Other parts of this series:
- Financial services need new security mindset to support strategic growth initiatives
- What new technology developments offer opportunities to enhance security?
- Cyber risks and company stakeholders – a key to financial firms’ security
- Helping financial firms to transform security for “New IT” landscape
- Identity management and threat intelligence are key security spends for financial firms
- Planning for security failure is critical for success
As financial service businesses work on transforming and strengthening their cyber security function—shifting it away from a purely regulatory and compliance mindset in the “New IT” landscape —identity and access management (IAM) and threat intelligence should be key areas of focus.
IAM underpins an effective cyber security program. Without it, encryption’s value is limited, because you cannot identify who is accessing the encryption key. With new and evolving security challenges always popping up and a growing number of devices connected to a company’s network, the need to get identity management right is critical to an organization’s cyber security.
IAM should be addressed from both a process and technology perspective. As outlined in the report, Security in the Financial Services Sector–Ready for the “New”? Accenture recommends the following short-term and medium range plans for firms:
The 100-day plan
- Assess whether the organization’s identity management discipline is properly set up with the governance, processes and tools necessary to support and defend the business. Companies should also define their Identity and Access Management strategy.
- Because cloud and digital technologies as well as a liquid workforce can change an organization’s identity story, FSIs should build a cloud-based identity framework and service as well as a strategy on how to handle customers and business alliance access.
- Establish an enterprise IAM framework with Business-to-Business and Business-to-Consumer standards, taking into account new trends. For example, because of the internet of things, everyday objects eventually will be connected to networks and will need an identity.
- Review the organization’s IT strategy, and consider using a hybrid (public/private) cloud model. Also develop a vision for a hybrid-based IAMprogram.
- Identity federation—an arrangement among multiple firms that gives authorized parties the ability to use the same identification data to access all the networks of group members in a controlled, secure and auditable way.
- The application programming interface (API) economy—or the impact that customers’ interfaces with technology products or services has on the organization’s profitability.
5. Externalize when possible, establishing specialized services only when needed
The 360-day plan
- Consider a new sourcing strategy for capabilities, assets and resources. Look for a strategic partner that could deliver these more cost effectively and at a higher quality level.
- Implement a strategic roadmap and re-assess it continually, because your business and technology will continually evolve.
Companies need to understand, however, that no IAM discipline—regardless how solid it is—can provide 100 percent protection against cyber criminals. Detection is the new protection. This is where the greatest impact can be generated for the most reasonable investment.
Our experience shows that deploying a technology like Security Information and Event Management (SIEM)—a system of complex technologies that provides an overview of an infrastructure–is not a silver bullet. Advanced technologies, like advanced data analytics, in the hands of skilled resources such as big-data specialists and data scientists, should be considered. The following is how we believe firms should invest in their threat intelligence over both the short term and the medium range:
The 100-day plan
- Understand your assets and business processes. Decide on stable processes to implement (with more or less static use cases) and key focus areas where the business is both highly dynamic and stable.
- Define a strategy to address the static processes, using either a classical SIEM or an existing log-management infrastructure like the one offered by Splunk Inc.
- Run a proof of concept using Accenture’s Cyber Intelligence Platform. With this platform, FSIs can work on a pay-per-use basis. To support the initiative, we recommend assigning an experienced cyber intelligence person to the effort.
- Following the proof of concept results, decide on the next steps to follow.
- Extend the SIEM platform using the Accenture Cyber Intelligence Platform.
- Leverage the intelligence to help answer questions specific to an attack, such as:
- Who did it?
- Why did they do it?
- Why now?
- What’s next?
3. Conduct regular training with senior management to help them better understand the threat landscape, as well as:
- How it is evolving across the financial services sector?
- How it is affecting the FSI’s business?
- How the situation is affecting the FSI’s business strategy and security architecture?
To learn more, read: