leveraging security to develop new digital banking models
TRANSCRIPT
Leveraging security to developnew digital banking models
Luis Saiz
Head of Innovation in Security
BBVA IT Team-Digital Banking
Information Security FS 2014Leveraging security to develop new digital banking models
2
Leveraging security to developnew digital banking models
Bank’s Key Success Factors
IT Risk, Fraud and Security role
Digital Bank: A new paradigm
Opportunities and Strategies: security as part of the business
Information Security FS 2014Leveraging security to develop new digital banking models
3
BBVA Highlights
Information Security FS 2014Leveraging security to develop new digital banking models
4
Leveraging security to developnew digital banking models
Bank’s Key Success Factors
Identity & Cloud - First Steps
Digital Bank: A new paradigm
Opportunities and Strategies: security as part of the business
Information Security FS 2014Leveraging security to develop new digital banking models
5
Bank’s Key Success Factors
Accounting
Information Security FS 2014Leveraging security to develop new digital banking models
6Accounting
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
7Accounting
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
8Accounting
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
9Risk Management
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
10Risk Management
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
11Risk Management
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
12Risk Management
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
13Risk Management
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
14Risk Management
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
15Risk Management
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
16Identity Management
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
17Identity Management
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
18Identity Management
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
19
All 3 are regulated:
Accounting: Account Auditing
Risk Management: Risk Supervision
Identity Management: Authenticity (KYC, ML)
Bank’s Key Success Factors
Information Security FS 2014Leveraging security to develop new digital banking models
20
Leveraging security to developnew digital banking models
Bank’s Key Success Factors
IT Risk, Fraud & Security role
Digital Bank: A new paradigm
Opportunities and Strategies: security as part of the business
Information Security FS 2014Leveraging security to develop new digital banking models
21
Give me a Point of Support….
…. and I will move the world
Information Security FS 2014Leveraging security to develop new digital banking models
22
…But also some Power:
Organization and Expertise
IT Risk, Fraud & Security
Risk Analysis Methodologies
Fraud Experience
Security Development Team
Give me a Point of Support….
Information Security FS 2014Leveraging security to develop new digital banking models
23
Leveraging security to developnew digital banking models
Bank’s Key Success Factors
IT Risk, Fraud and Security role
Digital Bank: A new paradigm
Opportunities and Strategies: security as part of the business
Information Security FS 2014Leveraging security to develop new digital banking models
24
Nexus of Forces
Information Security FS 2014Leveraging security to develop new digital banking models
25
Nexus of Forces
Security
Information Security FS 2014Leveraging security to develop new digital banking models
26
Nexus of Forces
Customer
Information Security FS 2014Leveraging security to develop new digital banking models
27
Digital Bank: A new paradigm
Customer
Digital banking will no longer be offer but
demand driven
Information Security FS 2014Leveraging security to develop new digital banking models
28
Digital Bank: A new paradigm
Customer
Digital banking will no longer be offer but
demand driven
And the first demand is amazing UX
Information Security FS 2014Leveraging security to develop new digital banking models
29
Digital Bank: A new paradigm
Customer
Digital banking will no longer be offer but
demand driven
And the first demand is amazing UX
How is your security processes UX?
Information Security FS 2014Leveraging security to develop new digital banking models
30
Digital Bank: A new paradigm
Customer
Digital banking will no longer be offer but
demand driven
Second demand is velocity
Information Security FS 2014Leveraging security to develop new digital banking models
31
Digital Bank: A new paradigm
Customer
Digital banking will no longer be offer but
demand driven
It’s your IT Risk, Fraud & Security ready to run?
Second demand is velocity
Information Security FS 2014Leveraging security to develop new digital banking models
32
Digital Bank: A new paradigm
Customer
Digital banking security must meet all
customer’s risk and privacy profiles
Information Security FS 2014Leveraging security to develop new digital banking models
33
Digital Bank: A new paradigm
Customer
Digital banking security must meet all
customer’s risk and privacy profiles
Paranoid Promiscuous
Information Security FS 2014Leveraging security to develop new digital banking models
34
Digital Bank: A new paradigm
IT it’s suffering a silent Tsunami
Information Security FS 2014Leveraging security to develop new digital banking models
35
Digital Bank: A new paradigm
Information Security FS 2014Leveraging security to develop new digital banking models
36
Digital Bank: A new paradigm
Information Security FS 2014Leveraging security to develop new digital banking models
37
Digital Bank: A new paradigm
» DevOps » SDx: CPU/Storage/Network » Continuous Flows: • Integration • Delivery • Deployment
Information Security FS 2014Leveraging security to develop new digital banking models
38
Leveraging security to developnew digital banking models
Bank’s Key Success Factors
IT Risk, Fraud and Security role
Digital Bank: A new paradigm
Opportunities and Strategies: security as part of the business
Information Security FS 2014Leveraging security to develop new digital banking models
39
ISACA: It May Be Riskier to Ignore Big Data Than Implement It
Cloud as a Strategy
http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/It-May-Be-Riskier-to-Ignore-Big-Data-Than-Implement-It.aspx
Information Security FS 2014Leveraging security to develop new digital banking models
40
ISACA: Big Data Than Implement
Cloud as a Strategy
It May Be Riskier to Ignore Cloud Than Implement It
Information Security FS 2014Leveraging security to develop new digital banking models
41
Commitment: CEO leadingMoreover, a whole new league of competitors is emerging, mostly but not exclusively from the online world. These new players are free of legacies, the structures inherited by the banks: obsolete and inefficient IT systems and costly physical distribution networks.
And What Is It That Customers Want? First, they want a quick, sensibly priced real-time service under transparent terms and conditions, tailored to their own conditions and needs. […]
To compete in the twenty-first-century banking industry, we need a completely different platform concept developed from scratch under the aegis of far more advanced paradigms than those of 50 years ago, so that the system can integrate vast quantities of data with all possible points and channels of contact with all customers, without any cracks or discontinuities.https://www.bbvaopenmind.com/wp-content/uploads/2014/04/BBVA-OpenMind-book-Change-19-key-essays-on-how-internet-is-changing-our-lives-Technology-Internet-Innovation.pdf
Cloud as a Strategy
Information Security FS 2014Leveraging security to develop new digital banking models
42
Commitment: CEO leadingMoreover, exclusively from the online world. These the structures inherited by the banks: obsolete and inefficient IT systems and costly physical distribution networks.
And priced real-timetheir own conditions and needs.
To compete in the twenty-first-century banking industry, we need a completely different platform concept developed from scratch under the aegis of far more advanced paradigms than those of 50 years agocan integrate vast quantities of data with all possible points and channels of contact with all customers, https://www.bbvaopenmind.com/wp-content/uploads/2014/04/BBVA-OpenMind-book-Change-19-key-essays-on-how-internet-is-changing-our-lives-Technology-Internet-Innovation.pdf
Cloud as a Strategy
1st Bank Web Scale?
Liberty Project
Mainframe
Demand
Read (>90%) Read/Write
Cheaper and infinity-scalable read-only services
Demand
Cloudable service
Mainframe
Read Read/Write
Cache update
Cloud as a Strategy
Information Security FS 2014Leveraging security to develop new digital banking models
44
Business & IT alignment
Cloud as a Strategy
Elastic
Distributed
Stateless
Information Security FS 2014Leveraging security to develop new digital banking models
45
Business & IT alignment
Cloud as a Strategy
StatelessComplex
ABAC+ =
Information Security FS 2014Leveraging security to develop new digital banking models
46
Cloud as a Strategy
Risk & Compliance Controls
Risk
Compliance
Legacy Systems
Efficiency achieved if IT Risk & Fraud are under the same Direction
Information Security FS 2014Leveraging security to develop new digital banking models
47
Cloud as a Strategy
Risk & Compliance Controls
Risk
Compliance
Cloud
Misalignment on real risks
Information Security FS 2014Leveraging security to develop new digital banking models
48
Compliance
Proposed model fits corporate needs
Flexibility
BBVA Private Cloud
Hybrid Multi Cloud
BBVA DMZ
Public Cloud
Hosting provider
Automation tools
Cloud as a StrategyBBVA Infrastructure Taxonomy
Information Security FS 2014Leveraging security to develop new digital banking models
49
Public
Proposed model fits corporate needs, compliance & risk
Multiple CSP
BBVA Private Cloud
Multi Cloud
Amazon
BBVA Private Cloud
Multi DC
Single CSP
Private
Hybrid Multi Cloud
Cloud as a Strategy
Information Security FS 2014Leveraging security to develop new digital banking models
50
GoogleService A
Srv-01 Srv-02 Srv-03
...
Service B
Srv-21 Srv-22 Srv-23
...
Service H Hydra-91
AmazonService A
Srv-11 Srv-12 Srv-13
...
Service C
Srv-31 Srv-32 Srv-33
...
Service H Hydra-92
BBVA@mxService H Hydra-93
Service C
Srv-41 Srv-42 Srv-43
...
· · · ∞
Need Service A
Use Srv-13
Multi cloud brokering Client-side balancing
Sync
StatusStatus
1 2
3
Cloud as a StrategyHydra at a glance
Information Security FS 2014Leveraging security to develop new digital banking models
51
Open issues
Cloud as a Strategy
Software Defined Security
ACID Distributed Databases
Agile/DevOps & Security
Information Security FS 2014Leveraging security to develop new digital banking models
52
Risk gaps: Business vs. Security
Security as part of the Business
Biz
“No”
Sec
Old world
Information Security FS 2014Leveraging security to develop new digital banking models
53
Security as part of the Business
Risk gaps: Business vs. Security
Biz
“No”
SecBiz=Sec
“Ideal” worldOld world
Business Alignment
Information Security FS 2014Leveraging security to develop new digital banking models
54
Risk gaps: Business vs. Security
Security as part of the Business
Today’s real world
“No”zoneAlignement
BizSec
NewBiz
Information Security FS 2014Leveraging security to develop new digital banking models
55
Risk gaps: Business vs. Security
Security as part of the Business
“No”zoneAlignement
BizSec
NewBiz
IdMaaS
Federation
Social ID
Risk BasedAuthN
HCE One clickpurchase
Mobile 2FARemote
Onboarding Cloud Tokenization
AuthZdelegation
AsyncAuthZ
Information Security FS 2014Leveraging security to develop new digital banking models
56
Security as part of the Business
EXECUTION IS EVERYTHING
THANKSLuis Saiz
@lsaiz
Blog: FUDandparanoia.com (comming soon)
Leveraging security to developnew digital banking models