Thursday, January 29, 2015

Are There Security Risks with SaaS Delivery of Core Banking Services?

BSunay Mruthyunjay, Chief Technology Officer - IDEALINVENT


(Image credit - Cloudvolution)

Are worries about the security of your bank’s data stopping you from considering SaaS delivery of core banking services? Do you feel it’s not worth the ‘risk’ even though the benefits, especially in regards to reduced cost and improved business agility are well proven? As CTO in a company that hosts ‘Banking Software as a Service’, it’s my job to consider and respond to all the perceived negatives of our B-SaaS™ offering and would ask you to consider the following points.

It’s human nature to avoid risk. In our decision making process, many of us consider different scenarios, evaluate risk versus rewards or benefits and then make a judgment call as to how much of risk is appropriate for a certain reward. So in the end, it boils down to balancing the risk and reward and this applies to any rational decision - be it our personal lives or matters related to business.

With this as the background, let’s try to analyse the number 1 perceived risk of a SaaS offering  - data security; This is of course the most significant risk that a bank gets exposed to with SaaS. Data flows through the internet, is stored in a location that is physically away from the bank and the bank cannot really control who gets access to its secure data.

To put this in perspective, let us take an example. Say you got some money; what would you normally do. Probably spend some and put the rest in your bank. It’s your money and you find it alright to leave it with a bank. The reason is, we know that it’s safe, probably also earns interest and most importantly, the bank knows how to safeguard my money better than I do (hopefully and in most cases!). The same money is available to you whenever you need it. You also trust the systems so much that you are fairly sure that your money cannot be withdrawn by someone else - thanks to the authentication mechanisms in place.

This ‘money’ security works - so what’s the big deal with data security?
Firstly, sensitive data of the clients, their personal identities and such others should be secured. Information related to products and pricing are equally sensitive. Last but not the least, the bank's strategic initiatives and goals, control measures and other operational procedures also need to be protected. If in the unfortunate case of a data breach, banks stand to lose a lot – most importantly credibility and that trust factor with their clients which in turn can lead to huge losses in business and revenues.

Thankfully, these fears need not deter a bank from ruling out SaaS. Technology today is well advanced to ensure mechanisms that secure data while being transferred. Complex authentication mechanisms and cryptographic techniques ensure data on the move is not easy to be hacked and deciphered. Data hosted on a public cloud is just as safe (if not safer) than that hosted on a private cloud or in-house on stack servers.

As far as data storage is concerned, a number of preventive measures can be implemented to avoid any data leakage. With a credible service provider, periodic security reviews or audits, third party assessment and certification, implementing ISO standards for managing information security are some of the easy means by which data can be secured in a SaaS scenario.

Having an information inventory with the appropriate risk measure associated with each item on the inventory list can help get a good grip on the information loss risk that a bank deals with from a SaaS point of view.

The other significant risk in a SaaS offering is that of integration. Typically systems that are on-premise have to exchange information between systems that are on SaaS. Apart from the usual complexities of integrating two systems, integration with a SaaS application poses additional challenges of dedicated bandwidth and security. Banks have to ensure that the SaaS application they choose has standardized ways of integrating that can co-exist with the other applications within the bank.

SaaS applications are getting smarter by the day. They allow a reasonable amount of customization to suit your needs without any intervention from the provider. The costs are extremely predictable and controllable. All the upgrades are automatically included and most importantly, the bank can focus on their core business with minimal diversion on IT systems.

Overall banks can reap significant benefits from a SaaS system without compromising on any security risks by acknowledging, assessing and effectively managing them, just as you do with any aspect of your life or business.

Sunay Mruthyunjay
Sunay brings over 17 years of experience developing IT products for the banking industry into IDEALINVENT. He cut his teeth as a product designer and developer before moving into product implementation and delivery management. Notable achievements include being a key member of the first ever Indian led complete system replacements in one of the largest corporate banks in Japan and has been instrumental in several project implementations of varying complexities in Western Europe including a Payments and Core implementation in a leading Swiss bank.

32 comments:

  1. Good article with excellent idea! I appreciate your post.Regards Sarkari Result

    ReplyDelete
  2. Cloud backup systems are much more secure than backing up data on your own store server or hard drive. A cloud backup company is in the business of protecting data. It’s the only thing they do. Their server locations are much more secure, protected, and hacker-proof than your server or store computer.
    iDeals data room due diligence

    ReplyDelete
  3. Maharashtra Police Wireless HC ASI Recruitment 2016

    I like the valuable information you provide in your articles, Thanks for sharing....

    ReplyDelete
  4. Thanks for sharing such a nice article. Sarkari Result that's why i would like to appreciate your work.

    ReplyDelete
  5. This is a great inspiring article.Buzz Applications I am pretty much pleased with your good work. You put really very helpful information.

    ReplyDelete
  6. Thank you for taking the time to provide us with your valuable information. We strive to provide our candidates with excellent care and we take your comments to heart.As always, we appreciate your confidence and trust in us.


    VMware Training in Chennai

    ReplyDelete
  7. thank you for sharing such a nice and interesting blog with us. hope it might be much useful for us. keep on updating...
    ROI Services in Chennai

    ReplyDelete
  8. The article is very I am a regular reader of your blog. the blog is very interesting and will be much useful for us.
    Hadoop Training in chennai

    ReplyDelete
  9. Excellent article and a truly amazing blog Visit for more info wp sms

    ReplyDelete
  10. Excellent article and a truly amazing blog Visit for more info SSIS training in chennai

    ReplyDelete
  11. Hi This is very useful and informative blog for all kinda people
    PHP Training in Chennai

    ReplyDelete
  12. This post is very useful and it's a worth read, Thanks for sharing this valuable information with us.
    IT Job Training in Chennai

    ReplyDelete
  13. Thank u for sharing this Information. cashback offers of all online stores are available at cashback coupons

    ReplyDelete
  14. Thank u for Sharing this Information. For more cashback Offers And cashback coupons just ping me

    ReplyDelete
  15. Excellent post!!!. The strategy you have posted on this technology helped me to get into the next level and had lot of information in it.
    Hadoop Training in Chennai | Selenium Training in Chennai | Salesforce Training in Chennai |

    ReplyDelete
  16. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Android Training in Chennai
    Ios Training in Chennai

    ReplyDelete
  17. The major advantage of pursuing course with the best institute for Selenium Training Bangalore is that, one would get their direct assistance in getting yourself a job in your preferred domain. The rest is up to the student, because it’s the student’s responsibility to perform well in the interview in getting the job. Selenium Training in Bangalore |
    Python Training in Bangalore |

    ReplyDelete
  18. Really cool post. It's truly extremely pleasant and valuable post.Thanks for offering this to us! it's my first visit.
    Data Entry Projects Outsourcing

    ReplyDelete
  19. informative post! I really like and appreciate your work, thank you for sharing such a useful facts and information about evaluating rewared system strategies, keep updating the blog, hear i prefer some more information about jobs for your career hr jobs in hyderabad .

    ReplyDelete