I attended three sessions this afternoon:
- One on cloud computing with a panelist from JPMorgan Chase,
- One on authentication presented by the CIISP of Bradesco, a Brazilian bank, and
- One that was a P2P discussion of identity facilitated by a SVP at Bank of America.
All of those are issues that I wrestle with all day long in the industry in which I work, so it was fantastic. Perhaps it's the marketing class I'm in ATM that has attuned my ears to the voice of the customer (VoC) because I heard them loud and clear. This is my interpretation of what they said about those topics.
What the Financial Institutions Said
Cloud computing is a new name for things we've been doing for a long time.
Be careful and cautious about cloud computing. Scrutinize new cloud-based offerings using our established practices and procedures. Do not get sucked into the hype.
Once data gets out the door, it's gone forever.
You only get one chance. Cloud computing is still too new and unproven. Mistakes are bound to happen, and we can't afford for them to be made by us.
Everything is about risk management.
Be cautious and slow to adopt cloud computing. Let the early adopters go out of business trying to figure it out. Once they have worked out the technical, social, political, and legal kinks, consider it pursuant to our established practices, policies, and procedures.
The biggest risk is loss of reputation; the brand name must be upheld. You can't outsource your reputation.
Loosing the competitive advantage that a distinguishable and trustworthy brand offers is not worth the potential cost savings offered by cloud computing, especially considering that we have already invested in the computing infrastructure that IaaS and cloud computing offers.
Online banking will never be done in the cloud.
Public clouds such as Amazon's are not appropriate places to host online banking solutions. Host them on private or hybrid clouds instead.
Positively identifying legitimate users has been a long hard battle that has forced us to invest tons of money and effort; it has even forced us to do things we didn't want to do (e.g., biometry).
We are in an arms race. If you can help us make it cheaper and more cost effective, we're all ears.
Technology is not enough.
We need technological help in this war, but we will be especially interested if you can also help us with the people- and process-related problems.
Banks, governments/police, and customers must work together.
Your offerings need to be interoperable, UX tested, and compliant with government regulations.
We will constantly be confronted with new security challenges.
We need vendors who we can trust and that will continually provide products that are one step ahead of the fraudsters.
Users adopted biometrics much quicker and with less pushback then we expected.
We value solution providers that are willing to think outside the box; we know from past experience that it pays off.
Our customers love mobile devices.
We expect a whole host of new attacks and problems, so help, advice, and guidance is welcome.
Facebook can't be blown off.
Social networking Web sites represent a real opportunity given the mass adoption, but we're unsure how to capitalize on them.
If you disagree with my interpretations, are aware of other needs that these organizations have, or would like to ask me a question about other things they said about cloud computing, authentication, and digital identity, leave a comment here or let me know. Also, keep an eye on my Twitter stream for more frequent updates from the RSA Conference.