Regulation proves security headache for CBA’s CIO
- 09 November, 2011 17:06
- Comments 1
Commonwealth Bank of Australia chief information officer, Michael Harte.
A new approach to information security is needed by both the financial services and security industries to allow banks to better protect their customers' assets, says Commonwealth Bank of Australia (CBA) chief information officer, Michael Harte.
Speaking at the Australian Information Security Association (AISA) 2011 conference in Sydney, Harte said extra security controls placed on the banking industry by government regulators was a source of distraction from arguably a bigger threat to customer and company data.
“We’re told by the regulators that we have to know every single person who has access to our system, monitor who is in there and what they’re looking at,” he said.
In-depth: Information security 2011 Research Report.
“We’ve ended up in a situation where we spend more money protecting internal assets from our staff than we do protecting them from Russians, Brazilians and other people who want to steal the money.”
Harte said he would much rather see a realignment of information security spending towards battling international cyber criminals.
Security regulations also created what Harte called a “paradox” for the bank as on one hand it was trying to balance customer trust with its requirement to gather information about customers’ long term financial needs such as mortgages.
To overcome this, Harte proposed that CBA make the information it held on customers available to them through a secure repository where they could view all of their “digital artifacts" such as age and health information.
“They could also choose to send this personal information to their doctor, health provider or insurance company," he said. "The important aspect is that the customer has control over which third parties can view that information.”
In addition, CBA’s online services, which were part of a core banking modernisation project that began in April 2008, needed to become cheaper and more open or face competition from low-cost providers, Harte said.
While the financial services industry is able to undertake huge amounts of data collections for its customers, Google and other Web-based companies could offer this service at a tenth of what CBA could do, he said.
“These companies can gather up more relevant information around the person’s preferences and put them into a position where they will tell the consumer what is the best deal in insurance, asset management or banking,” he said.
“If we are not open, convenient and low cost like companies such as eBay can we are going to be competed out of the race,” he said.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow CIO Australia on Twitter: @CIO_Australia
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Pfizer's Future Depends on IT Transformation
-
Pfizer's Future Depends on IT Transformation
-
Pfizer's Future Depends on IT Transformation
-
Apple aims iPads at High Schools
-
Face Time - Interview with John Brennan and Robert DiStefano
-
IDC Insight: V-Ray Gives Symantec NetBackup a Competitive Advantage Today and into the Future
Over a decade ago, Veritas software announced NetBackup FlashBackup to address the millions of small files problem, which had been and often remains the nemesis to fast and efficient backup of large file servers. Today, the FlashBackup technology is used to provide a logical understanding of what is stored with a VMDK- or VHD-image-level backup, without the necessity to install an agent inside each virtual machine. Read more. -
Oracle Exadata Database Machine Warehouse Architectural Comparisons
Exadata is Oracle’s fastest growing new product. Much of the growth of Exadata has come at the expense of specialized data warehouse appliance vendors. These vendors have published competitive comparisons to Exadata, claiming: Architecture is what really matters for performance, Purpose-built data warehousing architectures perform best, They see architecture as an end in itself rather than as a means to an end. Read on. -
IDC Forecast: Worldwide Purpose - Built Backup Appliance 2011 – 2015, Forecast Update: Explosive Growth in 2011
This IDC Forecast Update provides share positions for revenue and raw capacity for nine named PBBA vendors for the first half of 2011. In addition, this study provides the market size and a five-year forecast for the worldwide PBBA market as part of IDC's Storage Solutions coverage. The five-year forecast includes total factory revenue and raw capacity in terabytes through 2012. The worldwide PBBA market covers both open system-and mainframe-attached products.
-
Teach Yourself Visually HTML and CSS
-
Learning Maya 7
-
Mysap ERP for Dummies
-
Starting an Online Business for Dummies, Australian & New Zealand Edition
-
Open Process Frameworks
-
Storage Virtualization for Dummies, Hitachi Data Systems Edition (Chinese Language)
-
Master Visually Excel 2007
-
Computer Networking
-
Mac OS X for Dummies, 2nd Edition
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Graham
I'm glad the Commonwealth Bank has such trustworthy staff who would never do anything wrong. It must be a huge relief not having to worry about embezzlement, rogue traders, or even staff looking up the records of friends, neighbours, ex-partners, or famous people.
In the real world, organisations have less than perfect human beings working for them, which is why I believe the greatest threat comes from within an organisation - people with the access using it inappropriately.
If Mr Harte finds the systems he has to protect his data are clumsy and inefficient, I would suggest this is an area he needs to address instead of blaming the rules that exist because of past failures.
He needs to change his attitude if he wants people like me to trust him (and his bank).
Post new comment