2. 2
PUBLIC
Overview
⢠HSBC Global â geography and markets
⢠One Strategy â global rollout, different needs
⢠Access Management
⢠Designed for variance
⢠Biometry
⢠APIs
⢠Identity Management
⢠Your organisationâs developers are your customers
3. 3
PUBLIC
HSBC Global â Retail and Wealth
⢠37 markets across 70
countries
⢠37M customers
⢠3 geographic IT points of presence (NA, EU, AP) âmany localised sub
PoPs covering geopolitical and regulatory boundaries
⢠One solution, globally.
⢠Deploy to PROD, which PROD?
4. 4
PUBLIC
Access Management
⢠Maturation of security standards - OIDC / OAuth2 / UMA / SSO
⢠Strong desire to USE these
⢠Zero desire to CODE these
⢠Subsume underlying identity
repositories
⢠Using ForgeRock Access Management
and ForgeRock Identity Management
⢠Security commoditised
ForgeRock Access
Management
IDP
RETAIL COMMERCIAL PRIVATE
5. 5
PUBLIC
Access Management
Market 2 Market 3
PoP
ForgeRock Access
Management
Instance 2
App Y
ForgeRock Access
Management
Instance 1
Market 1
App X
Journey A Journey B
GEOPOLICTICAL AND
BUSINESS LINE
INSTANCING
Piloting â A/B
⢠Extreme multiplicity requires variation to be at the heart of the
solution⌠Security democratised
LOGICAL /
REALMS
GEOGRAPHIC
INSTANCING
6. 6
PUBLIC
Access Management - Biometry
⢠Biometrics â growing in capability and usefulness
⢠Build biometrics on top of a solid foundation
⢠They are just new credentials (inherence factor)
⢠Assume rapid change in this space
⢠Build to pivot â add or jettison is a steady state
ForgeRock Access
Management
ForgeRock Access
Management
Knowledge
ForgeRock Access
Management Possession
ForgeRock Access
Management
Inherence Broker
Biometric 2
Biometric 1
7. 7
PUBLIC
Banking APIs
⢠A polarised conversation: Should banks enable âprogrammaticâ access?
⢠In the UK this decision was made for us: YOU MUST
⢠CMA OpenBanking initiative, authenticated journeys Q1 2018
⢠HSBC ready and primed for OIDC and OAuth to publish carefully
curated APIs / Services
⢠Because we use ForgeRock Access Management and this is what
ForgeRock Access Management doesâŚ
8. 8
PUBLIC
Identity Management
⢠HSBC has identity data on clients globally
⢠Immediately, this helps the
digital bank (internal)
⢠Further, capacity to participate in
identity data markets
ForgeRock Access
Management
Customer Data
Customer Data
ForgeRock Access
Management
IDENTITY
as a SERVICE
Internal
Systems
Internal
Systems
Internal
Systems
9. 9
PUBLIC
Look After Your Developers
⢠Developers love to build, but they
need permission:
⢠To innovate, to challenge, to
execute (securely)
⢠They need a way forward: via
security platforms, patterns and
architectural guardrails
⢠Publish usable security capabilities to your organisation.
(hint: ForgeRock). Your Devs will take care of your clients.
10. 10
PUBLIC
Thank you âŚ
Ian Sorbello
Head of Product Technology - Security | HSBC Digital Solutions (HDS)
HSBC Operations, Services and Technology (HOST) | HSBC Holdings plc
Level 7, 110 Southwark St, London SE1 0SU, United Kingdom
E-mail: ian.sorbello@hsbc.com
Website: www.hsbc.com