In an ever-changing and fast-moving technological environment, organisations need to be highly agile to protect their sensitive data, writes Paul Anderson.
We live in an instant world where consumers expect to be able to pay bills and get loans easily on any device, and where the advent of instant bank accounts, balances, and even sharing money with friends via text, has only seen the trend grow.
Because of this, the financial services sector has gone through a multitude of changes as the demand for more access and instant transactions has grown.
But, often hampered by legacy structures, many financial institutions have found this to be a difficult transition. Many banks still rely on legacy IT infrastructure, such as mainframe and dedicated datacentres, and are hindered by strict regulatory standards that make it difficult and risky to open up their networks.
How can financial services keep up with changing consumer demands?
Agility for agile lives
Agility begets agility. And no organisations are better suited to the task than fintechs. Born out of a tech and user-experience-first background, fintechs were made not only to disrupt, but also to constantly adapt to a changing landscape.
So this transition has been brought on and supported by an explosion in fintech companies and solutions that have had an immense disruptive impact.
Through the use of both IoT-connected devices and APIs [application programming interfaces], fintechs have been able to revolutionise how people interact with their money and their banks.
This has left them innovating at a rapid speed – new products, updates, and collaborative apps are being sent out at a faster pace than before.
Open banking was an example of this. Allowing third parties to access customer data, meant the users would be able to ‘plug and play’ with multiple businesses all in one app.
But, on the other hand, this new fast-paced banking has left regulatory bodies reeling, and struggling to keep up with the changes.
Security for the ages
As fintech becomes more ingrained in consumers’ everyday lives, security measures need to be updated and integrated into new models of banking. Accessing, storing, and securing sensitive personal data that cyber criminals want is a growing challenge.
Regulation will follow, eventually, and soon enough will become stricter and harsher in a bid to keep consumer data safe. The prime example is the EU General Data Protection Regulation (GDPR), which saw a major crackdown in how we access, share, and use personal data when it was launched last year. Companies were now more liable than ever if there was any mishandling or mismanagement of consumer data.
But what about security? Effective digital innovation also makes ample use of cloud computing and storage. Many fintech firms utilise cloud services to provide consistent, scalable performance with lower upfront costs. However, a new way of working requires a new way of securing information.
The cloud needs to be secured differently than a traditional network or data centre. As a result, if financial data is going to be stored in the cloud, banks and fintechs must ensure that the same security standards they apply to their own networks are applied in the cloud.
Beyond just adaption and prevention, though, any security measures need to be agile enough to grow seamlessly alongside cloud use. But these types of defences also need to be enabled with automated threat intelligence built into them as a holistic system.
As security devices monitor the network, they naturally collect data on at-risk devices, known attacks, common attack trends and more. To be effective, this information needs to be dynamically shared and correlated across all security instances.
As banks and fintech firms enter into partnerships, it will be impossible for IT teams to manually gather and assess all of this threat intelligence in a manner that allows them to respond to risk in a timely or meaningful manner.
Cybercriminals are already leveraging automation to make attacks more effective and persistent. Likewise, machine learning and automation integrated into network security tools enable the detection and prevention of attacks in real time, allowing organisations to keep pace with cybercriminals.
No man – or financial institution – is an island. Moving forward, for the good of the industry and the consumers, established financial institutions and new fintech firms will need to collaborate in order to continue driving innovation and meeting consumer needs while simultaneously satisfying new regulatory requirements. The success of each set of organisations is dependent on the other.
For established firms, these partnerships will allow for faster innovation to keep pace with consumer demands, while the value for smaller fintech firms will come from the revenue, scale and credibility banks provide.
For example, Fortinet collaborated with Scottish fintechs, which understand the need for updated security measures, to ensure their customers’ data is safe every step of the way.
But big banks are concerned with the cybersecurity – or the lack of it – of many fintechs. This is, in part, because younger fintech companies typically have fewer human and capital resources to spend on security, let alone address other regulation requirements. More specifically, these security concerns especially surround application security and cloud use, which are the most important development inflection points that the market is demanding.
This is why banks and fintech organisations should seek to integrate traditionally isolated security solutions together using a common security fabric approach that allows for instant and dynamic communication and collaboration within the security architecture.
This will help ease the worries of established financial firms while plugging any security holes the fintechs might have.
Big banks and fintechs each require elements the other can provide in order to successfully meet growing consumer demands for greater access to and management of their finances.
But cybersecurity demands need to be met in order to ensure this is a smooth and safe collaboration. Partnering with cybersecurity specialists can ensure the safety of consumer and company data alike.
As these two sides of the financial services space increasingly partner up, then, cybersecurity – especially application security, cloud security and automation – will have to become top concerns in order to maintain data protection and meet compliance requirements.
• Paul Anderson is Regional Director UKI for Fortinet.