Henry Mason, Principal, Dawn Capital, the largest European VC focused on fintech and b2b tech, shares with FinTech Magazine how "hardsec" has the potential to transform the banking industry.
If you work in a bank, it’s a simple fact that you need to interact with risky things in order to get the job done. When combating financial crime, for instance, you might need to hunt down information about terrorists or human traffickers on shady parts of the internet. Or you have to open email attachments and download files that turn out to be laden with malware. These problems are particularly acute in banking: banks were early adopters of technology, but now their patchwork of ancient systems and software is both a hindrance to innovation and a security risk.
If being hooked up to the outside world is such a security risk, what can banks – for whom interconnectivity is so key to business – do about it?
One route is to pull the cable, disconnecting workers from the internet as much as possible, which has in fact been mandated in several countries by the local regulator. In reality, however, this is totally impractical given the amount of valuable data that comes from the web. How can you investigate that money laundering ring without access to the internet? Even worse, when banks turn off the internet, well-meaning knowledge workers, keen to stay productive, resort to unsecure workarounds, like using personal devices and 4G, opening up an even greater security and compliance risk for the bank.
More commonly, the current paradigm for any large institution is to take a layered approach to security strategy: build a series of walls, and expect that malware will get through the first few but hope that it won’t be able to defeat all of them. Similarly, at each layer you step up the efforts on detection, slowing things down and scrutinising them more thoroughly.
But the software/walls/detection approach is again problematic, particularly for banks. It becomes increasingly difficult for developers to patch legacy systems written in obsolete programming languages, and modern software is littered with bugs and vulnerabilities waiting to be exploited. But here is the crux of the issue: building firewalls from the same materials that attackers use – software – is building a house on sand. Software is not the solution in cybersecurity, it is the problem. We need to remove it from the equation altogether. This is where “hardsec” comes in.
Hardsec reinvents security by returning to the bare bones of computing: it utilises hardware to fight threats. Let’s take the example of Garrison, one of my portfolio companies, which counts several global banks as customers. The team chose an unlikely candidate for transforming cybersecurity: Field Programmable Gate Array (FPGA) chips. The revelation they had is that these 34-year-old IT stalwarts could be repurposed to offer a hardware solution to a software problem.
Here’s how it works. FPGA chips can only be programmed using specific physical pins and attackers are thwarted because they cannot physically transmit data to the pins. And because hardsec controls are comparatively simplistic and narrow they are in effect “too dumb to hack.”
For banks, this kind of technology is a gamechanger. Hardsec does not just offer a secure way for employees to use the web, it can also enable institutions to host and protect customer data in the cloud, using that same buffer system. It means they can have customers interacting with a website but not have to worry about exposing their vulnerable software to attack – the threat is neutralised before it even enters the software architecture.
Suddenly, knowledge workers no longer have to do their job and be security experts. They can simply crack on with the former. For one major European high street bank, Garrison’s technology, initially trialled across one team, is well on its way to becoming the standard for the entire organisation. All employees will be accessing a cleansed copy of the internet, making them safer than they’ve ever been before – and without compromising their experience.
As a consumer, this paradigm shift will alter something we’ve all come to take as gospel: that the neobanks will overtake, if not destroy, incumbents. Hardsec is already enabling financial services’ biggest players to innovate as fast as challenger banks, improving their offering while retaining their huge customer bases. Expect this to accelerate. This is not the era where big banking dies; it is the era where big banking gets better.
For more information on all topics for FinTech, please take a look at the latest edition of FinTech magazine.