Security enables bank branch digital innovation

The digitization of the economy accelerated in recent years. The banking industry finds itself dealing with the same trends, albeit colored by some peculiarities of the industry. Like many other industries, digital interactions have become the preferred means of interacting with customers, due to lower cost and greater flexibility.

This wholesale embrace of digital is largely positive for most institutions, but raises some interesting challenges. If the primary means of interacting with customers is via digital, how do the 5000+ banks in the US differentiate and compete? The geographical “moats” that long delineated markets from each other no longer hold true in a predominantly digital world.

Yet, geography holds at least part of the answer by leveraging the physical footprints most banks continue to operate. Many customers still identify the branch as the place for certain kinds of transactions such as obtaining loans or opening accounts. For small businesses, a local physical presence may provide stickier relationships than a virtual one. And for all customers, the physical branch is likely the only tangible manifestation of bank’s brand that the customer will experience. So, the physical branch bank still has great value. However, all these customers will expect the same level of convenience and customization in the experience as they get in a digital world.

That places a priority on digitizing, automating, and personalizing as much of the customer experience in the branch as possible. Think of cameras with facial recognition capability, or Wi-Fi beacons that recognize when a customer’s phone enters the branch. Personalized concierge service can begin immediately in that environment.

The promise of digitized branches also means upgrading the branch’s security profile. And that can be a daunting prospect for the IT people back at headquarters as well as the branch bank leaders. Many innovations of recent years have streamlined processes, but also expanded the attack surface for bad actors. The distributed nature of the branch model is a prime example. These immersive services must be secured or they are potentially avenues for data breaches that could impact customers and even attack the bank’s core IT infrastructure.

Banks have been making strides at protecting the core of their IT resources because they had to. Securing the branches is just as urgent, but it is a different challenge. Routing all transactions and digital interactions through centralized core infrastructure to secure them is not efficient for the bank and latency issues could frustrate employees and customers.

These outposts must be protected in a way that is consistent with the core, cost effective for the organization as a whole as well as the branch’s budget, and cannot add complexity for the branch manager who has no local IT staff.

Secure Access Services Edge (SASE) is a way to extend the security footprint of the core out to the branches.

The software evolution in branch security

Many of the security measures in a branch used to be pieces of hardware. Gateways and firewalls were hardware appliances that needed support and came with acquisition costs and the need to upgrade regularly to stay current with the threat landscape. Overhauling the security profile of the branch was a daunting task creating a lot of friction in that environment.

Technology has now turned many of those appliances into software. That’s the idea of SASE. SASE is a not a product, per se, though some people may talk about it that way. It’s a framework for moving security to the edge of the network. The bank’s existing corporate security protocols – who gets access to what resource under what circumstances – can be extended to the branch.

SASE simplifies security by allowing that software to be served as a service through edge compute facilities. The branch manager doesn’t need to buy a lot of hardware, find places to put it, and sign lots of new service contracts for support. It can all be centrally managed by a provider. This allows increased visibility across the IT environment so that patterns – especially those indicating coordinated attacks – can be identified centrally and early. Because SASE is a framework in which multiple technologies must be integrated, a provider such as Lumen can choose the best-in-class components tailored to a given bank’s needs.

Large banks with multiple branches in a city can manage SASE locally on behalf of all the branches and replicate those capabilities across a network of edge facilities to serve other geographies. Likewise, regional banks can implement SASE once for all branches. Reducing friction for securing the new branch frees up money and creativity for innovation in the customer experience.

What are your needs? Let’s build a plan for the future – and secure it.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue.