Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:30 PM
Jonathan Gossels, President, SystemExperts Dick Mackey VP, Consulting, SystemExperts
Jonathan Gossels, President, SystemExperts Dick Mackey VP, Consulting, SystemExperts
Connect Directly

System Experts: Security Management Goes Front Stage in 2007

Regulation and privacy-conscious consumers up the security ante for banks.

Perhaps nowhere in the banking technology space is change occurring more rapidly than in the area of information security. Several overarching trends will shape the landscape in 2007.

Identity and Access Management

Identity and access management (IAM) is becoming increasingly important, particularly within the banking industry because of regulatory compliance requirements. Sarbanes-Oxley has led many organizations to deploy IAM to allow better accountability and control over their financial systems. They also have looked to these solutions to centralize management and reporting, and provide more-consistent access control to systems and applications across the enterprise.

Security Comes Out of the Shadows

No longer are product managers of online banking services concerned that raising security as an issue will dampen acceptance of the electronic channel. An increasingly security-aware user community, highly publicized incidents of disclosure of personal information and regulatory pressure have combined to catalyze a fundamental change -- users are comforted by well-integrated security measures.

Standards-Based Security Assessments

Today, many organizations are interested in demonstrating due diligence in the security realm. Instead of one-time exhaustive testing, they embrace ongoing, periodic independent assessments and audits that are standards-based.

FFIEC Guidance

Though the deadline for substantial compliance was Dec. 31, 2006, the banking industry will continue to deal with the ripples of the FFIEC's guidance throughout 2007. Fortunately, the FFIEC's guidance allows each bank to ground its authentication decisions within its own overall information security framework and allows the selection of authentication methods to vary with relevant business risk. The guidance also addresses the importance of customer security awareness -- many banks still have a long way to go in rolling out customer security awareness programs.

Stricter Management of Service Providers

FFIEC regulations and other security guidelines spell out the need for understanding and taking responsibility for the security practices of service providers with access to customer data. Banks must have a program in place to assess the risk of compromise of the information provided to their service providers, evaluate the adequacy of their security practices and monitor their performance.

Tech to Watch: SOA

The promise of reduced development costs and faster time to market through code reuse makes deployment of service- oriented architecture (SOA) technology inevitable in the banking industry. Securing SOA environments is going to be a long-term challenge, and it is important to create a governance structure up front. There are big issues that need to be resolved, including data confidentiality when data is communicated among services and stored within a service, how services authenticate one another, and whether it is important to track various services' changes to transactions as they flow through a system that has no defined beginning or end.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.