Driving Innovation in Security Technology Through ... - FST Media

More documents

Recommendations

Info

Driving Innovation in Security Technology Through Emerging Channels“How do I ensure thereis a secure transactionhappening? We don’thave an easy answer.”– Chris Smith, NAB“The question that ismost interesting hereis how do you keep acustomer secure, but atthe same time solve theissue of convenience?”– Cameron Owens,NAB4Chris Smith, NAB: I think a lot of what we dois the Wild West and so we create these apps. Iagree iOS is quite unique and a lot safer but I’vegot another audience, and who knows what they’redownloading on that site.One of the issues we face is second mop up: howdo you authenticate? So you’re in that app, you’rein that experience, how do you get that? I agree it’sgood but I have a fundamental problem and thatis how do I ensure there is a secure transactionhappening? We don’t have an easy answer.Vic Mankotia, CA Technologies: There isadvanced authentication, there is authentication atthe log-in phase, risk-based authentication, thereis authentication with one-time password (OTP),there is SMS OTP, authentication on the web site,and again too much security will just hamperbusiness. Five people will stab you with a spoonbecause you’re going to delay the speed of businessand you’ve got to move at the pace of the customer.Dave Williams, Bankwest: Coming back toyour comment earlier about not being concernedabout the Qantas points. Qantas actually hold quitea lot of information on you, as do many other sitesthat you register with, but they don’t have the samelevel of security that banks would have. So it’s notjust what security we can have, but how can weprotect ourselves against non-financial institutions’sites that collect credible, identifiable data.Paul Guardabascio, NAB: As an industry, thespeed of innovation and market competitive forcesare driving change. What do you see in terms ofcollaboration with the telcos and utility companiesand the banking sector? Who actually owns thecustomer?Vic Mankotia, CA Technologies: The telcostake no responsibility. The banks say, I provide youwith an application, it’s yours to use, but use it atyour own peril. The software security companiesare saying, “Here’s a solution.” It works half thetime, it doesn’t work the other half of the time.And the hardware manufacturers are saying, “Hey,what about Android, iOS 5, what about Galaxy?What about Symbian, BlackBerry Storm?”Soon it’s going to condense. It’s a four-horserace; soon it’s going to become a two-horse race.If you don’t look after your assets, nobody elsewill. Don’t expect there to be an ombudsman or acollaborative network of people who are going togo out and say, “I’ll do it for you.”Cameron Owens, NAB: The question that ismost interesting here is how do you keep a customersecure, but at the same time solve the issue ofconvenience? A lot of the solutions we have todayare token. There’s no especially convenient way tosolve the security issue. So that’s the interestingdilemma we have. Our customers are draggingus there, and we need to be there and we need tomake their life easier but also to protect them. Theyare obviously dealing in large sums of money, butif the customer experience is so cumbersome, it’s amassive barrier.Naresh Vyas, Standard Chartered:Customer experience is important, otherwiseusability will be a problem.Vic Mankotia, CA Technologies: I’ll go backto your Square example. Last week in San FranciscoI was shocked when I saw how it worked. It was soconvenient that I used it 20 times during the week.Naresh Vyas, Standard Chartered: Thishas completely changed the industry locally inthe US. This is a device that you can plug into theheadphone jack of either an iPhone or Android anddownload an app from different stores. It convertsa magnetic strip’s data into an audio signal soit can plug right into the audio jack. Once that isplugged in, I then have a POS device. I can swipean American Express card, Mastercard or Visa cardand put in the amount and charge it.You can have other features. You can take aphotograph of what you’re selling, the person willget an email receipt with an image of your house,and the location of where the transaction occurred,the amount.They give you this device for free. What it doesis turn anyone into a merchant. You don’t needanything special, you don’t need a merchantaccount. It was convenient but it also gave me theheeby jeebies, because I had no idea about thesecurity of this.Richard Farrell, ANZ: But you still used it,right?Naresh Vyas, Standard Chartered: But Istill used it.Vic Mankotia, CA Technologies: The secondproblem that many executives are talking about isemployees bringing in their own devices. Are youseeing that happen often?Berin Lautenbach, GE Capital: You surveypeople and a huge number actually don’t want tobring their own PC in. They’re not really interested.Naresh Vyas, Standard Chartered: We’veissued standardised iPhones to employees. Wehave an eco-system within the bank with securitycertificates for the devices. You have accessibility toimportant data remotely as opposed to having to bephysically in the office.
Driving Innovation in Security Technology Through Emerging ChannelsVic Mankotia, CA Technologies: So isn’t thatassuming everyone wants an iPhone?Naresh Vyas, Standard Chartered: Itdoesn’t matter. We don’t ask them what they want.As: This is a corporate device, not a personal phone.At our bank, 50 per cent of the employees are aged35 and under we’ve adopted it very quickly.Berin Lautenbach, GE Capital: Don’t get mewrong, people who have iPhones and who aren’totherwise on our email systems or phone emailsystems would like to use their iPhone. But it’s notan, ‘I’ve got to have this’ setiment. I’ve seen oneorganisation which I think is fantastic, where thesecurity team is leading the charge for bring yourown device (BYOD). They are actually rebuildingthe network infrastructure to ensure they are goingto have a trusted network. We’ve all been trying todo this for years, but they’re using this as the excuseto build it. They are using it to get a really greatlayer of security in place across the organisation.And their line is, “Once we’ve got this in place, youcan plug in any device you want - your staff, yourcustomer, whoever you are. You can come intoour network. If you’re staff, we’ve got controlledaccess into staff applications.” It’s been viewed asan opportunity rather than a threat.Dian Shehata, NAB: So going back to using thebank’s laptop, I think the question is, do those of uswho work in the banking industry want the stateof-the-arttechnology that we can flash around andleverage? The answer is yes. So I have a Blackberrythat’s forced on me and I have an iPhone, when theiPhone is clearly what I use for personal use. But ifthe banks said to me, choose between your iPhoneor the Blackberry, I would have the iPhone for work.Vic Mankotia, CA Technologies: How manytimes do you forward a picture from one to the other?Diane Shehata, NAB: I will answer that on thebasis that there are no NAB security people in theroom! How many times do I forward somethingto Mum at home? Heaps of times, heaps of times.But when I try to use my map to log onto the NABnetwork, I’m there for an hour. I mean it’s possible todo it I’ve been told, but it’s extremely painful.Vic Mankotia, CA Technologies: CA hasBYOD. They give you an allowance. They also giveyou a device called an Aruba Network.It’s a small little device with two antennas. Youplug it into your broadband on one side and intoyour Cisco phone in the other, you log in with yourcredentials and then it creates a wireless networkcalled the Excellence Network which is a CAstandard for wireless and it authenticates you. Itknows your ID, it knows your access levels, it knowsthe degree of what data is going where and yourBlackberry, your iPhone or whatever is authorisedto be on the corporate network, can accessinformation. Single sign-on and collaboration hasmade it so easy.Naresh Vyas, Standard Chartered: Are youable to travel with that device?Vic Mankotia, CA Technologies: I don’t, butyou can. The first thing I do in a hotel is connect tothe Apple Airport and then I have my own network,so my Blackberry and my other devices that Ihaven’t spoken about all talk to that one network. Icould put the Aruba Network on there, absolutely.Chris Smith, NAB: Authenticating it, tryinga touch device on your corporate email, is justshocking. I don’t know if you’ve had that experience.These third party devices are enabled for touch andoften the network’s capabilities don’t come into it atall, and that causes a different set of problems.Vic Mankotia, CA Technologies: Yes, wehave a very good system in which identity, access,authentication is all built into one, which makes iteasier in some ways.But what about social media? How pervasive isit? And what challenges do these tools present?Darren Simpson, Superpartners: I thinkeveryone acknowledges the rapid growth in theuse of social media channels, particularly from aconsumer perspective, as the preferred tool formarketing channels.Vic Mankotia, CA Technologies: Justmarketing?Darren Simpson Superpartners: No, socialmedia is used by other business units, but I wouldsay that generally Marketing and Communicationteams are using these tools more and more toreach out and engage with their audience, capturefeedback on their services as well as a crucialreputation management tool. However, a keyconsideration for business is how their employeesinteract with social media tools inside theworkplace, as well as outside when they use socialmedia in their personal and professional lives.From a security perspective, these interactionscan be managed to ensure organisations maintainacceptable risk exposures. With the proliferationof tools and the exponential growth in usage ofsocial media, coupled with the increasing mobilityof devices and data in the workplace, this is an areathat every business has to monitor closely.We are also acutely aware of the opportunity thatsocial media presents us with to provide supportservices to our members. Many businesses across“At our bank, 50 percent of the employeesare aged 35 and underwe’ve adopted it veryquickly.”– Naresh Vyas,Standard Chartered“These third partydevices are enabledfor touch and often thenetwork’s capabilitiesdon’t come into it atall, and that causesa different set ofproblems.”– Chris Smith, NAB5
Page 1 and 2: Driving Innovation in Security Tech
Page 3: Driving Innovation in Security Tech
Page 7: Driving Innovation in Security Tech

Driving Innovation in Security Technology Through ... - FST Media

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?