AiThority Interview with Nick Caley, VP of Financial Services and Regulatory at ForgeRock
Know My Company
How do you interact with smart technologies like advanced Cloud-based Identity Management and IT Networking platforms?
I’ve been advising large enterprise on data protection and the specifics of information security for the last 20 years, so I’ve witnessed the rise of platforms that harness the power of cloud delivery models. The sheer volume of interactions across varied environments that process sensitive data is an ongoing challenge that is absolutely critical for businesses to address.
How did you start in this space? What galvanized you to start at ForgeRock?
I made my start when the internet became a viable commercial proposition to improve connectivity for enterprises, and it quickly became apparent that securing the corporate network would be an interesting path to take. I’ve been involved with all major aspects of computer security, web, email, network, and data – all with a focus on access control and data protection.
My interest in working at ForgeRock was driven by my focus on technology that enables an enterprise to bridge the twin requirements of increased productivity and rock-solid security. For too long, there was a trade-off being made between security and ease of use, which the global brands working with ForgeRock had clearly addressed in their digital transformation programs.
What is ForgeRock and how does it transform Digital Identity Management for businesses?
ForgeRock is a Digital Identity Management company. Our Identity Platform secures digital identities for people, services and things. The ForgeRock Identity Platform enables employees of the global brands we work with to be more productive and allows customers to have a better digital experience.
Much of today’s identity and access management has been built piecemeal through acquisitions and adding parts as needs arise, which in 2019 means enterprises struggle to respond to the multitude of users, circumstances, devices, access points, and access privileges that dominate our online activities.
Engagement of customers and employees at the right time, on whatever device, app or service they happen to use is a critical demand for the modern enterprise to get right. ForgeRock helps our customers make a strong relationship between people and devices laptops, mobiles, tablets, cars, wearables all using new mobile and web apps connected to a single security platform that works all the time, everywhere, on-premises or in the cloud. Our ForgeRock Identity Platform is designed with this new reality in mind.
Which industries would benefit from accessing your Products and Solutions?
At ForgeRock, we’re answering the demand for digital transformation across every vertical sector. Whether it’s a global bank addressing the requirements of multiple jurisdictions or an international mobile operator looking to maximize the commercial opportunity of 5G networks, our team is helping organizations of scale modernize their capabilities for managing identity and access safely and easily across millions of users.
What impact did GDPR have on your business?
As a platform built from the ground up to deliver privacy by design and by default, it’s been paramount for ForgeRock as a business to embed the principles and practices of the new data protection law. Any impact of being compliant with a new law such as GDPR, be that resources, time and money, is seen as an investment in supporting our customers as we all adjust to a new operating environment for data privacy.
What are the lessons learned from GDPR over the past year?
The scope of the GDPR has presented challenges and new ways of working, however, ForgeRock recognized early on that to be a trusted advisor on how our Identity Platform can protect the personal data being managed by our customers, we needed to ensure our own program embraced the best practices. The most important lesson learned has been in raising awareness that all our staff has a responsibility to identify any of our operations that touch personal data which may have required improvements in the process. We’ve delivered extensive training companywide and found that involving colleagues in our program as Privacy Champions is a great way to deliver advice amongst our teams day today.
What other data privacy laws should all IT professionals and data analysts be aware of?
The frequency of data breaches that involve millions of high-value credentials for citizens and consumers means that governments around the world are stepping up their regulatory response to deliver increased privacy protection. Whether it’s the Consumer Data Right in Australia, CCPA in California or PIPEDA in Canada, all companies need their IT teams to address such privacy requirements as early as possible. Identifying compliance demands is essential for the business to recognize potential commercial opportunities that could result from offering customers increased transparency and control of personal data. Across Europe, the next significant piece of privacy legislation that’s currently in development is ePrivacy, which affects all methods of online communication including the Internet of Things so that personal data and the metadata that goes along with it have specific protection. Certainly, one to watch out for in 2020.
What is the state of AI for Fintech and Security in 2019? How much has it evolved since the time you first started here?
The increasing use of AI and ML is obvious amongst Financial Services and certainly, Security teams are taking full advantage of the benefits that faster and deeper analytics bring to defending their assets.
Amongst the thousands of Fintech propositions, I see key areas of Financial Services where AI and ML are showing signs of real promise credit scoring, risk analysis, quantitative trading, personalized banking, and process automation are all in the zone of development and adoption based on the economies of scale that can be harnessed through massive processing power.
It’s widely recognized that there is a significant skills gap in security and I believe it may be filled by the growing deployment of AI and ML amongst cybersecurity and fraud prevention solutions. The ability of complex algorithms to analyze vast numbers of interactions in real-time and identify unique patterns of malicious activity is undoubtedly delivering improved levels of risk mitigation and prevention.
Back in 2011, I was directly involved in one of the first deployments of Machine Learning for data protection focused on the demands of protecting personal information in an online application portal at a large Insurance company. It was remarkable at that point to see the benefit in the increasing accuracy of detection as the system learned the specifics of that huge dataset. During the last eight years, the evolution of Machine Learning, and the approach of AI is fascinating to be involved with, especially as it relates to digital identities.
Beyond typical user name and password and going further than biometrics, we have real-time, contextual behaviors and mapping of relationships with trusted devices that are being used for payments, fund transfers, trades and the use of AI to deliver greater personalization. Adapting to unusual patterns of behavior will enable a quicker, more seamless experience of financial services.
Tell us more about your vision into growing Edge-driven revenue opportunities in Access Management.
IoT ecosystems influence our everyday life whether we are aware of it or not, and ultimately this will have a direct impact on our safety and efficiency. Security and trust have become a major concern as the number of connected devices grows, especially as they’re doing more on our behalf in areas such as financial services and healthcare.
For Industry 4.0, in a cyber-physical world where operational technology and information technology are completely integrated, real-time decisions need to take place based on trusted data, from trusted devices. All entities within the chain of trust from edge-to-cloud, need to be trusted in order to build an autonomous IoT solution. It also needs to operate without any human intervention from a single, fully-integrated security platform to provide trust end-to-end. ForgeRock’s investment in Edge security means we are delivering this capability into some interesting use cases for our customers and we are seeing continuing growth in requirements.
What is the biggest challenge to Digital Transformation in 2019? How does ForgeRock contribute to a successful digital transformation?
At ForgeRock, we have an intense focus on customer success with digital transformation as it’s a thrive or die scenario for enterprises with so many start-ups disrupting established markets. The biggest challenge we see for enterprises is how they can deliver greater personalization with homegrown or outdated legacy systems that are not managing the new demands of identity management effectively.
We help our customers deliver dynamic content by using context to drive personalization for downstream applications so that an individual user has more relevant and valuable experience of their services, whatever the channel of engagement. Digital signals like the user’s device, location, and time can be leveraged in real-time to build dynamic web personalization content.
ForgeRock is a trusted partner for executing digital strategies because of our platform’s ability to present the business with a single identity record, synchronized across lines of business, and stored in silos throughout their hybrid customer data architecture. We do this with the scope to deliver lightning-quick performance on a massive scale.
The Crystal Gaze
What start-ups and labs are you keenly following?
There are so many interesting propositions being developed across the market, but my current ones to watch are Fintechs such as Klarna, Mint and the digital banking platform 10x – each disrupting the status quo with real innovation. In terms of labs, the ones that grab my attention have been set up by banks like BBVA, Santander, and the call out one currently is that of DBS – the DAX lab.
What technologies within your industry are you interested in?
It’s a long list that starts with behavioral biometrics, followed by Graph Analytics and AI/ML, then onto areas like API Aggregation. Otherwise, my interest is on security standards such as User-Managed Access (UMA) which shows massive potential for securing a fully enabled, peer-to-peer data sharing model with centralized control for an individual.
Thank you, Nick! That was fun and hope to see you back on AiThority soon.
With twenty years of experience covering all aspects of Information Security, Nick Caley has advised global clients in industry and government on security strategy and the operational
capabilities that enable organisations to protect their most valuable assets. Engagements over the last two decades have provided Nick with detailed knowledge of enterprise infrastructure and the protection of sensitive, high value data. As Enterprise has developed hybrid architectures and data driven business models, Nick has advised on how to enable digital transformation whilst reducing risks. With ForgeRock, Nick is responsible for Financial Services and Regulatory with a focus on guiding organisations to deliver successful outcomes beyond compliance with GDPR, PSD2 and Open Banking.
ForgeRock is the digital identity management company transforming the way organizations interact securely with customers, employees, devices, and things. Organizations adopt the ForgeRock Identity Platform as their digital identity system of record to monetize customer relationships, address stringent regulations for privacy and consent (GDPR, HIPAA, FCC privacy, etc.), and leverage the internet of things. ForgeRock serves hundreds of brands, including Morningstar, Vodafone, GEICO, Toyota, TomTom, and Pearson, as well as governments like Norway, Canada, and Belgium, securing billions of identities worldwide. ForgeRock has offices across Europe, the USA, and Asia