David and Ian discuss the challenges and opportunities that come with managing customer identity management at HSBC, one of the largest banking and financial services organisations in the world. With over 37 million customers spread across 37 different markets, digital identity has become a strategic initiative for HSBC in order to modernise infrastructure and build stronger relationships with their customers.
This session covers HSBC’s path to consolidating on a single digital identity solution, as well as a few of the reasons why they chose ForgeRock including standards support, biometrics, and API security.
Identity Live London 2017 | David Knott & Ian Sorbello
1. HSBC CUSTOMER IDENTITY MANAGEMENT
DEMOCRATISED AND COMMODITISED
Dr. David Knott, Chief Architect
2. HSBC (Hong Kong & Shanghai Banking Corporation)
– the world’s largest international bank –
4,500
Branches
37,000,000
Customers
$2.375tn
Total Assets
$47.9bn
Reported Revenue
70 countries &
territories
Present in
45%
of clients have
international presence
340,000
PCs & Laptops
85,000
Personal Devices
290,000
Staff Users
255,000
Corporate Customers
915,000
Corporate Users
90,000
Servers
93PB
of Data
4. 4
PUBLIC
Overview
• HSBC Global – geography and markets
• One Strategy – global rollout, different needs
• Access Management
• Designed for variance
• Biometry
• APIs
• Identity Management
• Your organisation’s developers are your customers
5. 5
PUBLIC
HSBC Global – Retail and Wealth
• 37 markets across 70
countries
• 37M customers
• 3 geographic IT points of presence (NA, EU, AP) –many localised sub
PoPs covering geopolitical and regulatory boundaries
• One solution, globally.
• Deploy to PROD, which PROD?
6. 6
PUBLIC
Access Management
• Maturation of security standards - OIDC / OAuth2 / UMA / SSO
• Strong desire to USE these
• Zero desire to CODE these
• Subsume underlying identity
repositories
• Using ForgeRock Access Management
and ForgeRock Identity Management
• Security commoditised
ForgeRock Access
Management
IDP
RETAIL COMMERCIAL PRIVATE
7. 7
PUBLIC
Access Management
Market 2 Market 3
PoP
ForgeRock Access
Management
Instance 2
App Y
ForgeRock Access
Management
Instance 1
Market 1
App X
Journey A Journey B
GEOPOLICTICAL AND
BUSINESS LINE
INSTANCING
Piloting – A/B
• Extreme multiplicity requires variation to be at the heart of the
solution… Security democratised
LOGICAL /
REALMS
GEOGRAPHIC
INSTANCING
8. 8
PUBLIC
Access Management - Biometry
• Biometrics – growing in capability and usefulness
• Build biometrics on top of a solid foundation
• They are just new credentials (inherence factor)
• Assume rapid change in this space
• Build to pivot – add or jettison is a steady state
ForgeRock Access
Management
ForgeRock Access
Management
Knowledge
ForgeRock Access
Management Possession
ForgeRock Access
Management
Inherence Broker
Biometric 2
Biometric 1
9. 9
PUBLIC
Banking APIs
• A polarised conversation: Should banks enable “programmatic” access?
• In the UK this decision was made for us: YOU MUST
• CMA OpenBanking initiative, authenticated journeys Q1 2018
• HSBC ready and primed for OIDC and OAuth to publish carefully
curated APIs / Services
• Because we use ForgeRock Access Management and this is what
ForgeRock Access Management does…
10. 10
PUBLIC
Identity Management
• HSBC has identity data on clients globally
• Immediately, this helps the
digital bank (internal)
• Further, capacity to participate in
identity data markets
ForgeRock Access
Management
Customer Data
Customer Data
ForgeRock Access
Management
IDENTITY
as a SERVICE
Internal
Systems
Internal
Systems
Internal
Systems
11. 11
PUBLIC
Look After Your Developers
• Developers love to build, but they
need permission:
• To innovate, to challenge, to
execute (securely)
• They need a way forward: via
security platforms, patterns and
architectural guardrails
• Publish usable security capabilities to your organisation.
(hint: ForgeRock). Your Devs will take care of your clients.
12. 12
PUBLIC
Thank you …
Ian Sorbello
Head of Product Technology - Security | HSBC Digital Solutions (HDS)
HSBC Operations, Services and Technology (HOST) | HSBC Holdings plc
Level 7, 110 Southwark St, London SE1 0SU, United Kingdom
E-mail: ian.sorbello@hsbc.com
Website: www.hsbc.com
13. 13
PUBLIC
Thank you …
Ian Sorbello
Head of Product Technology - Security | HSBC Digital Solutions (HDS)
HSBC Operations, Services and Technology (HOST) | HSBC Holdings plc
Level 7, 110 Southwark St, London SE1 0SU, United Kingdom
E-mail: ian.sorbello@hsbc.com
Website: www.hsbc.com