CIO Influence
Featured Security

Cloudentity Predictions: Embedded Finance Will Revolutionize the Technology Industry in 2022

by Sudipto Ghosh
Cloudentity Predictions: Embedded Finance Will Revolutionize the Technology Industry in 2022

As part of our extensively planned interactions on the future of technology planning and executions around IT DevOps. Fintech and data management trends, we had an opportunity to interact with Cloudentity’s co-founder and Chief Strategy Officer, Nathanael Coffing.

Nathanael Coffing
Nathanael Coffing

What’s Cloudentity?

Cloudentity is a leader in providing a real-time self-healing embedded identity and security layer to Cloud-workloads by leveraging Identity and dynamic authorization to mitigate threats. You can call Cloudentity an IT automation platform for all your identity management and app authorization workflows.

Here’s a snapshot of our interaction with Nathanael.

Hi Nathanael, could you please tell us about your role and what plans you have at Cloudentity for 2022?

Nathanael: Currently, I am the Co-Founder and Chief Strategist of Cloudentity. I have extensively worked in the identity and access management space. I have worked closely with IAM products at Sun Microsystems, Oracle, and Imperva prior to founding Cloudentity. Over the years I have helped IT leaders across industries radically transform their operations by integrating disparate business systems into simple and scalable solutions.

Recommended:

ITechnology Interview with Fiona Campbell-Webster, Chief Privacy Officer at MediaMath

Cloudentity provides application and security teams, a better way to automate and control how information is shared over APIs.  From open banking to fraud prevention, we make it easier to deliver cloud-native applications and safer to extend your data to the customers, partners and services that drive your business.

Tell us about your plans for 2022. Which technology domain are you most keenly following and why?

Nathanael: Embedded Finance!

I think Embedded Finance will revolutionize the technology industry in 2022.

Over the last six months, embedded finance has rapidly become the hottest topic in financial services and the tech industry. Embedded finance provides the “why” building off of the “how” capabilities of Open Banking. Companies that aren’t financial service providers use embedded finance application programming interfaces (APIs) to offer financial tools or services, such as lending or payment processing. It’s designed to streamline financial processes for consumers, making it easier for them to access the services they need when they need them. For example, embedded lending lets someone apply for and get a loan right at the point of purchase, as we’ve seen with Klarna and AfterPay. Both companies partner with retailers to let consumers split an online purchase into several smaller monthly payments.
Given its potential to create new lines of business and efficiencies for customers and businesses alike, many leading financial services and tech companies are implementing major embedded finance initiatives. Google Pay, for instance, has already made large investments to drive its embedded finance capabilities. For these reasons, there will be massive growth in embedded finance in the coming year.
What should companies do to comply with online data management guidelines?

Nathanael: Strict regulations are a key to driving consumer privacy protection in 2022.

Consumers today are calling for more control over their online data and how it’s being used by companies. While government regulators enforcing privacy laws such as GDPR, CCPA and CPRA are a step in the right direction, more needs to be done to protect consumers’ privacy and this needs to start at registration and continue through API-based data sharing. Every website or app should display an icon (similar to SSL) as soon as a user opens the page that rates the certifications the company is meeting to protect their customers’ data. These must be written in a way that is easy for consumers to understand as well – no hiding behind confusing legal jargon. Then, organizations will have no choice but to be transparent with how they are harvesting, using and sharing their users’ data. The icon must provide consumers the ability to control their privacy settings on an attribute level, control their sharing of that attribute and delete their data after they are done with the website/app, so the user remains in control of their personal information at all times.

What are your thoughts for tokenization?

Nathanael:  Tokenization has become a key method for businesses to bolster the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations. Moving this same per transaction security capability to Personal Identifiable Information (PII) can drastically reduce an organization’s attack surface. Today, most organizations continue the perimeter-based security for their distributed applications passing enriched over-privileged JSON Web Tokens (JWT) to any service that requests them. However, with the rise of third-party developers and B2B2C business models, cyber attackers only have to find the weakest link to start compromising millions of PII records.

A notable example of this occurred last year when cyber criminals registered a malicious app with an OAuth 2.0 provider, which generated tokens for authorization. If the user accepted and used the token, the attacker could gain access to their mail, forwarding rules, files, contacts, notes, profile, and other sensitive data and resources. In 2022, we will start to see tokenization and very short expiration times for tokens to prevent these types of attacks.

How do you see the role of Automation in IT and Operations evolving further?

Nathanael: In the next year and beyond, the number of API attacks will continue to rise as APIs usage continues to increase exponentially. This is because each API and developer is another potential point of entry for cyberattacks. The State of 2021 API Security, Privacy and Governance Report revealed that in the last year, at least 44% of enterprises have experienced substantial issues concerning privacy, data leakage and object property exposure with internal or external-facing APIs. As a result of these issues, 97% of enterprises experienced delays in releasing new applications and service enhancements due to identity and authorization issues with APIs and services.
To mitigate this looming threat, IT and security teams must do a better job of protecting the enterprise by ensuring APIs are discovered and the right security guardrails are in place for every API. Given the rapid propagation of APIs, automation becomes the defining requirement for building the principle of least privilege and zero trust into your APIs. This starts by adding machine identity, workload identity and correlating them with the requestor user identities to allow mutual authentication. Once every entity in a transaction is authenticated, declarative authorization becomes the next logical step in providing developers the tools they need to adhere to security requirements. It’s impossible to implement proper security measures for every single identity with manual coding, especially when machine and API transactions are so rapid and temporal.
Thank you so much Nathanael for chatting with us! We look forward to meeting again.

[To share your insights with us, please write to sghosh@martechseries.com]

Sudipto Ghosh is a former Director of Content at iTech Series.

Related posts

Payments Innovation Alliance Releases Tabletop Exercise to Help SMB Prepare for Cyberattacks

Business Wire

SailPoint Launches Managed Service Provider Program for Global Partners

GlobeNewswire

Securiti Named a 2022 Cool Vendor in Data Security by Gartner

CIO Influence News Desk

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.