Among the hottest of hot topics in financial services today, mobile banking is at the top of the list. No question.
The innovation in the mobile banking space is moving at a blistering pace. End users require more convenience and flexibility. They want information at a fingertip. They want speed. They want accuracy. And they want… security.
Large banks and credit unions have a dedicated security staff tasked with staying on top of compliance, researching the latest security trends and vetting software vendors. Larger independent software vendors (ISVs) also have a similar structure, with roles defined for Chief Information Security Officers and Chief Risk Officers. Within smaller FIs, the security role is often times delegated to people who already have several jobs, mainly in the IT space. Within smaller software vendors, the security role is typically spread out thinly over several different groups and sometimes falls within the operations or QA space. The common thread here is that in a larger organization, whether financial or software; security is often handled by a team of professionals who have one clear mandate: secure everything coming in and going out. Smaller institutions are left to fend for themselves, without dedicated security staff. Business and technology professionals within the larger institutions have the luxury of being able to assume that security is “someone else’s” job. Smaller institutions are not that fortunate.
Security is Everybody’s Job
My role at Malauzai is to look after the technology infrastructure, so I care about this topic. Throughout my long career in software development–from small, nimble startups, to fortune 50 companies, both within the e-commerce space and financial services–I’ve seen a general lack of engagement within every group outside of a dedicated security team.
But what if it didn’t have to work that way? What if every employee at an institution, no matter what job title they held, could be a “security professional.” At Malauzai, security is not someone else’s job. Security is woven into the fabric of the company. Every employee is growing into a security professional.
For the next three installments in this blog, I’ll go over how Malauzai is continuing our strong focus on innovation while integrating secure practices all along the way. Next, we’ll cover how Malauzai is integrating security expertise directly into our engineering practices, from secure code to QA, all within a compliant structure. In the third installment, we’ll show how our implementations and project management teams have woven security into their functions. And in the final entry, we’ll look at how security is handled within product and marketing.
Security is not someone else’s job. It’s everybody’s job. There’s time to do it. It’s not a mystery. It’s not hard. Let’s get going!