Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Identity Live Sydney 2017 - Ian Sorbello


Published on

Ian will discuss the challenges and opportunities that come with managing customer identity management at HSBC, one of the largest banking and financial services organisations in the world. With over 37 million customers spread across 37 different markets, digital identity has become a strategic initiative for HSBC in order to modernise infrastructure and build stronger relationships with their customers. Ian will cover HSBC's path to consolidating on a single digital identity solution, as well as a few of the reasons why they chose ForgeRock including standards support, biometrics and API security.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Identity Live Sydney 2017 - Ian Sorbello

  1. 1. Customer Identity Management Democratised and Commoditised PUBLIC August 2017 Ian Sorbello - Head of Product Technology (Security)
  2. 2. 2 PUBLIC Overview • HSBC Global – geography and markets • One Strategy – global rollout, different needs • Access Management • Designed for variance • Biometry • APIs • Identity Management • Your organisation’s developers are your customers
  3. 3. 3 HSBC Global – Retail and Wealth • 37 markets across 70 countries • 37M customers • 3 geographic IT points of presence (NA, EU, AP) –many localised sub PoPs covering geopolitical and regulatory boundaries • One solution, globally. • Deploy to PROD, which PROD? PUBLIC
  4. 4. 4 Access Management • Maturation of security standards - OIDC / OAuth2 / UMA / SSO • Strong desire to USE these • Zero desire to CODE these • Subsume underlying identity repositories • Using ForgeRock Access Management and ForgeRock Identity Management • Security commoditised ForgeRock Access Management IDP RETAIL COMMERCIAL PRIVATE PUBLIC
  5. 5. 5 Access Management Market 2 Market 3 PoP ForgeRock Access Management Instance 2 App Y ForgeRock Access Management Instance 1 Market 1 App X Journey A Journey B GEOPOLICTICAL AND BUSINESS LINE INSTANCING Piloting – A/B • Extreme multiplicity requires variation to be at the heart of the solution… Security democratised LOGICAL / REALMS GEOGRAPHIC INSTANCING PUBLIC
  6. 6. 6 Access Management - Biometry • Biometrics – growing in capability and usefulness • Build biometrics on top of a solid foundation • They are just new credentials (inherence factor) • Assume rapid change in this space • Build to pivot – add or jettison is a steady state ForgeRock Access Management ForgeRock Access Management Knowledge ForgeRock Access Management Possession ForgeRock Access Management Inherence Broker Biometric 2 Biometric 1 PUBLIC
  7. 7. 7 Banking APIs • A polarised conversation: Should banks enable “programmatic” access? • In the UK this decision was made for us: YOU MUST • CMA OpenBanking initiative, authenticated journeys Q1 2018 • HSBC ready and primed for OIDC and OAuth to publish carefully curated APIs / Services • Because we use ForgeRock Access Management and this is what ForgeRock Access Management does… PUBLIC
  8. 8. 8 Identity Management • HSBC has identity data on clients globally • Immediately, this helps the digital bank (internal) • Further, capacity to participate in identity data markets ForgeRock Access Management Customer Data Customer Data ForgeRock Identity Management IDENTITY as a SERVICE Internal Systems Internal Systems Internal Systems PUBLIC
  9. 9. 9 Look After Your Developers • Developers love to build, but they need permission: • To innovate, to challenge, to execute (securely) • They need a way forward: via security platforms, patterns and architectural guardrails • Publish usable security capabilities to your organisation. (hint: ForgeRock). Your Devs will take care of your clients. PUBLIC
  10. 10. 10 Thank you … Ian Sorbello Head of Product Technology - Security | HSBC Digital Solutions (HDS) HSBC Operations, Services and Technology (HOST) | HSBC Holdings plc Level 7, 110 Southwark St, London SE1 0SU, United Kingdom E-mail: Website: PUBLIC