Leveraging security to develop new digital banking models

Leveraging security to developnew digital banking models

Luis Saiz

Head of Innovation in Security

BBVA IT Team-Digital Banking

Information Security FS 2014Leveraging security to develop new digital banking models

2


Bank’s Key Success Factors

IT Risk, Fraud and Security role

Digital Bank: A new paradigm

Opportunities and Strategies: security as part of the business


3

BBVA Highlights


4



Identity & Cloud - First Steps




5


Accounting


6Accounting



7Accounting



8Accounting



9Risk Management



10Risk Management



11Risk Management



12Risk Management



13Risk Management



14Risk Management



15Risk Management



16Identity Management



19

All 3 are regulated:

Accounting: Account Auditing

Risk Management: Risk Supervision

Identity Management: Authenticity (KYC, ML)



20



IT Risk, Fraud & Security role




21

Give me a Point of Support….

…. and I will move the world


22

…But also some Power:

Organization and Expertise

IT Risk, Fraud & Security

Risk Analysis Methodologies

Fraud Experience

Security Development Team

Give me a Point of Support….


23







24

Nexus of Forces


25

Nexus of Forces

Security


26

Nexus of Forces

Customer


27


Customer

Digital banking will no longer be offer but

demand driven


28


Customer


demand driven

And the first demand is amazing UX


29


Customer


demand driven

And the first demand is amazing UX

How is your security processes UX?


30


Customer


demand driven

Second demand is velocity


31


Customer


demand driven

It’s your IT Risk, Fraud & Security ready to run?

Second demand is velocity


32


Customer

Digital banking security must meet all

customer’s risk and privacy profiles


33


Customer

Digital banking security must meet all

customer’s risk and privacy profiles

Paranoid Promiscuous


34


IT it’s suffering a silent Tsunami


35



36



37


» DevOps » SDx: CPU/Storage/Network » Continuous Flows: • Integration • Delivery • Deployment


38







39

ISACA: It May Be Riskier to Ignore Big Data Than Implement It

Cloud as a Strategy

http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/It-May-Be-Riskier-to-Ignore-Big-Data-Than-Implement-It.aspx

http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/It-May-Be-Riskier-to-Ignore-Big-Data-Than-Implement-It.aspx


40

ISACA: Big Data Than Implement

Cloud as a Strategy

It May Be Riskier to Ignore Cloud Than Implement It


41

Commitment: CEO leadingMoreover, a whole new league of competitors is emerging, mostly but not exclusively from the online world. These new players are free of legacies, the structures inherited by the banks: obsolete and inefficient IT systems and costly physical distribution networks.

And What Is It That Customers Want? First, they want a quick, sensibly priced real-time service under transparent terms and conditions, tailored to their own conditions and needs. […]

To compete in the twenty-first-century banking industry, we need a completely different platform concept developed from scratch under the aegis of far more advanced paradigms than those of 50 years ago, so that the system can integrate vast quantities of data with all possible points and channels of contact with all customers, without any cracks or discontinuities.https://www.bbvaopenmind.com/wp-content/uploads/2014/04/BBVA-OpenMind-book-Change-19-key-essays-on-how-internet-is-changing-our-lives-Technology-Internet-Innovation.pdf

Cloud as a Strategy

https://www.bbvaopenmind.com/wp-content/uploads/2014/04/BBVA-OpenMind-book-Change-19-key-essays-on-how-internet-is-changing-our-lives-Technology-Internet-Innovation.pdf


42

Commitment: CEO leadingMoreover, exclusively from the online world. These the structures inherited by the banks: obsolete and inefficient IT systems and costly physical distribution networks.

And priced real-timetheir own conditions and needs.

To compete in the twenty-first-century banking industry, we need a completely different platform concept developed from scratch under the aegis of far more advanced paradigms than those of 50 years agocan integrate vast quantities of data with all possible points and channels of contact with all customers, https://www.bbvaopenmind.com/wp-content/uploads/2014/04/BBVA-OpenMind-book-Change-19-key-essays-on-how-internet-is-changing-our-lives-Technology-Internet-Innovation.pdf

Cloud as a Strategy

1st Bank Web Scale?

https://www.bbvaopenmind.com/wp-content/uploads/2014/04/BBVA-OpenMind-book-Change-19-key-essays-on-how-internet-is-changing-our-lives-Technology-Internet-Innovation.pdf

Liberty Project

Mainframe

Demand

Read (>90%) Read/Write

Cheaper and infinity-scalable read-only services

Demand

Cloudable service

Mainframe

Read Read/Write

Cache update

Cloud as a Strategy


44

Business & IT alignment

Cloud as a Strategy

Elastic

Distributed

Stateless


45

Business & IT alignment

Cloud as a Strategy

StatelessComplex

ABAC+ =


46

Cloud as a Strategy

Risk & Compliance Controls

Risk

Compliance

Legacy Systems

Efficiency achieved if IT Risk & Fraud are under the same Direction


47

Cloud as a Strategy

Risk & Compliance Controls

Risk

Compliance

Cloud

Misalignment on real risks


48

Compliance

Proposed model fits corporate needs

Flexibility

BBVA Private Cloud

Hybrid Multi Cloud

BBVA DMZ

Public Cloud

Hosting provider

Automation tools

Cloud as a StrategyBBVA Infrastructure Taxonomy


49

Public

Proposed model fits corporate needs, compliance & risk

Multiple CSP

BBVA Private Cloud

Multi Cloud

Amazon

BBVA Private Cloud

Multi DC

Single CSP

Private

Hybrid Multi Cloud

Cloud as a Strategy


50

GoogleService A

Srv-01 Srv-02 Srv-03

...

Service B


...

Service H Hydra-91

AmazonService A


...

Service C


...

Service H Hydra-92

BBVA@mxService H Hydra-93

Service C


...

· · · ∞

Need Service A

Use Srv-13

Multi cloud brokering Client-side balancing

Sync

StatusStatus

1 2

3

Cloud as a StrategyHydra at a glance


51

Open issues

Cloud as a Strategy

Software Defined Security

ACID Distributed Databases

Agile/DevOps & Security


52

Risk gaps: Business vs. Security

Security as part of the Business

Biz

“No”

Sec

Old world


53



Biz

“No”

SecBiz=Sec

“Ideal” worldOld world

Business Alignment


54



Today’s real world

“No”zoneAlignement

BizSec

NewBiz


55



“No”zoneAlignement

BizSec

NewBiz

IdMaaS

Federation

Social ID

Risk BasedAuthN

HCE One clickpurchase

Mobile 2FARemote

Onboarding Cloud Tokenization

AuthZdelegation

AsyncAuthZ


56


EXECUTION IS EVERYTHING

THANKSLuis Saiz

[email protected]

@lsaiz

Blog: FUDandparanoia.com (comming soon)


http://fudandparanoia.com

Leveraging security to develop new digital banking models

Technology

Transcript of Leveraging security to develop new digital banking models