Access Control in the IT Landscape – Banks caught between the devil and the deep sea?

Access Control in the IT Landscape – Banks caught between the devil and the deep sea?

4 min read

If you’re in the financial services industry or someone following the BFSI segment, by now, you’ve been bombarded with stories about breaches, cybersecurity failures, incidents, data leaks, and the like. Not to mention the millions and billions paid out by BFSI companies to regulators as penalties and settlements.

While the risks persist and are on the rise, the outlook for banks isn’t all bleak.  Banks do need robust solutions to avoid such breaches, leaks, and penalties, but the technologies available today are quite up to the task. The bigger challenge, here, however, is the one of ensuring superior customer experiences across the value chain while also keeping costs down. Again, from an IT standpoint, this means using a variety of means to reduce costs and improve support coverage, as the IT landscape supports the impetus for growth in this digital world. 

The challenges at hand for banks

 

Digital transformation has necessitated banks to become more agile, and the Open Banking requirements have furthered the need to open up the banks’ core systems to third parties. From an IT perspective, for banks this means balancing security with ease of access. As remote and hybrid work increases, the use of Bring Your Own Device (BYOD), Corporate-Owned Personally Enabled (COPE), and similar models have mushroomed across the landscape, adding to the already complex IT support organization. Furthermore, as we have seen, the IT Services organizations of banks need more stringent standards to be followed for effective control, auditability, and, most importantly, safeguarding against potential breaches.

  • The use of standard passwords: As counterintuitive and against the run of play it seems, IT teams regularly use standard credentials across systems, making it a soft target. Today’s sophisticated hacking, phishing, and social engineering attempts make standard credentials especially vulnerable to attack and breach. Additionally, when these standard credentials are reused across the landscape if one system gets compromised, many others are immediately at risk.  
  • Sharing of passwords: The second biggest challenge is hybrid and remote work combined with part-time and gig workers in the IT Organization. With an increasing number of employees and consultants working remotely, the risks caused by shared passwords and credentials have exponentially increased. The biggest problem for banks lies in the fact that a majority of the risks can be caused by people with the most noble of intentions, trying to resolve issues quickly, attempting to reduce downtime, and helping each other solve complex problems. 
  • Enterprise mobility at the workplace: While standard credentials and password sharing are risks by themselves, mobility solutions in the banking organization can add to this complexity by making it extremely difficult to enable access to authorized users, while protecting the perimeter of the banking system, while also maintaining an appropriate auditable trail of access and logs.  

From the CIO’s perspective, the risk is still a risk, despite the good intentions. That said, a simple solution that cuts across the IT organization can help mitigate these risks and reduce the possibility of exposure of credentials or core systems to unauthorized persons. Enter 360-degree access control.

Simplifying the solution for 360-degree access to Banking IT Systems 

The solution to these challenges is three-pronged, as is the problem. Firstly, the issue of standard credentials can be resolved with an appropriate multi-factor authentication (MFA) solution that provides additional credentials each time the systems are accessed. Secondly, the issue of sharing passwords can be arrested by tying credentials to specific devices so unauthorized devices can be denied access even while supporting personal devices in a BYOD or COPE model.

Lastly, and most importantly, the need for enterprise mobility can be addressed quite effectively with a Zero-Trust Network Architecture that takes the least-privileged approach to each connection while enforcing authentication and multi-factor authentication for each additional layer of the system accessed.

Multi-Factor Authentication 

When you talk about multi-factor authentication, there are a few considerations beforehand. Firstly, the solution needs to be compatible with the different devices that are in the ecosystem, which in turn reduces implementation costs and adoption challenges. Secondly, the solution needs to integrate with the existing directory services or other role and persona-based access control systems to maintain a consistent user experience while enforcing robust authentication. Lastly, the solution also needs to consider the compliance requirements.

A biometric MFA system does ring a bell. But one that can work with the different products banks are currently using, such as IDEMIA, and is compatible with tool providers like Morphos, BioEnable, Mantra, Secugen, Tatwik, and WinBio. Additionally, the biometric authentication system also needs to support legacy systems. This is essential, as the BFSI sector, partly because of the regulatory stranglehold and partly because of the always-on nature of the systems, has a significant legacy system presence and technical debt.

Lastly, the biometric system needs to integrate well with the existing landscape and also provide workarounds for existing tools that don’t support API integrations or industry-standard authentication protocols, such as SAML, LDAP, and Active Directory, to name a few.

Benefits of biometric MFA 

One of the first and most important benefits of biometric authentication, in addition to credentials, is the fact that the fingerprint, face, or retinal scan reader is tied to the device itself. It prevents credential sharing and, more importantly, reduces the risk of exposed credentials being misused.

The second advantage is how biometric authentication enables, supports, and, in a manner of speaking, promotes mobility. So long as the biometric reader is recognized and tied to the device, authorized users can access the systems, whether from their personal mobile phone, tablet, or any other personal device. This option also significantly reduces the total cost of ownership of the landscape as part-time, remote, and gig workers need not necessarily, as is the case in many current systems, be provided company-owned devices to access the IT systems.

HyID and BioAuth – Solutions for 360-degree access 

The Accops HyID suite of products is designed specifically for the Banking and Financial Services sector, where security is paramount and regulatory compliance is challenging, to say the least. HyID’s specifications almost completely encompass the challenge and solution description illustrated above, providing a secure Zero-Trust Network Architecture while supporting biometric authentication, integration with banks’ directory services, and also providing a secure tunnel for VPN access to the banks' IT systems. All the benefits of MFA are realized by Accops HyID while also providing a low-cost, zero-vendor-lock-in, flexible system that unites network segmentation with layered authentication to enable least-privilege 360-degree access across the IT landscape for banks and financial services organizations.

To know more about HyID and BioAuth, write to us at contact@accops.com today.