BBVA CISOs Give Tips For Securing Digital Bank

  /     /     /  
Publicated : 22/11/2024   Category : security


BBVA CISOs Give Tips For Securing Digital Bank


At RSA conference today, CISOs at the multinational financial organization describe security strategy.



RSA CONFERENCE -- San Francisco -- Eight years ago multinational banking group BBVA first decided to enable customers to do 100 percent of their banking activity remotely and from any device. No easy feat for a bank that has 51 million customers, 110,000 employees, and €650 billion (approximately $696 billion) in assets. Today, Juan Francisco Losa, CISO of BBVAs Digital Bank and Santiago Moral, Global CISO for BBVA, explained the security strategy for this global digital bank.
The main challenges, as Moral described them, are that they have customers using applications that are not developed or managed by the bank, that the banks data no longer resided within the banks datacenter, and that the software development lifecycle had entirely changed to become more agile.
When the infrastructure is no longer under the organizations control, said Losa, the architectural design to address security has to be infrastructure-independent.
BBVA is trying to take advantage of new identity and access management tools. The authentication method can adapt to best suit the channel and the device, as long as it is at least as reliable as traditional mechanisms, Losa said.
What if something goes wrong? Losa also said that BBVA has a panic button, to react quickly to an emergency -- for example, activating a requirement for a second factor of authentication on the fly, if fraudulent activity increases through a particular vector. Losa says this was a job for BBVAs internal developers, not the third party.
Regardless of whos going to do the development work, the important thing, the speakers said, was that they need to develop and deploy updates as often and as quickly as necessary, even if thats within a time frame of just one week. How can they do that without sacrificing security?
Part of the solution, says Losa, is to automate testing as much as possible, but another has to do with people, not technology. The way to work without knowing the complete functional analysis, he says, is by being part of a collaborative security dev ops team. Start making security decisions in a decentralized way, said Losa.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
BBVA CISOs Give Tips For Securing Digital Bank