balancing user experience with security regulatory considerations
TRANSCRIPT
Balancing User
Experience with
Security & Regulatory
ConsiderationsSANTIAGO CAVANNA – CYBER SECURITY EXPERT (SANS/ISC2/ISSA/ISACA/CSA)
[email protected] / @SCAVANNA (MICROSOFT, SYMANTEC, IBM, CA TECHNOLOGIES)
Possible Futures…
Understanding Market & Consumers
Challenge to Meet Expectations
Source: Accenture, 2014 North America Consumer Digital Banking Survey, “The Digital Disruption in Banking”
27%
Would consider a
branchless digital
bank
71%
Consider their
banking relationship
to be transactional rather than
relationship driven
51%
Want their bank to
proactively
recommend products and
services for their
financial needs
48%
Are interested in real-
time and forward-
looking spending analysis
Common Market Drivers
Customers are used to dealing with Digital Leaders on a day to day basis
Why Should Banking Be Different?
Market & Industry Innovation
Bio-Metrics
Responsive Design Across
Digital ChannelsFacial Recognition
Digital End PointsNextGen ATM
Customer Behavior
Profiling
Voice Recognition
Driven Mobile
Applications
Low digital maturity High digital maturity
RETAIL BANKING ONLINE BANKING LOCATION & SERVICE APIs
ACCOUNT APIs
ALERT/MONITORING APIs
MOBILE PAYMENT APIs
DIRECT DEPOSIT APIs
INVESTMENT APIs
P2P MOBILE PAYMENT APIs
LOYALTY PARTNER APIs
P2P LENDING APIs
WEALTH MANAGEMENT
APIs
Digital Transformation in Financial Services
Offline / In-Person Web Mobile Omnichannel Ecosystem
5 Key Principles of Trusted Digital Relationships
Value MeMake it Easy for MeProtect meEnhance my experiencePartner with me
DIGITAL
TRUSTED RELATIONS
Digital Transformation requires
Identity-Centric Security
On Premise Apps
Cloud Services
Connected Devices
CustomersCitizens
Partners
Employees
Trusted Digital RelationshipFor Legos
Risk
-ba
sed
Au
the
ntic
atio
n
On-
boarding
Self
Service
Certify
Refine
Identity Management
& Governance
USERS RESOURCES
Access
Federation
Behavioral Analytics
Privileged Access
Management
API Management
Partners
Things
Employees &
Administrator
s
CustomersMobile
Web
API
Cloud Services
On Premise Apps
Systems
Data
Security posture must do more than…
just Secure
ENABLE THE BUSINESS
Cloud Services
On Premise Apps
Engage with your
customers faster & better
Make your
employees more productive
CustomersCitizens
Employees / Partners
Connected Apps / Devices
PROTECT THE BUSINESS
Strongly
validate each user’s
identity
Govern &
control user access
Protect
privileged identities
To discuss: (later)
Are banks protecting their customers, or just complying with regulations?
Are the regulation put in place locally (Arg) thinking in the financial customer/citizen in 1st place?
Which market failure, the financial market regulations do you think was created for
The regulations are enough?
To do what?
The Security mathematical-statistical Authority Dilemma – ROI, Threat Agents, Momentum and others Security concerns
Are the regulations a real limits (technologically spoken) or the logical basement?
Do you read the regulations?
Do you understand the regulations? (the spirit of the regulation, I meant)
Do you (as bank) propose new interpretation of the regulations or exceptions? Banco Original (Brasil) / MercadoPago / NacionServicios (Arg)?
Are the regulation adapting at the information technology velocity?
Are the security to expensive and who should pay for it?
Security for Digital Transformation requires
AND (not OR) Model thinking
The BCRA could not have all the pieces of information to create new regulations Market
Opportunity to help and to growth.
The customer choice because they believe that they can do that.
By analogy and because every day appear new options and very low move barrier/cost to change the
current service provider.
The customer want more security (not less) but want easy ones (not weak ones)
They want to be recognized as customer and person. (they are not stupid)
In the new Argentina Civil Code, the big challenge will be:
“acciones de clase” y la determinación del colectivo representado en juicio
Questions?
SANTIAGO CAVANNA – CYBER SECURITY EXPERT (SANS/ISC2/ISSA/ISACA/CSA)
[email protected] / @SCAVANNA (MICROSOFT, SYMANTEC, IBM, CA TECHNOLOGIES)