https://www.fintechfutures.com/wp-content/themes/fintech_child/assets/images/logo/fintech-logo-2.png
  • Home
  • News
  • Intelligence
    • Back
    • Features & Analysis
    • Interviews
    • Reports & Surveys
    • White Papers
    • Case Studies
    • Webinars
    • Podcasts
    • Videos
    • Library
    • Techwire
    • Browse
  • Publications
    • Back
    • Banking Technology Magazine
    • Subscribe to Banking Technology Magazine
    • Banking Technology Magazine Calendar
    • Daily News at Sibos
  • Content Hubs
    • Back
    • Diversity & Inclusion
    • Food for Thought
    • I’m Just Saying
    • The Heart of the Matter
    • ESG Comms Explained
    • State of Play
    • One More Thing
  • Videos
  • WTF? Podcast
  • Awards & Events
    • Back
    • Banking Tech Awards
    • Banking Tech Awards USA
    • PayTech Awards
    • PayTech Awards USA
    • All Events
  • Advertise
  • Jobs
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • FinTech Futures Newsletter
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech
  • US Edition
    • Intl. Edition
Banking Technology
  • NEWSLETTER
  • Home
  • News
  • Intelligence
    • Back
    • Features & Analysis
    • Interviews
    • Reports & Surveys
    • White Papers
    • Case Studies
    • Webinars
    • Podcasts
    • Videos
    • Library
    • Techwire
    • Browse
  • Publications
    • Back
    • Banking Technology Magazine
    • Subscribe to Banking Technology Magazine
    • Banking Technology Magazine Calendar
    • Daily News at Sibos
  • Content Hubs
    • Back
    • Diversity & Inclusion
    • Food for Thought
    • I’m Just Saying
    • The Heart of the Matter
    • ESG Comms Explained
    • State of Play
    • One More Thing
  • Videos
  • WTF? Podcast
  • Awards & Events
    • Back
    • Banking Tech Awards
    • Banking Tech Awards USA
    • PayTech Awards
    • PayTech Awards USA
    • All Events
  • Advertise
  • Jobs
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • FinTech Futures Newsletter
  • Search
  • US Edition
    • Intl. Edition
  • newsletter
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech
fintechfutures.com


Credit where it’s due – why the Singapore regulator has it right on security

  • Written by FinTech Futures
  • 28th April 2014
Eric Chiu HyTrust high-res

Eric Chiu is president and co-founder of HyTrust

In a sense, there’s no reason why IT security professionals should care about the Monetary Authority of Singapore, writes Eric Chiu. After all, this organisation – officially the central bank of Singapore, the sovereign city-state in Southeast Asia – exists to “promote sustained non-inflationary economic growth, and a sound and progressive financial centre.” So what does that have to do with virtualised data centres and cloud computing?

Here’s what: MAS has implemented security measures that, among other policies, go a long way toward preventing attacks by rogue operators working on the inside. Those are exactly the defence mechanisms that can play a valuable role in protecting every IT infrastructure, especially those that are virtualised and carry a huge concentration of risk.

In the banking authority’s exhaustive Technology Risk Management Guidelines manifesto, there are three basic internal security principles. The first is labelled “Never Alone,” and it stipulates that “certain systems, functions and procedures are of such sensitive and critical nature that financial institutions should ensure that they are carried out by more than one person at the same time or performed by one person and checked by another. These functions may include critical systems initialisation and configuration, PIN generation, creation of cryptographic keys and the use of administrative accounts”.

This simple rule actually applies far more broadly, particularly in this industry. Many big banks and other financial services providers now require exactly this kind of dual approval for specific actions – for example, transferring funds or writing checks over a certain amount. Had the policy been more actively enforced, it’s fair to say that some of recent history’s most spectacular debacles could have been avoided: England’s venerable Barings Bank went under through the misguided actions of a single rogue trader, and France’s Société Générale nearly suffered the same fate for the same reasons (it did lose billions in the process).

The two-man rule is even more relevant to technology. The most high-profile breach of national security information, the Edward Snowden fiasco, occurred because this single individual, by virtue of his position as a systems analyst, had virtually unlimited access to highly classified data in the National Security Administration. If the system was configured in such a way as to prevent him from accessing information without explicit approval from another person in the organisation, ideally a superior, it might have helped prevent the entire debacle. (For the record, the NSA is now in the process of implementing the two-man rule.)

Other victims are likely to follow suit. Target is still in the news – and likely will be for a while – for the massive data breach it suffered late last year. It appears that, perhaps among other tactics, thieves were able to gain access to the control point that distributes software to the retailer’s point of sale mechanisms. A policy that required secondary authorisation for software updates could have conceivably made the hack twice as difficult. And while it received less attention outside the IT universe, Adobe was similarly hit with a massive attack on its source code files, affecting some 38 million users. Here, too, a ‘never alone’ policy could have prevented the problem.

As simple as it is, the rule is not exactly new. It has even entered pop culture: A key scene in the 1995 submarine thriller Crimson Tide revolves around the characters played by Denzel Washington and Gene Hackman arguing over a decision to arm nuclear missiles, a procedure that requires dual approval.

All of which brings us directly to virtualised infrastructures and the cloud. Many organisations are migrating to these computing models, which involve a software-defined concentration of risk as a by-product of easy access to information. This in turn means that an entire class of systems professionals has the power and ‘authorities’ to extract any kind of information they wish. Many of the recent high-profile cases highlight the problem of wide-ranging insider access. It’s also not only about rogue operatives on the inside; the theft of insider credentials by outside parties immediately escalates the dangers of breaches and fraud.

Corporations have the obligation and responsibility to develop their version of the ‘never alone’ policy for all sensitive data and mission-critical operations. In fact, the ‘two-man rule’ in a sense goes further by streamlining the security measure and enables organisations to scale the tactics to meet business needs and operational demands. It’s not a panacea, any more than a single security measure is. However, it does offer a stronger defence, and makes it easier to contain the damage once a breach occurs. And that’s why IT professionals should care.

Tags: Cybersecurity HyTrust, MAS Analysis, Industry Comment Worldwide

READ NEXT


  • Mastercard logo
    Mastercard snaps up Swedish AI cybersecurity start-up Baffin Bay Networks
  • Socure lands $95m credit facility from JP Morgan, SVB and KeyBanc
  • Cybersecurity
    Executive panel: key banking cybersecurity developments for 2023
  • Blockchain
    The B-word

Leave a comment Cancel reply

-or-

Log in with your FinTech Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Fintech Jobs


Related Content

  • PostFinance Switzerland picks FICO’s Falcon for fraud protection
  • Hanseatic Bank
    Hanseatic Bank to streamline transaction authentication with Netcetera
  • 2021 PayTech Awards hosted by Darren Harriott
  • Case study: Driving outcomes and getting value from production when security is paramount

Top stories

The hottest news this week

Click here to read

Upcoming events

Banking Tech Awards USA 2023

Find out more

PayTech Awards 2023

Find out more

Banking Tech Awards 2023

Find out more

PayTech Awards USA

Find out more

Webinars

Webinar: Digital lending 2.0 – fulfilling new customer expectations through technology

21st December 2022

Webinar: Achieving service excellence with Salesforce for retail banking – UMB Bank use case

21st December 2022

Webinar: From intuition to intelligence – fraud trends every risk leader must know for 2023

19th December 2022
view all

Fintech Jobs

White Papers

IDC report: New data sources and innovative AI redefining the business of lending

5th January 2023

Guide: Life in 3D – using alternative data to power credit risk decisioning

5th January 2023

eBook: Back to the future – 8 features of fast and future-proof BNPL technology

5th January 2023
view all

Magazine

Banking Technology Magazine March 2023 issue out now

1st March 2023
view all

Reports & Surveys

Survey & report: The race to ISO 20022

1st December 2022

Research: Tech blockers 2022 – cutting the costs of AML compliance

17th November 2022

Report: The state of payment operations 2022

8th November 2022
view all

Podcast

What the FinTech? | S.4 Episode 4 | The rise of CBDCs

13th March 2023

What the FinTech? | S.4 Episode 3 | Generative AI in banking

28th February 2023

What the FinTech? | S.4 Episode 2 | Space Bank and financial inclusion

14th February 2023
view all

Videos

Video: FinovateEurope 2023 highlights

17th March 2023

Video: Highlights from the exclusive global launch of Leda Glyptis’ book, Bankers Like Us

16th February 2023

Video: Envestnet at Money20/20 USA – Harnessing data to improve financial wellness

25th January 2023
view all

Content Hubs

One more thing – financial services, tech & human intersection

16th January 2023

FinovateEurope 2023 Content Hub

9th January 2023

Content Hub: Banking Tech Awards 2022 Winners

6th December 2022
view all

Media Packs

FinTech Futures Media Pack

Download

FinTech Futures Intelligence Media Pack

Download

Techwire

Alliant Energy named to 2023 Bloomberg Gender-Equality Index

20th March 2023

GULF CRYPTO BANK Participation as Diamond Sponsor in Fintech & Crypto Summit in Bahrain was a Total Hit.

20th March 2023

Praxent Introduces Accelerator App, Helping WealthTechs Speed Time to Market

20th March 2023

Fidelity National Information Services, Inc. (FIS) Equity Alert: Contact Robbins LLP for Information About Your Rights in Connection With Fidelity National Information Services, Inc. Class Action

20th March 2023

Fiserv and Central Payments Deliver Modern Issuing Capabilities to Fintechs and Financial Institutions

20th March 2023

Array Partners with FICO to Address Growing Demand for Embedded Finance Products

20th March 2023

CRE Investor Portfolios See Substantive Shift in Allocations to Office, Industrial Over Past Decade

20th March 2023

Global Open Banking Market Report 2023: Utilization of Artificial Intelligence (AI) and Internet of Things (IoT) to Manage Financial Crime Risk Bolsters Growth

20th March 2023
view all

Twitter

FinTech_Futures

.@Mastercard snaps up #Swedish #AI #cybersecurity #startup @BaffinBNetworks #Payments #giant #Mastercard has acqui… twitter.com/i/web/status/1…

20th March 2023
FinTech_Futures

🎉Congratulations to @CarIQOfficial for #winning the Best Smart #Banking Tech Solution🏆 - #Innovation #Award at the… twitter.com/i/web/status/1…

20th March 2023
FinTech_Futures

Discover the latest advances in #machinelearning tools and techniques at the @teamrework #AI in Finance Summit NY o… twitter.com/i/web/status/1…

20th March 2023
FinTech_Futures

@UBS buys @CreditSuisse in government-backed deal #Financialservices heavyweight #UBS is set to acquire struggling… twitter.com/i/web/status/1…

20th March 2023
FinTech_Futures

.@Rippling raises $500m following collapse of #banking partner SVB Company #payroll and spend management fintech R… twitter.com/i/web/status/1…

20th March 2023
FinTech_Futures

From a troubled past to a bright future✨: Northern Ireland's #fintech industry is booming thanks to US companies. 🚀… twitter.com/i/web/status/1…

20th March 2023
FinTech_Futures

Did you know that when it comes to #CBDCs, the issuance and liability stay with the central #bank, but the distribu… twitter.com/i/web/status/1…

20th March 2023
FinTech_Futures

#Vietnamese digital #bank @TNEX_Vietnam seeks new #CEO as Bryan Carroll steps down Vietnamese digital bank #TNEX i… twitter.com/i/web/status/1…

20th March 2023

Nominations now open for PayTech Awards USA 2023

Deadline: June 2 2023

Latest episode of What the FinTech? podcast out now

Listen now!

Sign up for the FinTech Futures newsletter

Receive updates straight to your inbox each day - free!

Banking Technology Magazine out now!

Read the latest issue here – the digital edition is free

Fintech Futures
  • About us
  • Advertise with us
  • Contact us
  • Fintech jobs
  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.