Q&A: To secure banking operations, top CEO reveals how
Economists predict the Bank of England could raise borrowing costs from a record 0.1% to 0.25% at a regular policy meeting on Thursday – Copyright AFP / File Niklas HALLE’N
How can the bank be better protected? What measures can help turn the tide on rogue players and bring stability to the world of finance? Are neobanks the most at risk?
To explore these questions, Digital journal spoke with Bill Mann, CEO of Styra.
Digital newspaper: please introduce yourself and your company
Bill Mann: My name is Bill Mann and I am the CEO of Styra. We are the founders of Open Policy Agent (OPA) and the leaders in cloud native authorization. We built Styra Declarative Authorization Service (DAS) as a management plan for OPA to provide cloud and DevOps teams with a unified authorization platform to mitigate risk, reduce human error, and accelerate the development of their own. platform.
DJ: Why are consumers paying more and more attention to bank security measures?
Mann: Bank security measures are receiving increased attention as consumers have more information than ever before. These consumers are more educated and more aware of the pitfalls and risks associated with digital tools and services. Plus, privacy is a priority for everyone around the world than it was before. Consumers want to know how their information is used and protected by all the organizations with which they interact.
DJ: Is this increase in concerns based solely on neobanks or are there concerns about legacy banks as well?
Mann: Consumers trusted banks more when doing business in person. Now, with neobanks and the online services of traditional banks, consumers are more careful. With everything online, consumers are wondering how much they should trust these banks. They know there is more room for breaches and for information to be compromised or shared with another entity. The more the bank looks like the Internet, the more careful consumers will be. These consumers have seen other Internet services fall victim to hackers and breaches so that they know what malicious actors are capable of.
DJ: Is there a growing need for authorization? Why?
Mann: Yes, there is certainly a growing need for authorization. Banks are complex software vendors with many components and they are currently undergoing major modernization due to the increasing use of cloud and mobile services. For this reason, banks, like all other industries, have spent time on authentication. While this adds a level of security when users sign in to accounts, permission adds an extra layer and determines which users and departments have access to certain information and tasks.
Currently, banks are at the forefront of resolving authorization issues on the back-end of their applications. We’ve seen a lot of talk around rights management, which is a use case for authorization. It determines what a service can do and why as well as what a service or user is entitled to.
These are big discussions within the banks because they have solved these problems with proprietary systems and now they are trying to solve them in the modern stack, which is very complex and has a diverse set of technologies. Because it’s more complicated with hundreds of components and millions of decisions within applications, banks need authorization to improve security and compliance while providing a best-in-class user experience.
DJ: Why is it important for banks to strengthen security?
Mann: It is important for banks to increase security because today’s consumer can switch banks more easily. If a customer doesn’t trust their current bank, they’ll switch to a bank they trust more.
We’ve seen this with younger generations migrating to new social media sites based on their preferences. Because these young generations are looking for a banking experience adapted to their desires and their needs, banks must market new modern features while guaranteeing first-rate security.
DJ: How can banks boost consumer confidence? Why is it important for banks to build consumer confidence?
Mann: To build consumer confidence, banks need to be at the forefront in their communication around security as well as when there are incidents in their organizations. We know that consumers are looking for banks that are transparent when it comes to security. Banks therefore need to share how they handle privacy in layman’s terms and build security into their offerings. By creating secure products and communicating services to consumers along the way to show they are secure, such as when transferring money in a mobile app, consumers will trust these banks more.
It is important that banks build this consumer confidence, because if they don’t, customers will no longer be loyal to them and will move their money elsewhere.
DJ: How does Open Policy Agent help banks ensure security compliance and regulation?
Mann: Open Policy Agent helps banks maintain security compliance and regulation by providing basic functionality to decouple the authorization and policy from the system that needs authorization. Removing policy decision services from the application and having a dedicated service that can provide policy information and centralize it brings multiple benefits to an organization.
The first advantage is that setting policies can be left to a smaller part of the organization, which is more aligned with compliance and regulation rather than leaving the organization’s developers to set these policies.
The second advantage is that in applications there are a lot of political decisions. These app developers know their app and service, but they don’t always know about security. Thus, decoupling allows the application developer and platform engineers to delegate decision and policy to the organization’s security and compliance teams. This decoupling is the fundamental reason why Styra and OPA can help banks.
For example, in the past, application developers were responsible for authentication. They would have to write code to accept the authentication information, then compare that information to that stored in a database. Authentication providers have removed this burden on app developers with prebuilt SDKs and screens to streamline the process of adding authentication to their apps.
After authentication comes authorization. As an app developer, you will need to determine if the specific user can see the wire transfer or if they are allowed to create a foreign wire transfer. All of this logic had to be done by the developer. To streamline the process in the new world, the developer would call a service and ask if the specific user is allowed to set up a wire transfer with a foreign bank. The service would take the information and say yes or no. The developer would respond based on the response. It is decoupling that is necessary, especially as new compliance regulations are put in place.
DJ: What do you think the future holds for you? One last thought?
Mann: In the near future, banks will have a center of excellence to define policy across applications, which will be separate from the developer teams. This will accelerate application innovation because developers will not be held back by authorization and entitlement decisions. The banking industry has already learned a lot when it comes to creating the next generation of applications focused on security and the use of common services. Authorization is just the next logical step.