Multi-Cloud Identity Management for Financial Services
The New Imperative for Modernizing Banking Technology
“[The financial industry is] facing rapid and significant changes…Industry changes include Open Banking, neo-challenger banks and non-traditional financial institutions competing to serve customers. We also see significant changes in computing capability associated with cloud computing and agile delivery methodologies.”
With financial services and banks struggling to contain IT operating costs and compete against “NeoBanks” and “FinTechs”, one major theme keeps arising. There is a significant need for frictionless and enjoyable customer onboarding and personalized application experiences. Indeed, the ongoing viability of traditional banking services will require the use of newer technologies that help reduce costs while providing dynamic solution for each individual customer.
Core banking systems are decades old and need modernization to get them onto the cloud, providing them with multi-cloud capabilities. Traditional banks and financial institutions cannot afford to maintain yesterday’s “status quo” as the benefits of a multi-cloud identity and access management system outway the manual methods. A multi-cloud identity strategy is critical when transitioning to modern banking systems, while providing an appealing customer experience.
Some brick and mortar banks are playing catch up to the neo banks and non-traditional financial institutions. Aging infrastructures, applications, and in particular identity data and management strategies are hindering modernization and digital transformation efforts. Current banking identity systems struggle with:
- Data, application and identity functional silos
- Poor identity data quality
- Application and identity integration complexity.
IT capex and opex are increasing and are now a significant percentage of a bank’s revenue. If this doesn’t change, traditional banks and financial institutions may not survive competitive pressures from modern banks and the constantly changing customer demands for pleasurable banking experiences.
In this analysis we evaluate the most common identity challenges for banks and then discuss a leading edge multi-cloud solution that can address a critical challenge for many banks trying to modernize and deliver a robust customer experience.
Traditional Banking Challenges
The following list of challenges are recognizable by anyone working on the staff of an IT department in a traditional bank:
Ignoring the modernization of core banking systems. This is driving significant IT pressure to quickly adapt to modern banking technology and infrastructure. The Open Banking initiative and other advances are forcing banks to update to newer technology.
Legacy banking systems are becoming too costly to operate and maintain. There is an imperative to drive significant reductions in operational costs. This is difficult when you’re trying to maintain legacy systems. Employees who developed these early applications may no longer be at the company and hiring expertise is costly.
IT spending is greater (as a % of revenue) in financial services than any other industry. It is estimated that 15% – 25% of the costs (inclusive of personnel compensation) are allocated to IT spend2. Companies are seeking ways to reduce IT spend which can directly translate to lower customer acquisition and maintenance costs.
Legacy core banking systems have created functionality and identity data silos. These silos include identity and access policy data. Sharing of identity data and respective authentication and authorization information is very difficult in some cases due to the various versions of legacy software
Considerable complexity ‘inter-linking’ legacy core banking systems including identity. Applications are interwoven in complex ways from a networking, application, and identity data perspective. This makes core banking applications some of the most complex IT systems in the industry.
Companies are attempting to become more Agile and nimble. Technology moves quickly and banks are adopting newer application development and testing strategies. Core identity infrastructure updates are not possible without significant heavy lifting and expense. Banking systems tend not to be nimble, thus hindering speed to market. Customers are driving more modern requirements from financial services institutions.
Complex point to point API integration/ transactions are prevalent. This includes identity systems used for banking operations. There is a general lack of abstraction (of identity data) making application to application connectivity and security complex, expensive to operate, and time consuming to implement.
Increased pressure from customers. Today’s banking customer is looking for better privacy controls, real time transactions, 24/7 availability, personalized offerings, and a low friction experience. Newer mobile banking applications are now offering chat and other personalized features to better serve their customers
Increased regulation. Government regulations are focusing more on identity data quality and utilization. Data and especially identity data is very siloed today and will remain distributed as banks and financial institutions adopt a multi cloud strategy. This distributed identity model has security ramifications that must also be addressed as banks move towards cloud technologies.
Distributed Multi-Cloud Identity Solutions
Leveraging the core competencies of individual cloud platforms (e.g. Azure, GCP, AWS) banks may significantly decrease operational costs and increase satisfaction tied to the customer experience. This can’t be done without an effective distributed identity model.
A distributed identity model allows an organization to leverage identity and access policy where it exists, while orchestrating users access to both legacy and modern applications without significant application rewrite investments. With a well-designed multicloud infrastructure and distributed identity strategy, financial institutions can facilitate effective application interoperability and significantly reduced identity data and access policy silos.
In a multi-cloud configuration, banks need to manage identity and policy across public and private infrastructures. Access policies must be consistent across the hybrid environment, spanning on-prem as well as cloud-based apps and users. Moving applications to the cloud usually requires rewriting its code to support the destination cloud’s identity system. This is accomplished by utilizing a new solution from Strata Identity that bridges the gap between legacy identity and modern identity solutions. Companies can automatically manage both sets of identities and transition from older legacy identity systems at their own pace.
Deliver A Delightful and Secure Customer Experience Using the Strata Identity Fabric™
Leveraging identity data where it sits and orchestrating the customer’s on-boarding and application access experience is critical for growth and digital transformation into the Cloud.
Strata’s Identity Fabric™ is a modern distributed identity system that uses orchestration to enable a distributed approach to identity management. The Identity Fabric™ is not another single sign on (SSO) system or Identity Provider (IdP); the Identity Fabric™ is a new layer of technology built specifically for this multi cloud and digital transformation challenge. The Identity Fabric™ discovers, abstracts, integrates and orchestrates identity data and user experiences across multiple identity domains and cloud service providers. Furthermore, it orchestrates security policies in distributed identity domains and presents disparate identity data consistently to hybrid and multi-cloud infrastructures. This makes an overall move into secure customer experiences and digital transformation initiatives easier and more cost effective for financial institutions.
The Identity Fabric™ adds value to a financial institution by:
- The orchestration of the user’s security’s session across legacy systems and cloud service providers for significantly lowering friction while interacting with banking services from various infrastructures (On-Premises, Public Cloud, Private Cloud).
- Providing immediate use of the siloed identity data for a faster customer on-boarding process, understanding the customer interaction, and providing real time user personalization.
- Enabling multiple secure customer contact points and channels (Web, Mobile, Kiosk, Devices), while leveraging identity data where it exists and synchronizing access policies across identity domains and cloud platforms.
- Eliminating the dependency on archaic and old Identity systems, significantly reducing operating and capital costs.
- Eliminate cloud and identity system lock-in by using the Identity Fabric™ to freely move customer identities throughout the identity network.
- Modernize identity infrastructure and applications without the manual efforts of rewriting applications.
Other Solution Benefits
Banks can now take a smart approach to managing identities of their legacy applications while continuing to build their newer cloud-based applications that customers demand. The Strata solution lets any bank start where they’re at to get a handle on all their identities regardless of where they reside.
- Save significant capital and operating costs by avoiding rewriting apps by abstracting the application with the Strata Identity Fabric™, especially those with proprietary cookie-based or HTTP header-based session mechanisms common with legacy Web Access Management (WAM) and Single Sign-On (SSO) systems.
- Respond to significant competitive pressures from neobanks and FinTechs. This can be accomplished by leveraging more cost effective multi and hybrid cloud identity policy orchestration, accelerating an enterprise bank’s transition into the Cloud, and significantly reducing overall operating costs.
- Use a distributed identity model and focus on the user onboarding and application access experience by using Strata’s Identity Fabric™, which allows financial institutions to support legacy and future Identity systems simultaneously (coexistence), while maintaining, improving and securing the overall user experience.
- Introduce redundancy in your identity systems. The Strata Identity Fabric™ works across different clouds, platforms, and vendors. If one identity provider fails then it’s possible to quickly and seamlessly switch over to an alternative cloud.
Key Use Cases Solved by The Strata Identity Fabric™
The following scenarios can utilize the Strata Identity Fabric for successful management of identities across legacy and cloud-based applications:
Use Case 1 – Intelligent discovery of identity domains and application identity dependencies.
Use Case 2 – Identity control plane that orchestrates identity and policy management across the cloud stack.
Use Case 3 – A standards-based API abstraction using IdentityQL for easier application and distributed identity integration.
Use Case 4 – Migration and synchronization of identity data across multiple identity domains and cloud platforms.
Traditional banks are at a critical point as they struggle to keep pace with the demands of modern financial applications and continuous customer demands. A key challenge for any bank trying to move their technology to the cloud is their management of legacy identity systems.
A hybrid and multi-cloud strategy requires fundamental changes in the way apps are architected, where they are deployed, and how they consume identity. These changes necessitate a new approach to identity that is designed to work in multiple clouds and provide a bridge between the old and new worlds of cloud-native technology. This requires a multi-cloud strategy and the aid of a multi-cloud identity platform.
Strata enables organizations to manage legacy identity systems along with their newer cloud identity counterparts. This solution allows banks to manage the past while looking to the future in their delivery of customer focused applications and core technologies. For more information or to get a free demo visit us at Stata.io.