Privacy is the new security
Wayback in 2005, ICICI emerged as the first bank in India to launch a biometric ATM at Guntur district of Andhra Pradesh. It absolved the need for PIN number by using thumb impression for identification, making it easier for people in rural areas to transact. More than a decade later, DCB Bank has now started an Aadhaar-based ATM facility, wherein, a customer can transact using his biometric details and Aadhar number, instead of PIN number and ATM card for authentication. The users don’t even need a card as long as they can remember their 12-digit Aadhaar number.
Much has changed in the Fintech space over the last few years and e-wallet services have emerged to drive the cashless economy. From online shopping to cab booking to hotel bookings and grocery shopping, everywhere is driven by apps. The application (App) economy has made fintech companies adopt identity authentication, secure single sign-on and device management in many emerging countries.
Vic Mankotia, vice-president, security and API management (Asia Pacific and Japan) at CA Technologies says that using biometric as one of the factors to log into a secure session is going to begin with mobile devices and that wallet service with a biometric would be better and secure.
“Many end-point devices today have biometrics built in. Users are using these to authenticate in this application economy to numerous applications. Will this start an advent of financial applications adopting these, yes, but only if there is a secure way to do this with no data leaving the device. The future is bright and adoption will take place in the smart metropolitan areas that are connected and then spread to other sectors,” Mankotia said.
However, it is noticed that in India, there is currently no entity who has availed this, while the banks and financial service companies recently have awarded request for proposals and are still discussing the overall architecture with select original equipment manufacturers and system integrators.
People are trading privacy and data security for convenience, adding to the digital privacy woe in the era of big data analytics and creating a challenge for businesses to secure their data. One of the most effective and convenient way is the Single Sign-On (SSO)—one log in and the user can access the data needed from multiple applications. Thus any data loss/theft issues needs to be fixed in a short span of time to avoid data being vulnerable for too long.
Mankotia says SSO can also prove to be prone to hacking—because hackers can access multiple applications with just one stolen cookie or session token. “If there was no data leaving the device, where the applications were not revealing personal identifiable data and if there was information shared it was with the users clear and written consent only, we would be in a position to manage our privacy.
Privacy is the new security,” he adds.
“We have to view security as business enabler rather than barrier. The security threats today cannot be managed by
archaic methods, it requires smarter software solutions, ensuring security of data and recovery of data.”
A research carried out by CA Technologies in association with research consulting firm TRPC on the readiness of 10 Asia Pacific & Japan (APJ) markets to thrive in the application economy indicates India is ranked 9th overall on parameters like internet and mobile infrastructure, government use and support of technology and innovation and business agility. Thus leaving space for a huge potential for improvement with the increasing smartphone users, internet penetration and app usage. The country was ranked no 2, only next to China as a market potential accelerator.
CA Technologies, which provides data security solutions through CA DataMinder, helps in minimising the chances of data loss by controlling the information— and access to it—at every point in the system. The company has also acquired Xceedium and IdMLogic and enhanced the security portfolio and innovative security solutions.
Commenting on how CA is adding value through its solution for the app economy, Mankotia said, “CA’s single sign-on secure SSO and flexible identity access management solutions provide organisations and enterprises to authenticate users and control access to web applications and portals.
It also scales to help meet growing business needs with flexible administration tools that can support either centralised or distributed administration.
(The writer was in Singapore at the invitation of CA Technologies)