Episode 056: 10‐15‐2024 How modern AuthZ will change banking - GluuFederation/identerati-office-hours GitHub Wiki
Title: How modern AuthZ will change banking
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Or Weis, Co-Founder / CEO at Permit.io
- Co-Host: Dave Hyland, Founder at ID Partners
Description
Banking has many security challenges: privacy, regulatory compliance, MFA, third-party vendor threats, insider threats, api security, cloud security, incident response and breach management. What can we learn from how banks are adapting to this new security landscape by supporting central policy management? What are the concerns and unique challenges that are driving the momentum to externalize application security policies? And how has their current strategy worked out so far?
Homework
- Permit.io blog 5 steps to building NSA-level access control for your app
- McKinsey Digital blog: What’s new in banking API programs
- DZone Article Top 10 Banking APIs: Make Your App Transactions More Secure in 2019
Takeaways
-
Authz is not just a technical problem, it's a people problem. There are differnt authz solutions and approaches, and its hard for companies to process it into an actionable rollout plan.
-
Front-end security is powerful: e.g. policies that run inside the mobile application or web page. Of course you still need security in the API layer and backend.
-
Or predicts workload identity will become more important as consumer adoption of AI agents increases.
-
Consent is an important authz use case in Australian banking, especially with regard to new open banking use cases for external fintechs. Banks are excited about graph based authorization solutions for modeling these complex consent relationships.