Tuesday, 26th May 2020

What’s the key to secure digital transformation?

Marc Vanmaele, CEO of TrustBuilder explains how banks and financial organisations can best balance the needs of security and user experience as they evolve their IT and processes.

Your users demand simplicity. Whatever sector you operate in, whatever the scale or scope of your offering, if your customers find it too difficult to access and use your service, they will go elsewhere.

The same rules apply within your organisation. If your staff find it too difficult to access and use the applications and systems they need to do their jobs, they will go elsewhere too. This rarely means that they will leave their jobs altogether – rather, it means that they will seek workarounds and shortcuts, unauthorised tools and unsanctioned processes.

Both situations can be a big problem. Losing customers very directly affects your business bottom line – and, depending on how vocal they are about moving on, your reputation in the marketplace too. Employees who seek workarounds may compromise security, opening up vulnerabilities or weak points in your infrastructure, or fail to complete tasks as required, bringing operations and productivity to a halt. They may be unable to deliver the right levels of service to their customers, which once again impacts your revenue and reputation. Furthermore, dealing with problems of user experience – whether inside or outside your organisation – can take up a great deal of your IT department’s time and attention.

Digital transformation: the road to simplicity

Little wonder, then, that businesses in all industries have been encouraged to modernise, improving their services with innovative new features, foregrounding user experience and customer journeys, and developing the most frictionless experiences possible.

This is one of the core goals of many digital transformation projects. Previously manual processes are replaced with automation, leading to a smoother user journey and a strong platform for additional innovation and creativity. Organisations such as Google and Apple, with their unrelenting focus on clarity and simplicity for the end user, have led customers and staff in other sectors to expect the same.

This is particularly true in the highly competitive banking and finance industries, where customers are choosing between fundamentally very similar products. Effective digital transformation can – well – transform the efficiency of business operations, levels of customer engagement and operational agility and innovation. It is, very often, the difference between market-leading and struggling organisations.

But ‘frictionless’ can come with caveats. Such processes are frequently less secure than their more cumbersome, multi-stage relatives – precisely because they entail fewer layers of user identification and verification. Banking and finance organisations, then, have to make a choice – add extra security steps, such as a second password or PIN code, and hope that this increased complexity doesn’t lose them users – or keep the process simpler, and hope that they don’t succumb to a malicious cyberattack or accidental infection.

What do users want?

How to find a path through this minefield? The best starting point, as so often, is to consider what users really want.

In the banking and finance sectors in particular, customers want simple to use services which take away the cumbersome complexity so often associated with the industry – masses of small print and industry-specific jargon are rarely welcome. They want to be able to access core information such as account balances on go, using their mobile devices; after all, according to Nielsen more than 97%of millennials have a smartphone that is capable of online banking. Convenience is key.

However, for banking and finance customers, protecting both their money and their personal information is also paramount – after all, these are often their greatest assets. It is crucial that they trust their banks and financial institutions – that they believe those organisations take data protection and cybersecurity seriously.

What are the challenges faced by the organisation?

Meanwhile, banking and financial organisations are managing increasingly complicated IT infrastructures. Their services are made up of multiple different applications, many of which are hosted in the cloud with data shared between the organisation and its vendors. This makes providing a smooth user experience challenging – and making it secure, even more so.

Additionally, there is the rapid pace of change in both the technology, the cyber threat and the banking and finance landscape itself to consider. Challenger banks have transformed the industry in recent years, and many of these have focused far more heavily on their online presence than their physical one, responding to the demands of younger customers who may prefer to bank digitally rather than in person. Building a smaller digital-focused bank from scratch is one thing; layering that digital focus onto an existing larger bank is another matter.

Introducing IAM

This is why next-generation Identity and Access Management (IAM) services have such a crucial role to play in the banking and finance sector. They help organisations to not only strike the right balance between user experience and security, but also, critically, to maintain that balance as the organisation’s services and systems continue to evolve.

Such solutions incorporate the next evolution of multi-factor authentication (MFA) systems, which demand additional layers of verification before or after the user enters their login details. At present, this extra step will typically be a second password or an SMS code sent to the user’s mobile device. Such steps add some security and peace of mind – but these particular methods disrupt the user journey and can be easily compromised by cyber criminals.

The most effective IAM solutions take a more intelligent – and a more user-focused approach, thereby helping organisations to tread that fine balancing line. Along with enabling the latest secure MFA methods like those requiring a hardware token, they consider a range of different factors when verifying each user request, such as where the user is located, the time of the request, and whether the device itself is recognised. They also provide a bridge between different environments, allowing seamless access while keeping intruders out.

In turn, this allows organisations to offer a genuinely intelligent and ever-improving security service to their end users, demonstrating how seriously they take data protection, whilst automating that security behind the scenes and therefore smoothing the customer journey as far as possible.

It is essential to choose an IAM solution that is highly flexible, able to keep up with the pace of change and evolve along with the organisation in question. However, in doing so, banking and finance organisations can take a genuine step towards balancing user experience with watertight security – and embracing digital transformation, securely.


By Steve Rivers, Technical Director International, ThreatQuotient.
By Justin Augat, iland VP of Product Marketing.
By Martin Sugden, CEO, Boldon James.
As our world becomes increasingly interconnected, businesses and individuals are realising benefits...
Modern businesses are under pressure to deliver when it comes to the experience, they offer their em...
Common automation frameworks and the end of speed and security compromises. By Bart Salaets, Seni...
Connectivity as a concept has become an essential part of life, as opposed to just a luxury. The Int...