Some of the most common passwords include “123456”, “qwerty”, and, well, “password”. Not everyone is so creative when it comes to security. You probably have your own tips and tricks for creating unique passwords that may have your dog’s name combined with your childhood street address and a few #$%& thrown in.
Passwords play a critical role in identity and access management (IAM). IAM is the framework of policies and technologies organizations use to ensure that the right users have access to the right resources. IAM encompasses areas such as IT security, data governance, and authentication.
A bank leverages identity and access management with its customers. For example, a customer creates a username and password to log in to their online checking account. The same customer may later open a wealth account and apply for a new auto loan at the same bank. The bank system requires the creation of another username and password for each of these accounts.
And so, a pattern emerges of multiple usernames and passwords being created at one bank to control the customer’s digital identities and access to their accounts. This process can be frustrating for the customer, but for the bank, it provides a layer of protection against fraud, hacking, or some other event that would be catastrophic to its business.
The challenges of identity and access management
Think about that customer creating multiple usernames and passwords. What happens in the bank’s various systems is that all those identities become very hard to match up. So many slight variations, such as using a nickname, can throw off the identity matching process. This is because many banks’ systems are not sophisticated enough from a technology and data perspective to match the identities of the different people logging into the bank.
Imagine the bank as having five front doors, each representing a different banking system. The bank’s customers can enter through any of those doors and potentially have access to the bank’s secure systems. By enforcing security policies such as two-factor authentication or biometrics, the bank can prevent customers – or hackers – from storming through those doors and wreaking havoc on its systems.
But if your legacy system is behind your oldest door – the one with the rusty lock that’s about to fall off – criminals can just jiggle that door handle slightly and easily walk right in. If you don’t maintain your identity and access management, you’re opening your bank up to numerous security issues and other vulnerabilities.
Unsecure systems fall prey to attacks
The stats around data breaches and their repercussions are staggering. According to Banking Journal, companies in the financial industry reported 703 cyber attack attempts per week in Q4 2021. This was a 53% increase over the same period in the previous year.
Cloud computing and software provider VMware surveyed chief information security officers and security leaders at financial institutions. VMware’s Modern Bank Heists 5.0 report found:
- Seven out of 10 financial institutions aren’t spending more than 12% of the overall IT budget on security. But the majority of financial institutions plan to increase their budget by 20% to 30% in 2022.
- 63% of financial institutions experienced an increase in destructive attacks, an increase of 17% from 2021.
- 94% of financial security leaders experienced attacks on an API associated with fintech.
But even with those scary points, many banks still keep their old, unsecured systems in place. This could be because replacing or upgrading a legacy system can be expensive. And often, there is a constantly revolving door of out with the old and in with the new, so cracks start to appear among the chaos. Without identity and access management best practices, those cracks begin to widen and let the attackers in without much holding them back.
A single point of control with Salesforce
To beef up their identity and access management, banks should provide a single point of control for their security teams. The control can be heightened whenever needed, such as with two-factor authentication. Think of this single access point as similar to a Google single sign-in where you don’t have to reenter your username and password each time you enter Gmail or Google Drive. Your username and authentication is simply shared between the two applications.
By providing consistent authentication, banks can provide a better user experience to their customers every time they log in. Customers can easily access all of their accounts, and banks have greater visibility into how all the customer’s accounts are tied together from an identity perspective. This allows the customers of the bank to leverage the different and ever-changing banking systems while having one password and password policy, reducing the complexity for both the banks and customers. Let’s go back to the front doors. Imagine having just one high-quality modern front door to control access to systems, no matter the age.
The key to effective identity and access management at banks is to power the process with Salesforce, in partnership with point identity solutions like Okta. Salesforce is the platform providing a single source of truth of the customer identity. If a customer makes an update in one account, such as a new address, then Salesforce syncs the update with the customer’s other accounts for data consistency tied to identity.
Salesforce’s identity and access management services offer features to address many aspects of authentication to make sure your users are who they say they are, and authorization to control who can access what. These features include:
- Multi-factor authentication: Requires users to prove their identity by supplying two or more pieces of evidence when they log in. One factor is something the user knows, such as their username and password. Other factors include something the user has, such as an authenticator app or security key.
- Single sign-on: Enables users to access multiple applications with one login and one set of credentials. You can set up Salesforce to trust a third-party identity provider to authenticate users.
- Salesforce Customer Identity: An identity and access management service that improves engagement with your bank customers. Customize how your users log in, register, verify their identity, and use single sign-on to access your bank’s web pages and apps.
- Salesforce Customer Identity Plus: A consumer identity and access management (CIAM) solution powered by Auth0 and integrated natively into Salesforce. Customer Identity Plus provides your bank’s customers with a seamless login and user registration experience at scale and high volume.
Silverline is your partner for identity and access management
Silverline tailors identity and access management solutions to meet your specific needs by leveraging insights acquired through real-world expertise gained across the financial services industry. From strategic planning to implementation and ongoing support, we can guide you through every phase of your IAM journey. We can even help you come up with a perfect password. Find out how you can follow identity and access management best practices with Salesforce.