advances, is enough to set rivals apart according to Lewis, and enough to turn computer programmers into Wall Street’s biggest players.

Technology has redefined competitive edge for traders – so much so that banks are becoming IT companies with a banking license – and it’s revolutionized how banks manage and protect billion-dollar funds and transactions. But within an industry that’s continuing to radically transform, how can financial services organizations keep delivering the security that’s needed, at the pace that’s required to innovate and keep ahead of the competition – even if it is a millisecond – to maintain their reputations and drive growth?

Keeping reputation intact

Reputation is one of the three big challenges for financial institutions, alongside customers and competition.  All three impact the profitability of a company and are all based on the essential ingredient of trust, which is inextricably linked to IT security.

Firstly, data security; financial services companies have to ask whether their customers feel safe and trust the bank with their sensitive data. The consequences of failure to do so can be huge. In September, Italy’s largest bank UniCredit SpA admitted hackers stole biographical and loan data from 400,000 client accounts, while data thefts from UK financial services organizations saw a jump of almost 25% last year. Customers will flock from companies where personal data is compromised.

For a better grasp of where data is and how it’s secured, companies should look deeper into their infrastructure security. The legacy models of securing the network only at the perimeter are no longer enough to resist the complexity, variety and pace of attacks. Instead, firms need a ubiquitous software layer across infrastructure and endpoints that’s independent of the underlying physical infrastructure or location. This will give the enterprise the ability to gain visibility and context of interactions between users and applications, and therefore have a better understanding of the security services needed.

Availability of services is also key to the reputation of banks. Consumers are demanding more services, faster, putting real pressure on firms – so much so that 71% of UK IT security professionals in the sector admit their organization allocates funds to protect customer facing applications and systems over their internal systems. While firms must respond to demand quickly they must ensure that every part of the process is secure. This can require a zero-trust environment, where trust has to be established between users, devices and cloud services – something that can be managed via role-based access and monitoring, as well as unified identity and device management. The availability of services is crucial; many banks have been recent victims of distributed-denial of service (DDoS) attacks, preventing customers from accessing their accounts online or even withdrawing money from ATMs, again alienating customer bases and compromising reputations.

On top of all this, the incoming EU General Data Protection Regulation (GDPR) and PSD2 directive, both coming in next year to protect the personal data of EU citizens, are making compliance and regulation even more important in an already heavily regulated sector. Companies can use it to their advantage as a marketing tool; gaining the trust of new customers who want to ensure their data resides in a particular jurisdiction. From an IT perspective, addressing potential data gaps through the likes of robust identity verification, role-based access to sensitive data and security policies restricting data transfer across unauthorized networks remains crucial for companies that want to be seen by their clients as secure firms.

Finally, and this shouldn’t be underestimated, the innovative power of a financial services organization is key. Simply, is your bank seen as an innovator or not? In today’s age of agile fintech competitors, it needs to be. And being secure from an IT security standpoint will help companies to innovate and deliver new services at speed that were not previously possible. For example, Bank Leumi, Israel’s leading bank, worked with Temenos and VMware to create an advanced digital banking platform. It helps incumbent banks, big retailers and new entrants around the world significantly accelerate time-to-market of an end-to end mobile retail banking solution, and enables the rapid introduction of new features.

Using security to manage reputation, risk and reward

Ultimately, reputation in financial services is now reliant on the concept of risk. Gone are the days of infrastructure-based security – a risk-based and application-based approach is needed to secure this new world of banking at speed.

It’s become very difficult to defend each and every attack, so organizations must focus on what the known ‘good’ should look and behave like, rather than try to keep up with the ‘bad’ – the new and unknown threats facing businesses every day. Having contextual intelligence to understand this ‘good’ means no guesswork, providing complete awareness of what changes across the whole estate are legitimate – and which are possible threats. Alongside this, the creation of granular network segments can ensure every part of the environment has its own security, reducing the company’s attack surface so that it has better protection against malicious attacks.

Financial services organizations cannot afford anything less than end-to-end visibility and control, all the way from the device to data center. This ‘security-everywhere’ strategy can then serve as the organizational backbone – supporting secure innovation at real pace in an industry of often minuscule margins, to ensure the right balance exists between reputation, risk and, finally, reward.