SaaS Security for Banks—Your Questions, Answered
Business, customer and account security are critical for banks and other financial organizations. Banks are continually re-evaluating how they provide robust protection across all of their technology, and there’s been a recent shift in the approach. The ongoing move to cloud-based technologies means that banks are increasingly looking for Software as a Service (SaaS) solutions, and secure apps are vital.
This change from on-premises to cloud software is growing by around 20% a year and is expected to reach $200 billion by 2024. Banking is no exception—according to Accenture’s 2018 Accelerate to Cloud – Banking Readiness Report, 97% of banks interviewed will or are carrying out a cloud migration strategy.
We know you have questions about SaaS software and security for the banking industry, and we’re here with the answers.
What is Software as a Service (SaaS), especially in the banking industry?
In short, SaaS is a cloud-based application. SaaS customers typically pay a monthly subscription to use the software. The vendor takes care of hosting the software, software updates, backups, storing data, and various other aspects.
Banks are updating their infrastructures to embrace the open banking trend by offering APIs to enable the integration of their services with trusted third parties. Many banks migrate to the cloud and leverage SaaS offerings for agility, better technology integration with open banking needs, and reduced costs.”
What are the key differences between on-premise and banking SaaS platforms?
With on-premise software, the responsibility for installing, running, updating and managing the software is entirely with the banking corporation. With SaaS, the vendor runs the software in the cloud and customers are able to access their accounts freely. Continually updated software to the latest version is also usually included. Integration with other systems may come with the SaaS subscription or it may need to be configured by the vendor’s implementation team, in partnership with the client.
What are the main security concerns for banks using SaaS applications?
Most SaaS has the security you’d expect—secure connections, authenticated logins, security monitoring, alerts and the like. While this level of security is generally good enough for individuals or small businesses, banks do have additional requirements. Some of the main concerns with banking security for SaaS include:
- Constant availability of the service: Banks and their customers require 24/7 access to their information and accounts. That means any banking SaaS apps or integrations need to have extremely high availability (typically 99.999% plus).
- Very high data confidentiality: Financial data is among the most sensitive information a business can hold on its customers. SaaS vendors need to demonstrate excellent security hygiene to keep that information secret.
What are the main challenges for enterprises with SaaS security?
The McKinsey Group interviewed executives at large enterprises to find out about their main challenges with SaaS security. Here’s what they found:
Encryption and Key Management
56% of enterprises want better encryption and robust encryption key management options. Most larger businesses do not trust SaaS providers to hold their encryption keys, choosing instead to hold keys themselves so they can control access and allow for securely encrypting and decrypting of data.
Identity and Access Management Across Platforms
54% of enterprises want better identity and access management (IAM) capabilities such as better integration with existing authentication solutions, two-factor authentication, single sign-on and other tools that make a user’s life easier. They also require better role-based administration of security levels—assigning access to employees based on the duties they’re performing.
Data Privacy Issues and Regulations
Many SaaS businesses don’t provide extensive tools for data privacy. This is becoming increasingly problematic as data privacy regulations such as Europe's GDPR, California’s CPA and Brazil’s General Data Protection Law all demand unique management of consumer data.
According to McKinsey, “Respondents say that the claims SaaS providers make about product compliance are often overstated, so they don’t necessarily trust them.” Most CISOs are looking for openness and honesty around what SaaS providers are truly offering and what they are specifically doing to help financial organizations reach compliance.
As you can see, there are plenty of areas that banks and other enterprises need to consider when implementing SaaS. Concerns about availability, integration, encryption, IAM, data privacy and more all need to be mitigated to ensure that business, banking, identity and financial data is kept secure.
Explore our advanced banking solutions.
Get the latest blogs on identity and access management delivered straight to your inbox.
Olivier Thirion de Briel is Global Solutions Marketing Director for the banking sector at HID Global, leading the banking strategy and marketing for IAM solutions. Prior to joining HID Global, he managed the cloud strong authentication offering at VASCO Data Security. He previously managed Oberthur Technology’s strong authentication product line and founded two mobile companies. He holds an MBA from INSEAD, as well as an MSc in computer and electronic science.