April 26, 2011
The imperatives for the development and use of advanced measures for protecting customer interactions have never been clearer, according to a new report from IDC Financial Insights.
The conclusion comes in light of the Epsilon and other recent high-profile breaches within core technologies used to authenticate customers, partners, and employees, and the emergence of social media, mobile, and cloud technologies by consumers and business,.
The new report, Best Practices: Multifactor Authentication in Banking: The Evolving Landscape, suggests that now, more than at any time in the past, firms must understand that while no single authentication technique can completely eliminate threats to electronic identities, multiple factors and multiple layers of security are basic requirements for protecting both banks and customers.
“As fraudulent tactics evolve, new techniques develop, and regulatory regimes change, the industry must look for the best combination of risk management, convenience, and cost to protect both the financial institution and its clients,” said Michael Versace, research director, IDC Financial Insights. “In addition, IT must plan for ways to effectively extend and support identity and access management policies and infrastructures beyond the data center and stay in step with the emerging trends driven by the increase in sophistication and numbers of identities in the cloud.”
Traditionally, financial institutions have been early adopters of identity and access management technologies. However, indications of potential updated guidelines from bank regulators, coupled with the evolving global risk landscape, the weakening of existing authentication methods and the advent of new technologies, will require increased investment and modernization of identity infrastructure. As such, financial institutions will need to more closely examine current practices today and prepare for a future where tighter controls are the norm. To harden security and minimize the threat of risks in the near term, IDC Financial Insights believes business line executives, product managers, chief risk officers, and their IT counterparts must:
• Stay abreast of evolving operational risks associated with identity management systems used for banking products, services, and facilities.
• Provide accurate and timely information on evolving risks to customers, employees and partners due to cyber attacks and other threats that impact identity management techniques.
• Continually assess technologies and controls used to mitigate identity and authentication risks.
• Ensure that management and customers are educated regarding their customer protection responsibilities in regard to user IDs, passwords, tokens, and other user authentication controls.
• Maintain continuity plans for failures in identity and authentication technologies and processes, whether at the financial institution or caused by failures in controls from third party providers.
Impact of cloud computing
The move to cloud computing and the expansion of new media and mobile technologies underscores the critical need for greater security and strategies to support identity and access management obligations. According to recent IDC Financial Insights studies, CTOs, CIOs, and business executives now fully understand that virtualization and cloud computing represent the single-most-important redesign of the information infrastructure in the history of computing. However, the long-term impact of this redesign is not yet completely understood. IDC Financial Insights believes the impact of this trend will be seen over the next decade as these innovations will deliver almost everything IT as a service. During this transformation, the solutions for identity and access management will be re-architected, re-integrated, and delivered as a set of risk-aware services to customers, employees, and partners, enabling greater connectivity and collaboration, and a more seamless user experience.
“Cloud is a new frontier for identity management, and business managers, regulators, and CIOs alike have a lot to consider as identity continues to move beyond the enterprise,” said Versace. “New approaches, practices, and technologies—which today include long lists of siloed identities, passwords, tokens, and other techniques with little interoperability—need to be considered as business users demand more cost effective solutions and customers look to simplify their lives online. In addition, as identity management is a service in and of itself, organizations will look for ways to broker these services in a risk aware, trusted, and reliable way across financial services and with business partners.”
For more information: