Mobile Security - Mobilidade Bancária e Digital Workers Américo Alonso, CISSP, CIS LATAM Offering Manager for CyberSecurity
Agenda 1 2 3 4 5 6 7 BANKING SECTOR CHALLENGES FOR 2015+ 1bank ATOS VALUE PROPOSITION THE RICH PICTURE WHERE ARE YOUR TREATHS COMMING FROM? THE END OF PERIMETER AS WE KNOW IT THE MOBILE WORKFORCE BYOD PITFALLS TO AVOID IDENTITY AT THE HEART OF THE ORGANIZATION DISCLAIMER: The following is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any service, material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for the Atos & Bull products and/or services remains at the sole discretion of Atos. The actual delivery and future commitments of Atos are defined in a legal contract between Atos and the customer of the product and/or services.
THE END OF BANKING AS USUAL OLD WORLD On-going disruptions NEW WORLD COMPETITION FROM NON-BANKING ACTORS 2/3 of mobile users leverage alternative payments / cards Growing competition from non banking players (Apple, Google, Paypal ) Traditional retail & investment banking NEW MOBILE & SOCIAL CUSTOMER BEHAVIOUR 57% smartphone owners already use mobile banking GROWING REGULATORY CONSTRAINTS: New regulation impact up to 50% of IT budgets VOLATILITY OF MARKET CAPITAL & LOW RATES: Near Zero interest rate from central banks affect profitability Strongly digitalized banking, to reduce cost of operations & channels, be closer to customers (360 personalized experience), be reactive in real time to markets, and find adjacent or new streams of revenue Following years of focus on compliance and costs, the banking sector needs to shift to innovation & growth in a rapidly changing landscape
KEY CHALLENGES FOR BANKS IN 2015+ The necessity: streamline efficiency and hunt for new digital opportunities, with 5 related business challenges, requiring both operations & business models reinvention Streamline efficiency with lean COMPLIANCE Prevent threats, fight fraud, comply with regulations COST CONTROL Streamline operations for agility & cost control Reinvent Business value & models DATA INTELLIGENCE Enable real time, data centric business transformation Optimize operations for agility MULTICHANNEL Provide 360 experience, anytime, anywhere NEW BUSINESS MODELS Innovate to counteract new entrants Hunt for new digital opportunities
DIGITAL: AT THE HEART OF TRANSFORMATION By 2016, digital may help banks reduce cost of service by 20% and double revenue growth rate from 4% to 8% in mature markets, with 3 key levers MOBILITY The mobile bank OPPORTUNITIES FOR BANKS: Go Mobile: leverage customers devices (LYCD) and become the center of an ecosystem selling financial & additional services Mobile payments (based on NFC or mobile wallet) & services (money transfer) Non-banking products and services: daily life, retail, travel, transportation... Financial offers with non-banking products: cancellation insurance, extended warranty, loans Mobile marketing, loyalty and analytics: enrich propositions through mobile commerce Managing alliances & partnerships with non-banking operators «My bank is accessible and simplifies my life wherever I am by going ahead of my financial needs» ANALYTICS / BIG DATA The personalized bank OPPORTUNITIES FOR BANKS: Go Analytical: strategically apply analytics to more effectively meet customers financial needs Advanced multichannel integration: get a 360 view of the customers across all channels Pervasive analytics utilizing customer data, micro-segmentation and predictive modeling Real-time interactions & geolocation management for increased conversion rates Product offerings and pricing schemes, based on micro-segments and optimized by channel Advanced advisory services «My bank is closer to me and proposes me financial services that fit my own expectations» SOCIAL The socially engaging bank OPPORTUNITIES FOR BANKS: Go Social: leverage social media interactions to increase customer intimacy Social media monitoring: engage customers, mitigate risks and promptly react to issues Social digital marketing: define the best content for individual customer profiles and attract them Social CRM: enrich customer data with social media data, facilitating more effective propositions Peer to peer banking (it begins to develop, but it s more adopted by new entrants than by traditional banking players). «My bank uses the social channels to which I am already connected to»
ATOS VALUE PROPOSITION Our positioning: be a strategic partner to help banks get real time agility and leverage the opportunities of digital transformation for growth Streamline processes & reduce operations costs with secure IT rationalization DIGITAL TRUST COMPLIANCE & RISK CONTROL Provide trusted foundations for all digital exchanges and transactions, and ensure regulatory compliance DIGITAL OPERATIONS BACK-OFFICE TRANSFORMATION Grow agility and boost efficiency to improve services, reduce costs and fund innovation 1bank DRIVE THE JOURNEY TOWARDS REAL TIME DIGITAL BANKING DIGITAL INTELLIGENCE DATA INTELLIGENCE Leverage the most precious capital, data, to enable real time, personalized services Reinvent digital infrastructures for agility DIGITAL EXPERIENCE MULTI-CHANNEL BANKING Build next-generation unified & personalized banking across channels & devices DIGITAL INNOVATION HYBRID CLOUD & XAAS Build the nextgeneration innovation platforms for customercentric agility in a real time world Hunt for new digital opportunities & transform the business with customer centric IT innovation
The Rich Picture
IDC Security Survey: Spread of Security Threats
Only the tip of the iceberg! More and more enterprises were aim of data theft and internet attacks during the last year. January 2012 USAA: attacked by an aggressive Zeus phishing campaign January 2012 KPN: hackers posted usernames, passwords, phone numbers and addresses from 500 costumers March 2012 BBC: sophisticated cyber-attack against its Persian service. May 2012 Sophos: Hackers had access on 13 million Hotmail accounts May 2012 Yahoo and AOL: affected by the Tamper Data hack. July 2012 Atomic Energy Organization of Iran: was attacked by a new malware that were targeting critical infrastructures August 2012 Saudi Oil Company Saudi Aramco: 30,000 workstations were affected by the Shamoon malware October 2012 phishing attack: Washington confirms Chinese hack attack on White House computer April 2013 LivingSocial: 50 million users had compromised (names; email addresses; birth dates and encrypted passwords) based on a hacking attack
The end of perimeter as we know it Traditional perimeter in IT was built on the premisse of keeping the bad guys on the other side Firewalls, IPS, IDS, UTM and so on The perimeter has changed. Data It is not enough to implemente Firewall, IDS, IPS or WAF. Nowdays the perimeter is the point where the organizational data and the device meet. Device Application
THE MOBILE WORKFORCE Yesterday s workforce used locked down, hardened desktops and laptops where unapproved software could usually be kept off machines and out of the corporate environment. But today s workers are not merely mobile but also operate in a wide open manner. They carry their own devices, they visit untested web sites, and they download untested apps (which may or may not leak your confidential data out to unapproved servers). How is a business to function normally and securely in this new environment?
BYOD PITFALLS TO AVOID What is good for one is not always good for all BYOD is not always about allowing employees to bring their own personal devices. Sometimes is about to provide a controlled device to employee. Addressing short-term needs through point solutions Avoid the rush in implementing a solution for a particular short-term need. Think a little far in time. Not considering the full range of platforms/devic es/apps Platform for all! Begin with the corporate services like email and calendar. Be sure to deliver your Apps ready for more than just one platform (ios, Android) Forgetting to include a collaboration platform To prevent data leakage and other risks, you need a secure, managed, and fully auditable data collaboration platform. Otherwise you will be in a Dropbox/Drive/OneDrive compliance nightmare. Having an incomplete BYOD policy (or none at all) In a highly regulated industry like banking, a complete policy is essential for implementing BYOD without increasing risk.
IDENTITY AT THE HEART OF THE ORGANIZATION In the financial sector, data protection is a matter of the utmost strategic importance In a sensitive environment, application access security procedures must be reinforced and simplified. Proactive management of operational risk yields productivity gains and enhances security in all your financial activities By the end of 2015, there will be approximately 450 million bank customers using biometrics in various bank scenarios* By 2020, bank customers will use biometrics as the predominant identity authorization method to access bank services* * Analyst Report, Biometrics for Banking; Market and Technology Analysis, Adoption Strategies and Forecasts 2015-2020
Security is a path, not a destination
Américo Alonso, CISSP, CIS Americo.Alonso@atos.net M +598 99 105 001 Thank You