How to Strengthen FinServ Security with Identity and Access Management

January 29, 2018
Dustin Maxey
Director of Product Marketing

This is the second article in a four-part series, where you'll discover how financial services organizations can use identity and access management (IAM) to ensure compliance with regulations and protect against data breach, while delivering exceptional user experiences and facilitating agility and innovation.


When it comes to cybercrime, financial services organizations are a primary target. According to Verizon's 2017 Data Breach Investigations Report, financial services is the top industry for data breaches, accounting for nearly one-quarter of all reported cases.

"24% of reported breaches affected financial organizations"

- 2017 Verizon Data Breach Investigations Report

In this case, garnering the top spot isn't exactly the kind of thing you want to publicize. And you certainly don't want to make headlines as the next major breach either. So what can you do to protect your customers and your organization? The experts recommend two key measures to reduce risk: 1) adopt two-factor or multi-factor authentication (MFA) and 2) closely manage employee permissions and access.

Keeping Thieves at Bay with MFA

The days of relying on passwords as the sole source of authentication are long gone. Traditional two-factor authentication is definitely a step in the right direction, but it's generally costly and many solutions are questionable at best. It typically involves issuing expensive hardware tokens or sending verification codes via SMS, a practice that's now discouraged by the National Institute of Standards & Technology (NIST). Contextual multi-factor authentication gives you a higher level of assurance about a user's identity. Plus, it's cost effective and easy to implement to boot.

"81% of all hacking-related breaches are the result of stolen or weak passwords"

- 2017 Verizon Data Breach Investigations Report

By requiring users to authenticate using two or more different know-have-are factors, MFA makes it easier for you to reliably verify identities and harder for criminals to compromise credentials. An adaptive, cloud-delivered MFA solution, like PingID, adds this extra layer of security, while keeping it simple and convenient for bona fide users to authenticate. Using an app installed on the user's smartphone, PingID sends a notification to the user who then simply swipes his or her device to sign on.


To gain even more control over when and how additional authentication is required, you can implement a step-up authentication process that dynamically assesses the risk associated with the request. This risk analysis can include the device being used, the network, the location of the user, the resource or application being requested and many other factors. You can specify additional authentication based on the risk, imposing only the appropriate level of assurance and, in doing so, ensuring the best user experience.

Giving the Right People Access to the Right Things

Once you have assurance that users are who they say they are using MFA, you need to make sure those users have access to only those applications and information they need. You accomplish this through secure access management at the application/API and data layers.

"Privilege misuse is the leading source of financial services breaches, after ATM skimming, denial of service attacks and botnets."

- 2017 Verizon Data Breach Investigations Report

It's hard to believe that a breach could be perpetrated by one of your own people, yet six percent (6%) of all incidents are the work of internal actors. Suffice it to say, you must exercise extreme caution when granting access to employees, customers or partners to applications. With the Ping Identity Platform, you can use conditional access policies to ensure that only those who have authorization actually gain access to certain apps, APIs and URLs. You can also enforce centralized session management to terminate sessions via timeout or administrative termination of all active sessions.


To secure access at the data layer, the Ping Identity Platform allows you to manage access to identity and profile data with fine-grained, attribute-by-attribute data governance policies. This ensures that applications, whether internal or external, can only access data that is required for their functioning. Simultaneously, this level of control reduces the attack surface should identity or other sensitive data be exposed.


Not to put too fine a point on it, but as a financial services organization, you have to make security your number one priority. A financial-grade identity and access management solution, like the Ping Identity Platform, can make you less vulnerable to attack by strengthening the security that surrounds the sensitive information you store.


In my next article, I'll share how IAM enables you to go beyond compliance and security to deliver exceptional user experiences. In the meantime, you can learn more about how the Ping Identity Platform serves financial services by visiting