No bank is an island: navigating the security challenges of Open Banking

23 July 2018

Welcome back, this is the second in the series of short blogs on security to help banks when considering Open Banking.

In the first blog we talked about using the NIST framework (Identify, Detect, Protect, Respond & Recover) to help us navigate the security challenges in question, so let’s look in more detail at Identify and Detect measures in this blog.

So firstly under Identify:

As a bank, the first question you can ask yourself is: what does my ecosystem look like? No need to dust off your Blue Planet box set - this is about thinking about your relationships (peers, suppliers, market infrastructure) and how these relationships are held together, ie. the connections, such as the telecoms infrastructure.

This is likely to be a cat’s cradle of links and inter-linkages surrounding you; it may not be a straightforward task, but it should help you think through how Open Banking may change your ecosystem, and the things you need to worry about, for instance:

  • What are the new connections that will now be part of my ecosystem (the APIs)?
  • What are the new third parties in my ecosystem?
  • What intelligence or information do I hold on these third parties?

And then under Detect, banks can start to think about:

  • What does my current API activity look like?
  • What do I worry about already?… (APIs are not new, you can learn a lot from OWASP)
  • What are the new things that I need to worry about? Have a think about new threat scenarios.

This will provide a good basis to think through the Protect measures that we’ll look at in my next blog.



Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated and will not appear until the author has approved them.