By Altaz Valani, Director of Insights Research at Security Compass.
At a time of significant disruption for the financial services industry, a sector forecasted to be worth $300bn by 2022, organisations are facing important decisions when it comes to digital transformation.
Among ever growing customer expectations and the need to comply with changes in the regulatory landscape, fintech companies are under increasing pressure to ensure innovation is properly implemented.
Failure to do so comes with a significant cost; that of security breaches and exposure to new vulnerabilities. From AI and biometric authentication to Robotic Process Automation, the growing adoption of technology among the financial services industry is intensifying the volume of customer data at risk.
Internal and external threats
To mange this risk carries both internal and external challenges for fintechs. Internally, the main challenges are centred around cyber skills, knowledge and expertise; externally, coordination with regulation is demanding.
Balancing an ever-increasing appetite for innovation and growth with robust security and risk management processes is absolutely crucial. Cyber threats continue to grow and diversify, and every new digital product and service carries an ever-evolving array of security risks.
Solving the cloud puzzle
Historically, due to the perceived value of the information held, the financial services industry is one of the primary targets for data breaches. This is why many financial services organisations have turned to the cloud as a solution for their IT infrastructure.
However, migrating to the cloud increases the attack surface of applications. That is why the importance of meeting security and compliance requirements cannot be overlooked in the rush for deploying new apps directly in the cloud or developing analytics-as-a-service or automation-as-a-service capabilities.
Strategically aligning digital delivery and security is one of the most complex challenges facing financial service businesses, and so many are turning their attention to Balanced Development Automation (BDA).
BDA: Aligning DevOps with security
To ensure success and competitive edge in the long run, fintechs need to create synergies between their DevOps, security, and business teams. This is where BDA comes in because it aligns DevOps with security, ensuring the latter is “baked” into the software development process. It acts as a guide through every step of software development, ensuring that security checks are built into the process from the beginning, and ultimately enabling DevOps teams to deliver secure products.
Consider it a three-step process:
1) Security should equip the development team with awareness of what is required from a security controls perspective. The same goes for risk and compliance. Developers need to know from the outset what these parameters are and factor them into their work from the get-go.
2) The next stage is examination of security metrics based on existing controls and emerging risks. The result of this might be the creation of new controls, but they have to be developed with an understanding of impact based on cost and business exposure. Ultimately, it is a business decision to determine the right risk threshold.
3) The third and final stage of the BDA process lies with governance at an audit and board level. Metrics collected from the first two stages are rolled into this and KPIs measured at this level are based on core business concerns around compliance, resilience, reputation, cost, and so on.
Balancing innovation with security
Ultimately, the success or failure of the fintechs of today can hinge on how they balance the adoption of new technologies with maintaining the privacy of their customers and the security of their customers’ data. This is a delicate balance, and one which requires action from the very start to identify and address risks.
Building security into applications from the very beginning of the software development lifecycle enables financial services companies to align security, compliance and risk priorities with business needs. This is ultimately a recipe for success.