The push and pull of identity security adoption in the financial services industry
By Ben Bulpett, EMEA Identity Platform Director at SailPoint
There is a dual movement spurring on the adoption of identity security in the financial services sector. Organisations are being ‘pushed’ by the growing threat of cyber-attacks to rethink and reinforce their security approach. At the same time, they are also being ‘pulled’ by the potential benefits of greater operational efficiency and improved compliance. It’s hardly surprising the banking and financial services industry is already looking for the hidden opportunities in the cyber challenges it faces. After all, it has been at the forefront of employing technology to transform the way it does business, from optimising operations to upgrading the customer experience.
Why identity, and why now?
Identity security is an approach to cybersecurity which focuses on a holistic view of all access in an organisation and the digital identities it is assigned to. This has the advantage of protecting every app, service and platform separately because it provides greater visibility and prevents perennial cyber threats such as password duplication, permissions creep and over-provisioning.
Identity security is coming to the fore now because the industry has recently been faced with a forced acceleration of digital transformation, thanks to the effects of the Covid-19 pandemic. Even before the pandemic, the rate of digitalisation in banking services and backend technology was increasingly integrated – both between an organisation’s various backend systems and extending to those of its partners.
A result of the increasingly digital nature of modern banking, there is a proliferation of data which needs to be protected. Financial institutions process millions of transactions containing vast quantities of sensitive financial and personally identifiable information every day. Combine the value of this information with the devastations that can result if it falls into the wrong hands, and it’s clear to see why a range of financial services firms are both risk averse and highly regulated – creating demand for security solutions which reduce risk and enhance compliance.
What is holding the FS industry back?
Despite significant investment in workforce training, the banking industry has one of the highest rates of insider data breaches. Departmental silos and complex organisational structures present challenges to achieving full visibility over user access, data storage, and systems. As banking has started the transition to digital, many are currently in a hybrid state which still contains non-cloud systems and a reliance on traditional means of tracking data such as spreadsheets and other manual processes.
The dual pressures of the need to secure digital data and the need to audit it are leading to greater adoption of the identity security model. But the shift is also highlighting the benefits that can be driven by using the latest technological innovations to do it. Automation can reduce the burden of repetitive manual tasks while ensuring the integrity and completeness of data sets. Adding ‘smart’ capabilities through the use of machine learning means that financial service organisations can uncover and resolve previously unknown issues that pose risk. The result of using these as part of an agile identity security system means it can learn and adapt as business needs change.
Future-proofing through enhanced security
Evolution (and new competition) in the banking sector means that expectations for secure and integrated business practices won’t let up any time soon. Identity security can be the means to future-proofing banking organisations by building in compliance, agility and a holistic view of access.