The common perception is if you are going to add a lot of security elements to engagements, you are secure but in reality, you are going to break the customer experience. Just having more and more authentication factors does not make things safe, says Anand Ramamoorthy, President, Uniken.
While addressing a session titled,” Why Security & Customer Experience are not Competing Interests in Digital Banking?” Ramamoorthy from Uniken talked about several vital points pertaining to security and related concerns across the BFSI sector, at Elets BFSI Gamechanger Summit.
Excerpts of his presentation:
Half a billion threats are being explored and talked about on a daily basis. All of us are not oblivious to the expansive proliferation of devices and data in our current enterprise set up.
Workloads moving to cloud are a much defined irreversible process and remote access is a basic ethic on which every enterprises and companies are built.
Whenever I speak to the CDOs, CXOs and CIOs, what I often get to hear is if there is one thing that slows down the space of irreversible acceleration towards digital it has to be security.
Security is an oft-repeated theme when we talk about cloud migration, Bring Your Own Device (BYOD), device management and Mobile security.
We call it the perfect storm because we have three variables that are hitting us as at the same time.
Security’s Perfect Storm
The continued need for an efficient security framework
Threats continue to rise while mobility and cloud erode our control
I talked about half a million more threats and ransomware is hitting our enterprises but they’re also getting increasingly complex. These are no more traditional signature-based attacks. What we are seeing are non-signature based, hard to predict. They don’t really have a pattern to them and unless you have a very robust machine learning setup in your systems, you often don’t grab them at the right time and in the right place.
Comprehension and response cannot happen fast enough
Time is imperative in any security attack whether it a B2B or B2C organisation, it’s all about trying quickly get the remedy of it and bring the enterprise or engagement back to a state of reasonable health.
There’s not enough people or money to throw at the problem
Not all complaint about, but BFSI sector in particular, if we talk about the CIOs and CSOs struggles to get the right kind of people with the right skill sets to come and join the organisation. So it’s a perfect storm and you have fewer people and the time is imperative and problems are complex. If there’s only one way of solving this it has to be a heightened level of automation and a very ground-up approach to building a security solution.
What we’re trying to essentially solve is this classic perennial dilemma between usability and security
Usability Vs Security: Perennial Dilemma
The common perception is, if you are going to add a lot of security elements to engagements, you are secure but in reality you are going to break the customer experience. You are going to make the app slow. You are going to make it complex. The authentication is going to go through too many cycles. Just having more and more authentication factors does not make things safe.
The usability security is a zero-sum game that’s what most CIOs and CXOs will tell you. They will tell you that they want to make keep things seamless and can’t add a lot more of security and levels of verification.
So if you transport that thought process to the whole authentication space you know it has gone through a series of evolution. Earlier, we had single-factor authentication, passwords etc.
If you think of Identity Management all of us know three basic questions are asked
The questions are what you know, what do you have and what you are.
How can Uniken help you?
No Compromise security –Amazing Experience
Uniken’s Unified Defense-in-Depth security platform shuts down every major vector of breach and fraud through a mobile-first solution that has a phenomenal user experience.
- Credential Compromise
- Credential Harvesting
- Social Engineering
- PII Compromise
- Account Takeover via Password Recovery or Call Center
- Call Center Account Trolling
- Duplicate SIM / #Porting
- Device Rootkit/Jailbreak
- Device Malware (including Polymorphic)
- Stealing Data on Device
- SSL Pinning Compromise • Fake Device Registration
- Secure Enclave/ Trust zone Breaches
- Malicious VPN
- Network Sniffers
- DNSS poofing/Poisoning
- CA Compromise