BBVA CISOs Give Tips For Securing Digital Bank

At RSA conference today, CISOs at the multinational financial organization describe security strategy.

RSA CONFERENCE -- San Francisco -- Eight years ago multinational banking group BBVA first decided to enable customers to do 100 percent of their banking activity remotely and from any device. No easy feat for a bank that has 51 million customers, 110,000 employees, and €650 billion (approximately $696 billion) in assets. Today, Juan Francisco Losa, CISO of BBVAs Digital Bank and Santiago Moral, Global CISO for BBVA, explained the security strategy for this global digital bank.
The main challenges, as Moral described them, are that they have customers using applications that are not developed or managed by the bank, that the banks data no longer resided within the banks datacenter, and that the software development lifecycle had entirely changed to become more agile.
When the infrastructure is no longer under the organizations control, said Losa, the architectural design to address security has to be infrastructure-independent.
BBVA is trying to take advantage of new identity and access management tools. The authentication method can adapt to best suit the channel and the device, as long as it is at least as reliable as traditional mechanisms, Losa said.
What if something goes wrong? Losa also said that BBVA has a panic button, to react quickly to an emergency -- for example, activating a requirement for a second factor of authentication on the fly, if fraudulent activity increases through a particular vector. Losa says this was a job for BBVAs internal developers, not the third party.
Regardless of whos going to do the development work, the important thing, the speakers said, was that they need to develop and deploy updates as often and as quickly as necessary, even if thats within a time frame of just one week. How can they do that without sacrificing security?
Part of the solution, says Losa, is to automate testing as much as possible, but another has to do with people, not technology. The way to work without knowing the complete functional analysis, he says, is by being part of a collaborative security dev ops team. Start making security decisions in a decentralized way, said Losa.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
BBVA CISOs Give Tips For Securing Digital Bank