Are There Security Risks with SaaS Delivery of Core Banking Services?

By Sunay Mruthyunjay, Chief Technology Officer - IDEALINVENT

(Image credit - Cloudvolution)

Are worries about the security of your bank’s data stopping you from considering SaaS delivery of core banking services? Do you feel it’s not worth the ‘risk’ even though the benefits, especially in regards to reduced cost and improved business agility are well proven? As CTO in a company that hosts ‘Banking Software as a Service’, it’s my job to consider and respond to all the perceived negatives of our B-SaaS™ offering and would ask you to consider the following points.

It’s human nature to avoid risk. In our decision making process, many of us consider different scenarios, evaluate risk versus rewards or benefits and then make a judgment call as to how much of risk is appropriate for a certain reward. So in the end, it boils down to balancing the risk and reward and this applies to any rational decision - be it our personal lives or matters related to business.

With this as the background, let’s try to analyse the number 1 perceived risk of a SaaS offering  - data security; This is of course the most significant risk that a bank gets exposed to with SaaS. Data flows through the internet, is stored in a location that is physically away from the bank and the bank cannot really control who gets access to its secure data.

To put this in perspective, let us take an example. Say you got some money; what would you normally do. Probably spend some and put the rest in your bank. It’s your money and you find it alright to leave it with a bank. The reason is, we know that it’s safe, probably also earns interest and most importantly, the bank knows how to safeguard my money better than I do (hopefully and in most cases!). The same money is available to you whenever you need it. You also trust the systems so much that you are fairly sure that your money cannot be withdrawn by someone else - thanks to the authentication mechanisms in place.

This ‘money’ security works - so what’s the big deal with data security?

Firstly, sensitive data of the clients, their personal identities and such others should be secured. Information related to products and pricing are equally sensitive. Last but not the least, the bank's strategic initiatives and goals, control measures and other operational procedures also need to be protected. If in the unfortunate case of a data breach, banks stand to lose a lot – most importantly credibility and that trust factor with their clients which in turn can lead to huge losses in business and revenues.

Thankfully, these fears need not deter a bank from ruling out SaaS. Technology today is well advanced to ensure mechanisms that secure data while being transferred. Complex authentication mechanisms and cryptographic techniques ensure data on the move is not easy to be hacked and deciphered. Data hosted on a public cloud is just as safe (if not safer) than that hosted on a private cloud or in-house on stack servers.

As far as data storage is concerned, a number of preventive measures can be implemented to avoid any data leakage. With a credible service provider, periodic security reviews or audits, third party assessment and certification, implementing ISO standards for managing information security are some of the easy means by which data can be secured in a SaaS scenario.

Having an information inventory with the appropriate risk measure associated with each item on the inventory list can help get a good grip on the information loss risk that a bank deals with from a SaaS point of view.

The other significant risk in a SaaS offering is that of integration. Typically systems that are on-premise have to exchange information between systems that are on SaaS. Apart from the usual complexities of integrating two systems, integration with a SaaS application poses additional challenges of dedicated bandwidth and security. Banks have to ensure that the SaaS application they choose has standardized ways of integrating that can co-exist with the other applications within the bank.

SaaS applications are getting smarter by the day. They allow a reasonable amount of customization to suit your needs without any intervention from the provider. The costs are extremely predictable and controllable. All the upgrades are automatically included and most importantly, the bank can focus on their core business with minimal diversion on IT systems.

Overall banks can reap significant benefits from a SaaS system without compromising on any security risks by acknowledging, assessing and effectively managing them, just as you do with any aspect of your life or business.

Sunay Mruthyunjay

Sunay brings over 17 years of experience developing IT products for the banking industry into IDEALINVENT. He cut his teeth as a product designer and developer before moving into product implementation and delivery management. Notable achievements include being a key member of the first ever Indian led complete system replacements in one of the largest corporate banks in Japan and has been instrumental in several project implementations of varying complexities in Western Europe including a Payments and Core implementation in a leading Swiss bank.

TO SaaS OR NOT TO SaaS: THAT IS THE QUESTION……

By Deborah Aubrook, Marketing Manager - IDEALINVENT

Whether 'tis nobler in the mind to suffer the slings and arrows of outrageous competition,Or to take arms against a sea of disruptors, and by opposing, end them? 

I hope my paraphrasing of Shakespeare doth not offend thee but it seemed to fit the purpose of this article. 

There is much talk in the BFSI sector about ‘unfair competition’ from upstart disruptors who are free from the encumbrance of regulation - disruptors who are stealing Millennials’ hearts & minds and potentially ‘stealing’ the banks’ future business. But this competition is definitely what the consumer wants, hence their success, and if banks are looking for a sympathetic ear, I think they will be waiting a long time! 

So how to deal with this inevitable competitive future, where banks could fade into insignificance if they ‘suffer the bows and arrows’ & bury their heads in the sand? Of course there are many options; you may choose product specialization, go branchless, transform to digital, become social media mavens, you may even, heaven forbid, look to collaborate with your competition for the good of the consumer. However, at the end of the day two things are essential for any decision you make to be successful – to be competitive you must have business agility and to be agile you must have the right technology. 

Business Agility is an agreed ‘pain point’ for banks and it isn’t something that can be achieved with bolt on tech to your already groaning legacy system. The right technology to support business agility is of course essential. The future of core banking platforms, as we all know by now is SOA, modular, API driven, preferably platform agnostic and with support from BIAN (www.bian.org) will also have a unified architecture. But of course the world of technology moves rapidly on and Software as a Service is the new Agile. Legacy transformation projects of the future will no longer be ‘full fat’ bloated in-house systems - why buy a license with a full stack at insane cost, when somebody else will provide it for you, maintain and update it regularly – for no cost at all and you only pay per use for the SaaS! And for those with data security issues around putting your Core operations on a public cloud you know exactly where your data is stored and how it is managed. All research suggests there is no more chance of a security breach with a hybrid cloud than on an in-house stack.  

The majority of decisions within the business are, at the end of the day, driven by cost. SaaS delivery of your core banking functions will reduce your costs by between 30-70% and take a lot of capital expenditure off your balance sheet. Of course, every bank’s requirements are different, but can you really afford to ignore that fact!? 

The day is already here where we can sit on our sofa and access everything we need on one screen by wi-fi via the Cloud – (even our SaaS based core banking platform can be accessed sat on the sofa via your laptop, smartphone or tablet, see www.B-SaaS.com for details) so how long is it going to be before your competition will also be Cloud enabled, and gain all the benefits that accrue – I’m afraid it’s inevitable! I can guarantee you that your new disruptive competition will be fully digital and SaaS based.

It is time to ‘suffer the slings and arrows’ and risk destruction or ‘take to arms’ and compete with the upstarts  – what will your choice be?!