Photo credit: www.csoonline.com
An anonymous employee from Chase provided insights into the institution’s stance on various integration models.
According to this individual, “There is no threat of boycott, but rather a discussion about integration models that fail to adequately manage risks, which influences our decision-making.” They emphasized the importance of collaboration with key parties, including hyperscalers, financial institutions, and software vendors, to foster significant change and implement solutions that ensure ongoing validation and transparency regarding supplier controls.
The Chase Chief Information Security Officer’s team is focused on urging the software industry to acknowledge the urgency of these risks. Their goal is to collaborate on multiple fronts. This includes the development of scalable standards, establishing architectural frameworks, and innovating solutions for more sophisticated authorization processes. They seek to enhance transparency regarding suppliers’ use of privileged access, particularly when it affects access to sensitive systems or data. Furthermore, they advocate for the adoption of technologies that minimize risks associated with data custody, such as confidential computing or a ‘bring your own cloud’ approach.
Source
www.csoonline.com