The UK’s fintech sector is booming. Despite Brexit related uncertainty, it hasn’t stopped investors ploughing $16bn into the UK fintech market in the first half of 2018 alone. These investments in the UK surpassed those made by both of the world’s financial power houses, the US and China. It remains Europe’s main hub for financial technology start-ups, providing over 60,000 jobs and contributing around $7 billion annually to the economy.
As the jewel in the UK economy, investors recognise the need to capitalise on fintech companies relentless push to innovate, disrupt and democratise away from old, entrenched ways of doing business. With the arrival of the open banking regulation, banks and fintechs are also under pressure to innovate at pace and provide customers with personalised on-demand services. From blockchain to AI, cryptocurrency to peer-to-peer lending, the sheer range of new ideas originating in the banking industry is exciting. But the continued success of the UK fintech market will rely on the investment organisations place on security.
Cloud holds the key to modern banking
In an ultra-competitive market, traditional high-street banks are scrambling to pursue digital transformation projects to become more agile in the face of aggressive time-to-market, fierce competition for customers and changing business models shifting from product-centric to customer-centric. But whether it’s an old banking giant or a new challenger bank, it is cloud computing that provides the foundation of the modern era of banking.
For IT leaders the cloud is crucial as it supports the rapid, continuous development of application-based services, enabling firms to react quickly to market demand with innovative new offerings. The scalability and elasticity supports a more agile business and empowers fintech firms to be more efficient, doing more with less.
The rise of challenger banks such as Monzo, Revoult and Sterling have signalled a decisive shift to mobile and internet banking. HSBC is the latest banking giant to revamp its mobile banking offering to compete with these challengers. Again, it is the cloud’s ability to support users anytime, anywhere, on any device that is vital for a mobile, app-driven world.
From a regulatory perspective, cloud technology has helped banks and fintechs achieve compliance in the era of GDPR. The new regulations enable customers to contact organisations to access their personal data and have this removed if required. The traditional server infrastructure in banking is often cumbersome, making it far more difficult to access customer data. By using the cloud, banks can quickly locate and address some the data breaches and questionable handling of customer data that has been seen in recent times.
Secure your APIS, now!
But this innovation must not come at the expense of security. The evolving technology and regulatory landscape means that cloud technologies must have security baked at its core.
Financial services must also not overlook the security risk associated with the creation of banking apps in the open banking environment – in particular, API security. As developers within banks and fintech companies use APIs to connect technologies (most commonly apps, but also platforms and systems), they create new digital banking innovations and remove barriers to allow more efficient, simpler ways to kickstart innovative programs.
While the value of inter-connected applications is undeniable, there are also significant risks. APIs provide open connections between platforms, a failure to protect these connections will provide hackers with the opportunity to attack API services with both stolen or invalid credentials. It is essential that developers and security teams within these organisations pay close attention to securing APIs.
To illustrate this, visualise a door: you want to make sure only the right people (or in this case, apps) have the correct keys. You can do this by specifying the conditions under which actions are taken, giving you precise and confident control over your APIs. Additionally, integrating and identifying contextual factors such as IP addresses, geolocation, and device identification can increase security and reduce credential-based attacks.
Don’t underestimate the threat from within
With the boom in online banking and mobile apps, identity access management (IAM) becomes essential for securing financial services. External threats such as hackers are most commonly associated with identity theft and fraud, but too often internal threats are neglected. Banks and fintechs must realise the cybersecurity risk associated with their employees. Both human error and malicious intent could lead to damaging data loss/theft. Mistakes made by staff accounted for 62% of all breach incidents reported to UK the Information Commissioner’s Office (ICO), according toresearch from 2016.
Staff could be tricked into clicking on convincing-looking phishing links designed to harvest their credentials. Malicious insiders are even harder to spot as they will do their best to cover their tracks. Some may even take data with them to a competitor when they leave.The 2018 Insider Threat Report estimates that 90% of global organisations feel vulnerable to insider-related risk. The main contributing factors highlighted by IT leaders are too many employees with excessive access privileges (37%), and an increasing number of devices with access to sensitive data (36%). For financial services companies, these problems are particularly acute.
The answer lies in changing the way companies regulate IAM so employees only have access to systems, apps and platforms they need, and that access is granted in a secure manner. A vital starting point is moving away from relying on passwords alone and use risk-based multi-factor authentication on all of the infrastructure. Adopt stronger authentication policies that ensure employees have access to only the information they need to do their work.
Security breeds success
In the battle to dominate the market share in the modern era of banking, players in the financial services industry realise they must be agile, collaborative and scalable. They are under pressure to innovate at pace to appeal to a customer base that no longer cares for blind banking loyalty. But banks and fintechs cannot neglect cybersecurity risks at the expense of innovation.
The rise of digital banking means consumers are placing more personal data and information in the hands of these companies. Cybersecurity, in particular identity and access management, becomes a key driver in attracting and retaining customers new and old. To stand a chance of remaining successful in the future banking market, financial services companies must ensure IAM policies are thorough, while guaranteeing API security. Any lapses here will cost a company dearly.
As General Manager, EMEA, Jesper Frederiksen is responsible for driving Okta’s growth in Europe, the Middle East and Africa. He is also tasked with developing and retaining talent, driving customer success, giving back to the local community and increasing Okta’s brand awareness in the region.
Jesper brings more than 25 years of sales, technology and leadership experience to Okta, most recently spending four years with DocuSign, leading the company’s expansion across EMEA as Vice President and General Manager. Prior to DocuSign, Jesper held various leadership roles at Parallels, Symantec, Google and NetIQ.