Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .


Why legacy access permissions need to be of greater concern for financial organisations

iStock 1620527146 - Global Banking | Finance

Why legacy access permissions need to be of greater concern for financial organisations

Picture1051524 - Global Banking | FinanceBy Justin Jon Thorne, co-founder of Hydra

Security is the number one priority for all financial organisations. There’s not simply the universal issue of having client data to protect but the very tangible concern of money, making data breaches and cyber attacks a matter of paramount importance for any business operating within the financial sector. But while the protection of client data and internal security are matters of compliance and taken extremely seriously as such, other areas are more likely to be overlooked, including legacy access to external SaaS platforms.

SaaS platforms are deployed by almost every contemporary business, whether for marketing or technology, and their management is often outsourced. They’re a highly efficient and cost-effective way to manage a variety of essential tasks. But they also hold the potential to expose businesses to vulnerability.

Why do financial institutions need to be more aware of legacy access permissions?

Legacy access is something easily overlooked by financial organisations because it rarely relates to integral inhouse systems, where a simple overview of access permissions will almost always be available. The areas that cause problems are typically third-party SaaS, social media, and advertising platforms. Even if these are managed in-house, access permissions can be difficult to oversee, as each platform will have its own unique security protocols, most of which cannot be answered with the use of password vaults or similar. And while SSO, PAM and IAM platforms are typically routinely deployed within financial businesses, they are simply not compatible with many third-party sites, leaving financial institutions exposed.

What harm can come from legacy access permissions?

The failure to remove access permissions from people who no longer have legitimate reason to need them – whether ex-employees or the staff of an agency a business is no longer working with – can lead to a range of potential risks. For some, that risk will take the shape of reputational damage. As Burger King found, even if it’s clearly off-brand, a well-phrased tweet can draw enormous attention and alienate a sector of your audience – and no news spreads faster than a juicy reputation shattering story. For others, it may be sabotage, espionage, or the misappropriation of funds. They are all equally easy to perpetrate for someone with both access and an axe to grind, and can all take a lot of time and effort to recover from. And with so many external channels and SaaS platforms now employed by financial institutions, those risks are dramatically amplified.

And to increase the jeopardy even further, added to those risks, for financial organisations, there is the further concern of compliance, with GDPR and other regulatory standards to adhere to, the protection of customer privacy even more pressing than it has previously been.

Why is legacy access so difficult to manage?

Aside from the fact that there are so many different external channels now in play and that they are incompatible with standard management and security platforms, the security protocols of the individual platforms complicate legacy access permissions. With many social media platforms, for example, users can only access business services when they are linked to their own personal profiles. It can be hard for businesses to gain an overview of who has access to their accounts, making it even more difficult for large businesses with multiple account managers. And that’s not going to change until organisations begin adopting platforms that allow for the complete management of all third-party channels. Platforms that are capable of providing an holistic overview for the business, and a single point of entry for all users, where access permissions can be granted or rescinded quickly and easily, as soon as that access is no longer required.

The question of legacy access and accountability

When digital access is abused in any way, fingers are always pointed and the question of accountability raises its head. Because it’s never just the ostensible perpetrator responsible – it’s the person who should have prevented the legacy access from continuing. On the surface level, that could be the line manager in charge of that particular account, or their manager for failing to initiate the correct off-boarding processes. But there’s also an argument that many instances of technical failure should ultimately be the responsibility of the Chief Technical Officer – because unless the tools and the operational practices are in place for employees to use, mistakes will always be made.

Access permissions for third party and SaaS platform management are rarely considered to be as important as other cyber threats. But in the right set of circumstances, they can be almost as damaging, leading to loss and impacting customer trust. So, it’s time for financial organisations to take the threat more seriously, and to begin to implement processes to ensure that poor legacy access management isn’t the reason for a spike in brand awareness.

About the Author:

Justin Jon Thorne, co-founder of Hydra, an innovative SaaS platform providing agencies, brands and digital teams effortless monitoring and management of access to external channels. Providing a single access point to – and a complete overview of all access permissions across – the major social channels, analytics platforms, and ad accounts including Google, Meta and LinkedIn – enabling complete monitoring of contemporary and legacy access.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post