Banking Security Needs Upgrade for API Era

Established financial services firms have not typically led the charge when it comes to the adoption of new technology. But as they go digital, and as mobile banking becomes more firmly entrenched, banks and financial institutions (FIs) must apply that digital acceleration mindset to their security initiatives as well, to ensure that they have the most optimal security solution in place.

Legacy FIs need to redefine their security efforts — which means modernizing their tech stacks. Easier said than done — because those efforts rest on changing the corporate mindset.

As Sean Leach, chief product architect at the edge cloud platform provider Fastly, told PYMNTS in a recent conversation, banking execs may tend to be, understandably, risk-averse. And as Leach said of decision-makers’ inclination to tackle the limitations of their legacy solutions head-on: “There’s a desire to do it, but there isn’t the full conviction to modernize. Everyone thinks it’s a good idea. They talk about how it’s a good idea. But sometimes you just have to make the leap.”

Fastly’s core business grew from providing real-time content delivery services, and today places a significant focus on providing security solutions. The way Leach sees it, leveraging the cloud and fighting fraud go hand in hand. The cloud provides opportunities to take full advantage of high tech-enabled security and new fraud-fighting tools — where, as Leach put it, “you’re designing and developing your applications to fit with this new model of the cloud in terms of DevOps, rapid deployments and auto-scaling.”

When embracing fraud-fighting technologies (ideally through partnerships) in an infrastructure-agnostic way that moves beyond the confines of fighting specific threats, FIs gain an advantage that brings security closer to the network edge.

“You want to move your security and your detection as close to those clients as possible,” Leach explained. “And you want to push that defense out as close to the attacker as possible. If you have logic and data for a better customer experience, you want to move that close to the client, too.”

Integration Is Key 

Solutions sold by different vendors can be linked together with APIs, creating a single point of integration and visibility for users within the FI, said Leach. Integration also eliminates concerns over cost (in dollars and in human capital) tied to a “rip and replace” strategy that has typically daunted FI decision-makers.

“If you’ve chosen the technology correctly and they integrate well with each other, then it’s much easier to take and introduce a new security solution in your stack,” he said. “And that’s where Fastly is heavily focused, because we know how disruptive it can be to come up with a new security solution.” Without that integration, he said, an FI is flying blind, and “your weakest link really becomes the challenge in your organization.”

Integrated, automated solutions allow enterprises to move beyond simply combating new threats as they appear. In reality, when more than 350,000 malware variants are created daily, a security solution needs to anticipate intent and pivot automatically.

“You can’t keep up with that,” Leach said, adding, “What we’re starting to see quite a bit is what we call intent-based security, where you look at ‘what’s the intent of the traffic?’… not ‘does it have this header that comes from this IP address?’”

Full intent, he said, can be realized when someone — actually, something — is clicking on a website every hundred milliseconds. Humans cannot do that. But bots deployed as part of a denial of service attack can. Against that backdrop, real-time visibility is crucial, and so is the response time — and speed comes from automated, not human, efforts.

“Real-time visibility gives you the agility to match fraudsters’ level of skill and their ability to be agile,” noted Leach. “Your attacker is a developer, too. They built these tools and software systems to try and compromise your network and your applications. And they’ve built pretty big businesses out of it.”

Many legacy FIs are embracing digital acceleration to remain competitive leaders in the industry. For maximum effectiveness, leaders must consider security as a key component of that digital acceleration journey.