Author: Clayton Locke
Progressive security challenges the way we think about how banking applications should protect themselves.
In the past security and usability have often been viewed as mutually exclusive. We need to move beyond that way of thinking.
The old-fashioned ‘fortress’ model of perimeter-centric security is not enough to defend financial systems from the sustained and sophisticated attacks they now face.
There was a 50% increase in the number of declared data breaches last year, with seven of the ten worst breaches of all time, as measured by Breach Level Index. In just the last few months we’ve seen high profile attacks on JPMorgan Chase, Anthem and Sony Pictures.
Weaknessses in the perimeter-centric defenses
Recently Andrew Gracie, The Bank of England’s Executive Director, acknowledged the fallibility of perimeter-centric defences, stating“we should expect the cyber threat to be ever-present, ever-evolving and networks to be penetrated”.
Once we accept that the perimeter is permeable our security posture switches from preventing intruders to detecting and neutralising them, and that puts our digital banking applications on the front line.
A digital banking application that understands transactions, users, bank accounts and currencies is much better placed than a network firewall to detect and react to things like unusually large bank transfers – or a change in the user’s context. This is where progressive security enters the picture.
How is Progressive Security different?
Progressive security is an innovative approach to protection that is a response to the dual requirements to improve applications’ resilience to attack and at the same time to improve usability and customer engagement.
Progressive security adjusts an application’s security posture dynamically for each user, in real time.
Because it’s part of the application it can use its domain knowledge to understand what a user is doing and identify suspicious behaviour. This in turn generates a real-time risk assessment of the user’s session which can be used to adjust the security required by the application. This means dialling back the security requirement, as much as dialling it up..
Progressive security and positive banking experiences
Because it’s always delivering the right level of security, the banking application is less likely to put barriers in users’ way, a lighter burden is placed on the “good” user. This is one reason progressive security is a fundamental shift in security design, it not only takes into account the requirements of protecting against the relatively small number of bad-actors, it emphasizes creating a positive experience for the majority of the bank’s customers.
Progressive security puts a practical focus on improving customer engagement whilst making digital banking more secure. It goes beyond mere technology, and holds the promise of creating a safer online environment that our customers actually enjoy using.
© conejota – Fotolia.com