Identity Live London 2017 | David Knott & Ian Sorbello
-
Upload
forgerock -
Category
Technology
-
view
257 -
download
0
Transcript of Identity Live London 2017 | David Knott & Ian Sorbello
HSBC (Hong Kong & Shanghai Banking Corporation)
– the world’s largest international bank –
4,500Branches
37,000,000Customers
$2.375tnTotal Assets
$47.9bnReported Revenue
70 countries &
territories
Present in
45% of clients have
international presence
340,000PCs & Laptops
85,000Personal Devices
290,000Staff Users
255,000Corporate Customers
915,000Corporate Users
90,000Servers
93PB of Data
Customer Identity ManagementDemocratised and Commoditised
PUBLIC
October 2017
Ian Sorbello - Head of Product Technology (Security)
4PUBLIC
Overview
• HSBC Global – geography and markets
• One Strategy – global rollout, different needs
• Access Management
• Designed for variance
• Biometry
• APIs
• Identity Management
• Your organisation’s developers are your customers
5PUBLIC
HSBC Global – Retail and Wealth
• 37 markets across 70
countries
• 37M customers
• 3 geographic IT points of presence (NA, EU, AP) –many localised sub
PoPs covering geopolitical and regulatory boundaries
• One solution, globally.
• Deploy to PROD, which PROD?
6PUBLIC
Access Management
• Maturation of security standards - OIDC / OAuth2 / UMA / SSO
• Strong desire to USE these
• Zero desire to CODE these
• Subsume underlying identity
repositories
• Using ForgeRock Access Management
and ForgeRock Identity Management
• Security commoditised
ForgeRock Access
Management
IDP
RETAIL COMMERCIAL PRIVATE
7PUBLIC
Access Management
Market 2 Market 3
PoP
ForgeRock Access
Management
Instance 2
App Y
ForgeRock Access
Management
Instance 1
Market 1
App X
Journey A Journey B
GEOPOLICTICAL AND
BUSINESS LINE
INSTANCING
Piloting – A/B
• Extreme multiplicity requires variation to be at the heart of the
solution… Security democratised
LOGICAL /
REALMS
GEOGRAPHIC
INSTANCING
8PUBLIC
Access Management - Biometry
• Biometrics – growing in capability and usefulness
• Build biometrics on top of a solid foundation
• They are just new credentials (inherence factor)
• Assume rapid change in this space
• Build to pivot – add or jettison is a steady state
ForgeRock Access
Management
ForgeRock Access
Management
Knowledge
ForgeRock Access
Management Possession
ForgeRock Access
Management
Inherence Broker
Biometric 2
Biometric 1
9PUBLIC
Banking APIs
• A polarised conversation: Should banks enable “programmatic” access?
• In the UK this decision was made for us: YOU MUST
• CMA OpenBanking initiative, authenticated journeys Q1 2018
• HSBC ready and primed for OIDC and OAuth to publish carefully
curated APIs / Services
• Because we use ForgeRock Access Management and this is what
ForgeRock Access Management does…
10PUBLIC
Identity Management
• HSBC has identity data on clients globally
• Immediately, this helps the
digital bank (internal)
• Further, capacity to participate in
identity data markets
ForgeRock Access
Management
Customer Data
Customer Data
ForgeRock Access
Management
IDENTITY
as a SERVICE
Internal
Systems
Internal
Systems
Internal
Systems
11PUBLIC
Look After Your Developers
• Developers love to build, but they
need permission:• To innovate, to challenge, to
execute (securely)
• They need a way forward: via
security platforms, patterns and
architectural guardrails
• Publish usable security capabilities to your organisation.
(hint: ForgeRock). Your Devs will take care of your clients.
12PUBLIC
Thank you …
Ian Sorbello
Head of Product Technology - Security | HSBC Digital Solutions (HDS)
HSBC Operations, Services and Technology (HOST) | HSBC Holdings plc
Level 7, 110 Southwark St, London SE1 0SU, United Kingdom
E-mail: [email protected]
Website: www.hsbc.com
13PUBLIC
Thank you …
Ian Sorbello
Head of Product Technology - Security | HSBC Digital Solutions (HDS)
HSBC Operations, Services and Technology (HOST) | HSBC Holdings plc
Level 7, 110 Southwark St, London SE1 0SU, United Kingdom
E-mail: [email protected]
Website: www.hsbc.com