The city of Miami recently hosted the annual conference for the Financial Services Information Sharing and Analysis Center (FS-ISAC), and as expected, the top security teams from the largest banks were on hand to share information, network and enjoy the chaos that is South Beach. For those unfamiliar with FS-ISAC, it is an industry forum for collaboration on critical security threats facing the global financial services sector. FS-ISAC is unique in that it was created by and for members and operates as a member-owned non-profit entity.
There was a great diversity of financial services players at the event, ranging well beyond the gorillas in the room. We met organizations ranging from hundreds of thousands of employees to just a few hundred, and learned that the problems they are facing are quite similar. The small banks are being targeted just as the large ones are, and while they may not have budgets or staff levels that compare to the big banks, there is no shortage of innovation going on at these smaller financial institutions.
I also noticed a shift in the attitude towards restricting user behavior. With so many targeted attacks and so much to lose, the financial services IT teams were one of the few that had the organizational clout to successfully restrict employee access to non-sanctioned productivity tools like file sharing or team collaboration applications. But there’s a growing recognition that requiring users to change behavior is a losing proposition. One CISO I spoke with confided that saying no is no longer an acceptable answer in his organization.
The vast majority of corporate users want to do the right thing and keep company information safe from risk, but with the constant pressure to do more with less, these productivity applications can be a hard temptation to resist. Rather than restrict access to productivity tools with questionable security, security teams are taking a new approach and looking to provide secure alternatives for their users.
This approach of providing security while minimizing the impact to the users aligns with Menlo Security’s core belief that the user experience is a critical determining factor to the long term efficacy of any security solution. It was very encouraging to see the smaller financial institutions transforming their approach to embracing secure new productivity tools, including approaches for secure browsing.
At the end of my trip to Miami, I spent an evening in the trendy Wynwood district where the only gorillas were painted on warehouse walls. The revitalization of this neighborhood from a neglected warehouse district to a revitalized urban center was a great example of how taking a new approach to an old problem can lead to fantastic results.