HSBC CUSTOMER IDENTITY MANAGEMENT DEMOCRATISED AND COMMODITISED

Dr. David Knott, Chief Architect

HSBC (Hong Kong & Shanghai Banking Corporation)

– the world’s largest international bank –

4,500Branches

37,000,000Customers

$2.375tnTotal Assets

$47.9bnReported Revenue

70 countries &

territories

Present in

45% of clients have

international presence

340,000PCs & Laptops

85,000Personal Devices

290,000Staff Users

255,000Corporate Customers

915,000Corporate Users

90,000Servers

93PB of Data

Customer Identity ManagementDemocratised and Commoditised

PUBLIC

October 2017

Ian Sorbello - Head of Product Technology (Security)

4PUBLIC

Overview

• HSBC Global – geography and markets

• One Strategy – global rollout, different needs

• Access Management

• Designed for variance

• Biometry

• APIs

• Identity Management

• Your organisation’s developers are your customers

5PUBLIC

HSBC Global – Retail and Wealth

• 37 markets across 70

countries

• 37M customers

• 3 geographic IT points of presence (NA, EU, AP) –many localised sub

PoPs covering geopolitical and regulatory boundaries

• One solution, globally.

• Deploy to PROD, which PROD?

6PUBLIC

Access Management

• Maturation of security standards - OIDC / OAuth2 / UMA / SSO

• Strong desire to USE these

• Zero desire to CODE these

• Subsume underlying identity

repositories

• Using ForgeRock Access Management

and ForgeRock Identity Management

• Security commoditised

ForgeRock Access

Management

IDP

RETAIL COMMERCIAL PRIVATE

7PUBLIC

Access Management

Market 2 Market 3

PoP

ForgeRock Access

Management

Instance 2

App Y

ForgeRock Access

Management

Instance 1

Market 1

App X

Journey A Journey B

GEOPOLICTICAL AND

BUSINESS LINE

INSTANCING

Piloting – A/B

• Extreme multiplicity requires variation to be at the heart of the

solution… Security democratised

LOGICAL /

REALMS

GEOGRAPHIC

INSTANCING

8PUBLIC

Access Management - Biometry

• Biometrics – growing in capability and usefulness

• Build biometrics on top of a solid foundation

• They are just new credentials (inherence factor)

• Assume rapid change in this space

• Build to pivot – add or jettison is a steady state

ForgeRock Access

Management

ForgeRock Access

Management

Knowledge

ForgeRock Access

Management Possession

ForgeRock Access

Management

Inherence Broker

Biometric 2

Biometric 1

9PUBLIC

Banking APIs

• A polarised conversation: Should banks enable “programmatic” access?

• In the UK this decision was made for us: YOU MUST

• CMA OpenBanking initiative, authenticated journeys Q1 2018

• HSBC ready and primed for OIDC and OAuth to publish carefully

curated APIs / Services

• Because we use ForgeRock Access Management and this is what

ForgeRock Access Management does…

10PUBLIC

Identity Management

• HSBC has identity data on clients globally

• Immediately, this helps the

digital bank (internal)

• Further, capacity to participate in

identity data markets

ForgeRock Access

Management

Customer Data

Customer Data

ForgeRock Access

Management

IDENTITY

as a SERVICE

Internal

Systems

Internal

Systems

Internal

Systems

11PUBLIC

Look After Your Developers

• Developers love to build, but they

need permission:• To innovate, to challenge, to

execute (securely)

• They need a way forward: via

security platforms, patterns and

architectural guardrails

• Publish usable security capabilities to your organisation.

(hint: ForgeRock). Your Devs will take care of your clients.

12PUBLIC

Thank you …

Ian Sorbello

Head of Product Technology - Security | HSBC Digital Solutions (HDS)

HSBC Operations, Services and Technology (HOST) | HSBC Holdings plc

Level 7, 110 Southwark St, London SE1 0SU, United Kingdom

E-mail: ian.sorbello@hsbc.com

Website: www.hsbc.com

13PUBLIC

Thank you …

Ian Sorbello

Head of Product Technology - Security | HSBC Digital Solutions (HDS)

HSBC Operations, Services and Technology (HOST) | HSBC Holdings plc

Level 7, 110 Southwark St, London SE1 0SU, United Kingdom

E-mail: ian.sorbello@hsbc.com

Website: www.hsbc.com