Alison Deighton, head of data protection and privacy at TLT, interviews Jason Hart, CTO at Gemalto and a speaker at our inaugural Open Banking conference
Open Banking is a live situation that’s unfolding before our eyes, but one presentation at our Open Banking conference in February was more concerned with the future in relation to a world of ever more open data – and just how organisations can plan for it.
Jason Hart, chief technical officer of digital security outfit Gemalto, said his concern today is how the risks that arise from a data economy are liable to become harder to control – and particularly as developments like quantum computing become mainstream.
Quantum computing is a more powerful set-up to conventional computing. It replaces binary bits with any-condition qubits to store an enormous amount of information using a lot less energy than a classical computer.
“Quantum is perhaps six years away from having implications for our data security, but it certainly poses a more-than-theoretical threat to our the ability to encrypt safely,” said Hart.
“Vulnerability to quantum attacks will become a live issue at some point, and in that context Open Banking and the APIs it opens up look like a boon to hackers unless the issue is thought through.”
Hart made clear he wasn’t trying to scaremonger, but wanted to explore and explain how the attack surface is growing via Open Banking and other shifts.
“There are so many ways to attack data, and machine learning and artificial intelligence accelerate this," he said. "But it’s still also true that people – their fallibility and how they are organised – are the primary issue when it comes to data security.”
Hart said that in the new data landscape, and in light of Open Banking and more, organisations need to become situationally aware about their data – yet only two per cent are now.
“Most are situationally ignorant or arrogant today," he continued. "This is a growing risk to data privacy and protection. Organisations need to cover off data location, user needs, data types, different environments and people. It’s a large piece of work for most, but what is the risk from not acting in a world where even encryption may soon not be a safeguard?”
His message was overall a positive one, especially for companies that aren’t afraid to face things head-on. “For organisations involved in Open Banking, it is still true that we have the tools we need to solve the problem," he assured. "In a competitive and relative world, companies need to be thorough and consultative. Do the basics well and you will still be way ahead of most others.”
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at May 2018. Specific advice should be sought for specific cases. For more information see our terms & conditions.
On 12 October 2018, the FCA published a Guidance Consultation (GC 18/4) on the Senior Managers and Certification Regime on statements of responsibilities (SoRs) and responsibilities maps (which apply to enhanced firms).