Why open banking can’t exist without entitlement management

Balancing the need for openness and security

Imagine the impact when banking customers suddenly can’t access their bank accounts. Even worse, imagine a customer can suddenly view information from someone else’s account, even carry out transactions. Picture the chaos that erupts when thousands of people’s mortgages are not paid on time, or their credit and debit cards are refused. As far fetched as it all sounds, much of this has already happened — more than once — and with a lot of media attention.

The culprit in these cases is failed entitlement management. If an organization does not have a good handle on the gateways to their data, the results can, and will, hit the headlines. Entitlements management is a hot topic and a growing issue for financial institutions worldwide.

Information everywhere

Today, information travels all around the place, making the management of access and entitlements more complicated. Both internally and externally, more and more people need fast, easy access to the data that lives within a bank’s systems. Banks often outsource a lot of their system development, so third party developers are increasingly a part of the mix. Customers need to access and submit information themselves as part of new, sophisticated self-service capabilities. Internal staff need access and are given a range of access rights. Then they move on, changing roles, or even jobs, and their original logins and passwords must be tidied up behind them. Everything evolves constantly, yet the need for security remains.

As banks increasingly open up their APIs, both internally and to connect to third parties outside of their organization, multi-level security frameworks are needed to stop potential cyber-attacks and unauthorized access. APIs are key entry points to a bank’s systems and banks must ensure they are accessed only by authorized entities, while preventing customer data from being compromised. Tough new legislation like GDPR adds to the urgency, banks have little time to waste in getting this right.

Automation is key

Shutting people out for fear of failure goes against the competitive grain. If banks don’t keep everything open they risk losing out to fintechs and big techs offering fast, one-click logins or instant connection to third party apps. Convenience is key to competitiveness and that means letting people get at the data. Banks simply have to leave the door open, so need a way to manage entitlements – automation is the answer.

Staff also benefit

Smart, entitlement management technologies make IT access policies happen – across different technologies, platforms, applications, network components and devices. They grant, organize, enforce and administer access within and without the organization. The benefits of this are not limited to building customer confidence either. Automated access will, by default, improve the back end. A good system will handle the provisioning and management of user accounts. It efficiently handles role-based access, multi-factor authentication and access control. It supports staff with helpful functionality like single sign-on or logout, session management and attribute sharing. Things run more smoothly as staff can access what they need to, when they need to. Entitlement management technologies also keep everyone safe, acting as a sentry, monitoring, analyzing, and triggering the right people when something goes wrong.

Overcoming the Achilles heel

Access to a bank’s systems must be timely, correct and secure. In a world of open banking and third party connections, weak security is the Achilles heel that will ruin a bank’s reputation and alienate them from their customers. Banks can have it all however, offering unprecedented access and convenience to their customers, while protecting the data in their systems and staying compliant with legislation.

A good entitlements solution handles both sides of the equation. It ensures the front end of the house delivers exactly as it should, and customers enjoy best-in-class experiences at every touchpoint. At the same time, it works diligently in the background to keep everything running safely and smoothly, preventing embarrassing data breaches or access issues. When entitlement management works, both customer and staff are happy, and those in charge of security and compliance can finally sleep at night.