Six ways to capitalize on the internet of things

$1.3 trillion: a massive sum, which represents the increased revenues and lower costs that will be created by the Internet of Things (IoT) between 2013 and 2022 in the financial services industry alone, according to Cisco. When you consider the financial opportunity in tandem with the possibilities that IoT offers to gather and disseminate information from an infinite number of sources, it’s clear that IoT is likely to transform the industry.

The possibilities are endless, but the risk for financial services providers is also clear: if they don’t evolve and adapt quickly, their influence and role will diminish as competitors continue to offer innovative financial services that connected customers demand. Some banks have gotten the message. According to PWC’s 2015 Digital IQ Survey, financial services is among the top 10 industries investing in IoT innovations.

But throwing money at the problem won’t solve anything. The real challenge for financial institutions isn’t how much money they put towards IoT, but rather how they choose to invest it. Security has to be a major component. As more financial data becomes available on the IoT, the desirability of that data to cyber criminals will increase. But securing the rapidly expanding variety of endpoints and associated applications is no simple task. The IoT will create more information handoffs and more attack vectors and  hackers know it.

Here are six strategies financial service providers can utilize to capitalize on IoT opportunities in a cost-effective and secure manner:

Balance efforts on security as a value-add to new technologies and in-house innovation. Incumbent financial service providers can leverage their strengths to become stronger competitors, and security is one area where they have a clear advantage. Legacy assets, security infrastructure and access to existing services are all elements that start-ups and financial technology (FinTech) companies are lacking.

Banks can’t focus solely on working with third parties to play up their strengths; they need to find a balance. Financial pressures and restricted budgets make in-house innovation essential. By adopting parallel strategies – competing aggressively with FinTech companies on innovation, while simultaneously partnering with them as providers of security – banks can expand their revenue options, while also maximizing budgets.

Monitor connected devices and IoT services. IoT shines a bright spotlight on the relationships between connected devices, the applications they run, and the information that flows between them. Where the firewall was once the security perimeter; the proliferation of endpoints has now extended that barrier. It is crucial for the financial services industry to understand that security is no longer merely a threat-centric issue. Device infiltration and personal identity have become the security perimeters in the new digital age.

For example, large financial organizations are beginning to move away from the use of corporate devices, and transitioning to utilizing mobile devices through third parties. As they do, these new types of connected devices make it much harder for them to protect financial data. IT executives must now confront this reality and determine how their future enterprise security will be governed, managed, and operated.

Create a single framework for Identity and Access Management (IAM). Historically, the financial services industry has operated within a data-centric security framework. As a result, many banks today are not using process and application modeling tools to identify and accommodate various relationships between IoT entities, such as devices, services, and business applications. A shift in mindset is crucial for maintaining security. By the end of 2016, the IoT will drive device and user relationship requirements in 20% of all new identity and access management implementations, according to Gartner. By the end of 2017, that percentage will soar to 50%.

Today, it is crucial to focus on end user behaviors. If a consumer signs into their device from Bangkok and minutes later from Boston, capturing that intel using an IAM framework is crucial in catching attacks early. By re-architecting their approaches, banks can take full advantages of the added business value delivered by digital technologies.

Balance prevention with detection and response security technologies. Historically, 80% of security budgets were committed to preventative technologies. Rather than continuing to spend on preventative security products and services, financial services providers should prepare themselves for the IoT by focusing more on detection and response. They should be spending about 40% on prevention and 60% on detection and response technologies.

By striking the right balance between preventative security versus detection and response security technologies, banks can actually make security a value-add for customers.

Leverage digital communication tools to establish control and ownership of customer spending data. Financial services institutions possess enormous volumes of information, much of it involving financial trends, consumer transactions and spending habits. By combining this information with customer data from social media, mobile devices and other digital communication sources – with embedded security controls – institutions can gain insights that enable them to better influence consumer buying decisions, cement brand loyalty and provide indispensable services to their clients.

Consumers are already sharing more of this personal data with banks in exchange for tailored services, especially in retail banking products. The SEC, FINRA and other institutions in the UK, U.S. and Canada have made it easy for banks to leverage these benefits of digital communication safely by creating social media guidelines for data privacy and sharing across internal business units.

Prepare to innovate financial products through digitization and security. Many banks have already heard of or invested in startups like Blockstream, OpenBazaar or ZapChain. These organizations impact how existing financial products interact with end-consumers, making securities trading near-instantaneous, simplifying back-office processes and significantly decreasing banks’ operating costs. This also impacts security across payment integrity and the lack of central authority, which can be perceived as both a strength and a weakness.

For firms to secure their established market positions and capitalize on the lucrative opportunities in front of them, they must strategically revamp their IT security, data and privacy strategies in the context of the increasingly digital world. If they do so effectively and securely, they will maintain a competitive advantage over new market entrants and retain customer loyalty.

Mr. Kuchynski is a principal and global director at Cisco Security Solutions, a unit of San Jose, Calif.-based Cisco Systems, Inc. He can be reached at [email protected].