Leveraging security to develop new digital banking models
1. Leveraging security to develop
new digital banking models
Luis Saiz
Head of Innovation in Security
BBVA IT Team-Digital Banking
2. Information Security FS 2014
Leveraging security to develop new digital banking models
2
Leveraging security to develop
new digital banking models
Bank’s Key Success Factors
IT Risk, Fraud and Security role
Digital Bank: A new paradigm
Opportunities and Strategies:
security as part of the business
3. Information Security FS 2014
Leveraging security to develop new digital banking models
3
BBVA Highlights
4. Information Security FS 2014
Leveraging security to develop new digital banking models
4
Leveraging security to develop
new digital banking models
Bank’s Key Success Factors
Identity & Cloud - First Steps
Digital Bank: A new paradigm
Opportunities and Strategies:
security as part of the business
5. Information Security FS 2014
Leveraging security to develop new digital banking models
5
Bank’s Key Success Factors
Accounting
6. Information Security FS 2014
Leveraging security to develop new digital banking models
6
Accounting
Bank’s Key Success Factors
7. Information Security FS 2014
Leveraging security to develop new digital banking models
7
Accounting
Bank’s Key Success Factors
8. Information Security FS 2014
Leveraging security to develop new digital banking models
8
Accounting
Bank’s Key Success Factors
9. Information Security FS 2014
Leveraging security to develop new digital banking models
9
Risk Management
Bank’s Key Success Factors
10. Information Security FS 2014
Leveraging security to develop new digital banking models
10
Risk Management
Bank’s Key Success Factors
11. Information Security FS 2014
Leveraging security to develop new digital banking models
11
Risk Management
Bank’s Key Success Factors
12. Information Security FS 2014
Leveraging security to develop new digital banking models
12
Risk Management
Bank’s Key Success Factors
13. Information Security FS 2014
Leveraging security to develop new digital banking models
13
Risk Management
Bank’s Key Success Factors
14. Information Security FS 2014
Leveraging security to develop new digital banking models
14
Risk Management
Bank’s Key Success Factors
15. Information Security FS 2014
Leveraging security to develop new digital banking models
15
Risk Management
Bank’s Key Success Factors
16. Information Security FS 2014
Leveraging security to develop new digital banking models
16
Identity Management
Bank’s Key Success Factors
17. Information Security FS 2014
Leveraging security to develop new digital banking models
17
Identity Management
Bank’s Key Success Factors
18. Information Security FS 2014
Leveraging security to develop new digital banking models
18
Identity Management
Bank’s Key Success Factors
19. Information Security FS 2014
Leveraging security to develop new digital banking models
19
All 3 are regulated:
Accounting: Account Auditing
Risk Management: Risk Supervision
Identity Management: Authenticity (KYC, ML)
Bank’s Key Success Factors
20. Information Security FS 2014
Leveraging security to develop new digital banking models
20
Leveraging security to develop
new digital banking models
Bank’s Key Success Factors
IT Risk, Fraud & Security role
Digital Bank: A new paradigm
Opportunities and Strategies:
security as part of the business
21. Information Security FS 2014
Leveraging security to develop new digital banking models
21
Give me a Point of Support….
…. and I will move the world
22. Information Security FS 2014
Leveraging security to develop new digital banking models
22
…But also some Power:
Organization and Expertise
IT Risk, Fraud & Security
Risk Analysis Methodologies
Fraud Experience
Security Development Team
Give me a Point of Support….
23. Information Security FS 2014
Leveraging security to develop new digital banking models
23
Leveraging security to develop
new digital banking models
Bank’s Key Success Factors
IT Risk, Fraud and Security role
Digital Bank: A new paradigm
Opportunities and Strategies:
security as part of the business
24. Information Security FS 2014
Leveraging security to develop new digital banking models
24
Nexus of Forces
25. Information Security FS 2014
Leveraging security to develop new digital banking models
25
Nexus of Forces
Security
26. Information Security FS 2014
Leveraging security to develop new digital banking models
26
Nexus of Forces
Customer
27. Information Security FS 2014
Leveraging security to develop new digital banking models
27
Digital Bank: A new paradigm
Customer
Digital banking will no
longer be offer but
demand driven
28. Information Security FS 2014
Leveraging security to develop new digital banking models
28
Digital Bank: A new paradigm
Customer
Digital banking will no
longer be offer but
demand driven
And the first demand is amazing UX
29. Information Security FS 2014
Leveraging security to develop new digital banking models
29
Digital Bank: A new paradigm
Customer
Digital banking will no
longer be offer but
demand driven
And the first demand is amazing UX
How is your security processes UX?
30. Information Security FS 2014
Leveraging security to develop new digital banking models
30
Digital Bank: A new paradigm
Customer
Digital banking will no
longer be offer but
demand driven
Second demand is velocity
31. Information Security FS 2014
Leveraging security to develop new digital banking models
31
Digital Bank: A new paradigm
Customer
Digital banking will no
longer be offer but
demand driven
It’s your IT Risk, Fraud & Security
ready to run?
Second demand is velocity
32. Information Security FS 2014
Leveraging security to develop new digital banking models
32
Digital Bank: A new paradigm
Customer
Digital banking security
must meet all
customer’s risk and
privacy profiles
33. Information Security FS 2014
Leveraging security to develop new digital banking models
33
Digital Bank: A new paradigm
Customer
Digital banking security
must meet all
customer’s risk and
privacy profiles
Paranoid Promiscuous
34. Information Security FS 2014
Leveraging security to develop new digital banking models
34
Digital Bank: A new paradigm
IT it’s suffering a silent Tsunami
35. Information Security FS 2014
Leveraging security to develop new digital banking models
35
Digital Bank: A new paradigm
36. Information Security FS 2014
Leveraging security to develop new digital banking models
36
Digital Bank: A new paradigm
37. Information Security FS 2014
Leveraging security to develop new digital banking models
37
Digital Bank: A new paradigm
» DevOps
» SDx: CPU/Storage/Network
» Continuous Flows:
• Integration
• Delivery
• Deployment
38. Information Security FS 2014
Leveraging security to develop new digital banking models
38
Leveraging security to develop
new digital banking models
Bank’s Key Success Factors
IT Risk, Fraud and Security role
Digital Bank: A new paradigm
Opportunities and Strategies:
security as part of the business
39. Information Security FS 2014
Leveraging security to develop new digital banking models
39
ISACA: It May Be Riskier to Ignore
Big Data Than Implement It
Cloud as a Strategy
http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/It-May-Be-Riskier-to-Ignore-Big-Data-Than-Implement-It.aspx
40. Information Security FS 2014
Leveraging security to develop new digital banking models
40
ISACA:
Big Data Than Implement
Cloud as a Strategy
It May Be Riskier to Ignore Cloud
Than Implement It
41. Information Security FS 2014
Leveraging security to develop new digital banking models
41
Commitment: CEO leading
Moreover, a whole new league of competitors is emerging, mostly but not
exclusively from the online world. These new players are free of legacies,
the structures inherited by the banks: obsolete and inefficient IT systems and
costly physical distribution networks.
And What Is It That Customers Want? First, they want a quick, sensibly
priced real-time service under transparent terms and conditions, tailored to
their own conditions and needs. […]
To compete in the twenty-first-century banking industry, we need a completely
different platform concept developed from scratch under the aegis of far
more advanced paradigms than those of 50 years ago, so that the system
can integrate vast quantities of data with all possible points and channels of
contact with all customers, without any cracks or discontinuities.
https://www.bbvaopenmind.com/wp-content/uploads/2014/04/BBVA-OpenMind-book-Change-19-key-essays-on-how-internet-is-changing-our-lives-Technology-Internet-Innovation.pdf
Cloud as a Strategy
42. Information Security FS 2014
Leveraging security to develop new digital banking models
42
Commitment: CEO leading
Moreover,
exclusively from the online world. These
the structures inherited by the banks: obsolete and inefficient IT systems and
costly physical distribution networks.
And
priced real-time
their own conditions and needs.
To compete in the twenty-first-century banking industry, we need a completely
different platform concept developed from scratch under the aegis of far
more advanced paradigms than those of 50 years ago
can integrate vast quantities of data with all possible points and channels of
contact with all customers,
https://www.bbvaopenmind.com/wp-content/uploads/2014/04/BBVA-OpenMind-book-Change-19-key-essays-on-how-internet-is-changing-our-lives-Technology-Internet-Innovation.pdf
Cloud as a Strategy
1st Bank Web Scale?
43. Liberty Project
Mainframe
Demand
Read (>90%) Read/Write
Cheaper and infinity-scalable read-only services
Demand
Cloudable
service
Mainframe
Read Read/Write
Cache update
Cloud as a Strategy
44. Information Security FS 2014
Leveraging security to develop new digital banking models
44
Business & IT alignment
Cloud as a Strategy
Elastic
Distributed
Stateless
45. Information Security FS 2014
Leveraging security to develop new digital banking models
45
Business & IT alignment
Cloud as a Strategy
Stateless
Complex
ABAC
+ =
46. Information Security FS 2014
Leveraging security to develop new digital banking models
46
Cloud as a Strategy
Risk & Compliance Controls
Risk
Compliance
Legacy Systems
Efficiency achieved if IT
Risk & Fraud are under
the same Direction
47. Information Security FS 2014
Leveraging security to develop new digital banking models
47
Cloud as a Strategy
Risk & Compliance Controls
Risk
Compliance
Cloud
Misalignment on real
risks
48. Information Security FS 2014
Leveraging security to develop new digital banking models
48
Compliance
Proposed model fits corporate needs
Flexibility
BBVA
Private
Cloud
Hybrid
Multi
Cloud
BBVA
DMZ
Public
Cloud
Hosting
provider
Automation
tools
Cloud as a Strategy
BBVA Infrastructure Taxonomy
49. Information Security FS 2014
Leveraging security to develop new digital banking models
49
Public
Proposed model fits corporate needs, compliance & risk
Multiple
CSP
BBVA
Private
Cloud
Multi Cloud
Amazon
BBVA
Private Cloud
Multi DC
Single
CSP
Private
Hybrid
Multi Cloud
Cloud as a Strategy
50. Information Security FS 2014
Leveraging security to develop new digital banking models
50
Google
Service A
Srv-01
Srv-02
Srv-03
...
Service B
Srv-21
Srv-22
Srv-23
...
Service H
Hydra-91
Amazon
Service A
Srv-11
Srv-12
Srv-13
...
Service C
Srv-31
Srv-32
Srv-33
...
Service H
Hydra-92
BBVA@mx
Service H
Hydra-93
Service C
Srv-41
Srv-42
Srv-43
...
· · · ∞
Need Service A
Use Srv-13
Multi cloud brokering
Client-side balancing
Sync
StatusStatus
1 2
3
Cloud as a Strategy
Hydra at a glance
51. Information Security FS 2014
Leveraging security to develop new digital banking models
51
Open issues
Cloud as a Strategy
Software Defined Security
ACID Distributed Databases
Agile/DevOps & Security
52. Information Security FS 2014
Leveraging security to develop new digital banking models
52
Risk gaps: Business vs. Security
Security as part of the Business
Biz
“No”
Sec
Old world
53. Information Security FS 2014
Leveraging security to develop new digital banking models
53
Security as part of the Business
Risk gaps: Business vs. Security
Biz
“No”
Sec
Biz=Sec
“Ideal” worldOld world
Business
Alignment
54. Information Security FS 2014
Leveraging security to develop new digital banking models
54
Risk gaps: Business vs. Security
Security as part of the Business
Today’s real world
“No”
zone
Alignement
BizSec
New
Biz
55. Information Security FS 2014
Leveraging security to develop new digital banking models
55
Risk gaps: Business vs. Security
Security as part of the Business
“No”
zone
Alignement
BizSec
New
Biz
IdMaaS
Federation
Social ID
Risk Based
AuthN
HCE One click
purchase
Mobile 2FA
Remote
Onboarding
Cloud
Tokenization
AuthZ
delegation
Async
AuthZ
56. Information Security FS 2014
Leveraging security to develop new digital banking models
56
Security as part of the Business
EXECUTION IS EVERYTHING