Authentication X.0: Imperative for Financial Institutions According to New IDC Financial Insights Report

FRAMINGHAM, MA – April 15, 2011 – According to a new report from IDC Financial Insights, in light of recent high profile breaches within core technologies used to authenticate customers, partners, and employees, and the emergence of social media, mobile, and cloud technologies by consumers and business, the imperatives for the development and use of advanced measures for protecting customer interactions have never been clearer.

The new report, Best Practices: Multifactor Authentication in Banking: The Evolving Landscape (Document #FIN227750), which is one of several planned reports covering the identity and access management market, suggests that now, more than any time in the past, firms must understand that while no single authentication technique can completely eliminate threats to electronic identities, multiple factors and multiple layers of security are basic requirements for protecting both banks and customers.

The report recaps the landscape of identity and authentication techniques, discusses the existing regulatory framework, and provides forward thinking perspectives on the potential impact of emerging technologies and market developments.

"As fraudulent tactics evolve, new techniques develop, and regulatory regimes change, the industry must look for the best combination of risk management, convenience, and cost to protect both the financial institution and its clients," said Michael Versace, research director, IDC Financial Insights. "In addition, IT must plan for ways to effectively extend and support identity and access management policies and infrastructures beyond the data center and stay in step with the emerging trends driven by the increase in sophistication and numbers of identities in the cloud."

Traditionally, financial institutions have been early adopters of identity and access management technologies. However, indications of potential updated guidelines from bank regulators, coupled with the evolving global risk landscape, the weakening of existing authentication methods (outlined in Essential Guidance: RSA Security Breach, Document #lcUS22754011) and the advent of new technologies, will require increased investment and modernization of identity infrastructure. As such, financial institutions will need to more closely examine current practices today and prepare for a future where tighter controls are the norm. To harden security and minimize the threat of risks in the near term, IDC Financial Insights believes business line executives, product managers, Chief Risk Officers, and their IT counterparts must:

— Stay abreast of evolving operational risks associated with identity

management systems used for banking products, services, and facilities.

— Provide accurate and timely information on evolving risks to customers,

employees and partners due to cyber attacks and other threats that

impact identity management techniques.

— Continually assess technologies and controls used to mitigate identity

and authentication risks.

— Ensure that management and customers are educated regarding their

customer protection responsibilities in regard to user IDs, passwords,

tokens, and other user authentication controls.

— Maintain continuity plans for failures in identity and authentication

technologies and processes, whether at the financial institution or

caused by failures in controls from third party providers.

Impact of Cloud Computing

The move to cloud computing and the expansion of new media and mobile technologies underscores the critical need for greater security and strategies to support identity and access management obligations. According to recent IDC Financial Insights studies, CTOs, CIOs, and business executives now fully understand that virtualization and cloud computing represent the single-most-important re-design of the information infrastructure in the history of computing. However, the long term impact of this re-design is not yet completely understood. IDC Financial Insights believes the impact of this trend will be seen over the next decade as these innovations will deliver almost everything IT as a service. During this transformation, the solutions for identity and access management will be rearchitected, reintegrated, and delivered as a set of risk-aware services to customers, employees, and partners, enabling greater connectivity and collaboration, and a more seamless user experience.

"Cloud is a new frontier for identity management, and business managers, regulators, and CIOs alike have a lot to consider as identity continues to move beyond the enterprise," continued Mr. Versace. "New approaches, practices, and technologies — which today include long lists of siloed identities, passwords, tokens, and other techniques with little interoperability — need to be considered as business users demand more cost effective solutions and customers look to simplify their lives online. In addition, as identity management is a service in and of itself, organizations will look for ways to broker these services in a risk aware, trusted, and reliable way across financial services and with business partners."

For additional information about this study, or to arrange a one-on-one briefing with Michael Versace please contact Sarah Murray at 781-794-3214 or Reports are available to qualified members of the media. For information on purchasing reports, contact; reporters should email

About IDC Financial Insights

IDC Financial Insights assists financial service businesses and IT leaders, as well as the suppliers who serve them, in making more effective technology decisions by providing accurate, timely, and insightful fact-based research and consulting services. Staffed by senior analysts with decades of industry experience, our global research analyzes and advises on business and technology issues facing the banking, insurance, and securities and investments industries. International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology market. IDC is a subsidiary of IDG, the world's leading technology, media, research, and events company. For more information, please visit [], email, or call 508-620-5533. Visit the IDC Financial Insights Community at [].