Open Finance — 5 Reasons to Consider Akamai
The increased use of smart devices, improved connectivity, and today’s hyper demanding customers are driving the need for digital transformation in the finance sector. Emerging technologies like open banking are creating new opportunities for both incumbent banks and fintechs.
Building on the conceptual framework of open banking, Open Finance stands out as a game changer in the sector’s digital transformation, thanks to innovations driven by the rise of fintech–bank collaborations, such as automated onboarding, smart budgeting, account aggregation, automated accounting, and credit risk assessment.
But before we address both its benefits and challenges, we need to understand what Open Finance is.
Open Finance, or an open financial system, is the possibility for customers of financial products and services to give permission to share their information among different institutions authorized in accordance with practices established by industry standards and central banks. In addition, the account transactions can be started from different platforms, and not only by the application or website of the bank, in a secure, fast, and convenient way. Fintechs are bringing new solutions and business models to simplify the banking industry and make it less bureaucratic, with various products and services through APIs, which other financial institutions and third parties can use to build new financial products and services.
One of the key components in the development of these APIs is open access, allowing developers to create new products and services. This concept of open APIs is the basis for Open Finance, which is the secure way to give providers access to financial information.
At first glance, the idea of having an open financial system and open APIs might not seem like something CISOs in the sector would favor. They might have concerns that this could lead to problems in terms of security and privacy, as the exposure of the applications (or rather of the APIs) may lead them to become a target for attacks that generate negative impact for the business and their customers.
Fintechs have been building and using APIs with more intensity, but according to McKinsey's 2019 Global API Banking Survey, 91% of the larger banks still primarily use internal APIs to reduce costs, increase operational efficiency, and security. The use of open APIs for these banks is already a reality, however, and evolutions are taking place as the regulatory phases of the Open Finance journey led by the central banks have begun.
Another challenge
APIs are a little like the gremlins in the famous 1984 movie of the same name. (As a reminder: When water touches these creatures they end up reproducing and multiplying rapidly.) This unstructured growth is what has been happening in many corporations during the transition to the open API world, possibly creating more problems for architects and security teams and forcing them to work hard to keep the development lifecycle of these APIs secure.
What are the 5 reasons for considering Akamai in Open Finance?
The power of the edge
The first reason to consider Akamai is the "muscle" known as the Akamai Intelligent Edge Platform. This platform is distributed across more than 4,100 PoPs in 136 countries and contains more than 360,000 servers distributed around the globe.
What are the benefits of this platform for Open Finance?
When a user makes a request for a banking service via an API, instead of going all the way to the origin it will first connect to the nearest edge server, making the exchange of information more performant because of network optimization. This increases the scalability of the API, minimizes friction between user requests to improve the end-user experience. On request, some functions of these services can be handled directly on the Akamai platform, increasing the performance even more.
Akamai offers the world's largest, most pervasive, and resilient platform, designed to optimize visibility, performance, availability, and most important, security for both the user and developer of open APIs.
The Akamai Intelligent Edge Platform also provides the highest flexibility for designing your open API architectures. With a simplified architecture and an integrated workflow, it provides great control to balance and route requests, manage access, and avoid overloading on a global scale.
In addition, the platform responds quickly to unexpected attacks that target APIs, protecting systems and applications from downtime or data theft by intelligently delivering and securing data. The platform will act as a conduit for communication between external partners and financial institutions.
Know your agent
The second very important reason for the operation of Open Finance solutions is related to the digital certificate required to secure the exchange of information between the agents involved. For this, the Akamai platform supports mutual TLS (mTLS), one of the Open Finance requirements defined by the central banks.
This Open Finance requirement aims to provide an open communication interface between external partners and financial institutions while maintaining confidentiality and integrity on both ends. These interfaces must establish secure messaging with each other, mitigating the risk of impacting the institution's production ecosystem with a cyberattack. Therefore, institutions need to implement advanced security controls.
To provide this required security, the Akamai Intelligent Edge Platform can act as a conduit between external partners and the financial institution, protecting the institution's APIs from unauthorized access.
When Akamai secures a financial institution's APIs, external partners connect to Akamai's edge servers to access the protected APIs. Before being allowed to send any data both the external partner and Akamai will present certificates signed by a designated trust provider for authentication and encryption. Only then will a connection be established.
At this point, the Akamai Intelligent Edge Platform may act in different ways, depending on the configurations agreed upon with the financial institution.
Option 1: Only Akamai validates the client’s certificate.
If the certificate is issued by a trust provider and it is not valid or is revoked, the connection may be interrupted. If the certificate is valid, the request will be processed with web application and API protection (WAAP). This service improves secure access by blocking malicious requests. After successful verification, the request is forwarded to the financial institution along with the customer's certificate. This enables the financial institution to check the required fields of the client’s certificate and establish the API connection.
Option 2: Akamai and the financial institution both validate the client’s certificate.
In the first interaction, Akamai will perform all the checks and protections as described in option 1 and then will forward the confirmed request along with the client’s certificate to the financial institution. The financial institution also validates the certificate before responding to the request and establishing the API connection.
Security
Akamai is the leading provider of WAAP security solutions for securing APIs and web applications, providing comprehensive protection against the most sophisticated API attacks, web application attacks, and distributed denial-of-service (DDoS) attacks. These security solutions are deployed on the Akamai Intelligent Edge Platform, which extends the financial institution's perimeter to automatically eliminate and block cyberattacks from as far away as possible.
Open Finance APIs can be protected via an application firewall with controls and rules designed by, and automatically updated by, Akamai's global threat research team. Real-time reporting and analytical tools are provided over a web-based management interface to support day-to-day operations, as well as offer a deeper threat analysis. Easy integration with already existing SIEM platforms can enable additional and broader security analyses and centralized tracking of events relevant to customers’ APIs.
Bots
The fourth reason is related to the management of bots, automated robots that access APIs connections. The two main aspects of bot management are:
Technology-related — Bots identified as coming from valid partners should be examined regarding resource consumption, as they can generate excessive consumption of API service, potentially destabilizing the environment or leaving it out of its normal course. To minimize these risks, it is very important to have management and monitoring capabilities that circumvent these situations and proactively protect the environment through a platform such as the Akamai Intelligent Edge Platform.
Business-related — Bots can cause vulnerability exploitation, fraud, credential abuse, and other threats that can impact the business areas that benefit from Open Finance. Current attacks are becoming increasingly sophisticated, and the exploitation of any vulnerabilities can bring risks to the business, in addition to serious damage to the image of the institution that suffers through this situation.
Through its Bot Manager solution, Akamai uses an algorithm of artificial intelligence and machine learning to help financial institutions detect and prevent automated and malicious activity targeting an application or service.. Akamai can distinguish and classify automated traffic generated by a bot versus traffic from legitimate clients. We are able to differentiate good bots from bad bots. Responses to these bots can be simple blocking, forwarding the request to alternative content, or modifying the information and responses, among other actions so that requests from external partners to financial institutions are allowed while another bad bot activity is managed and blocked.
Partnership
The fifth reason to consider Akamai is the global partnership we have with Microsoft. The Akamai solution strategies that support Open Finance are aligned and prepared to operate alongside Microsoft Azure solutions.
Microsoft, together with Akamai, has developed a reference architecture to support financial institutions and partners in their Open Finance journeys. Akamai products that support Open Finance can also be purchased through the Microsoft Azure MarketPlace: Microsoft Azure + Akamai.
Conclusion
In this post, I described important reasons to consider usingAkamai's products to help you develop new business opportunities using Open Finance. If you are leveraging Microsoft Azure for your Open Finance journey, the architecture developed with Microsoft will help you build an industry-leading, comprehensive solution. This architecture is being implemented, partially or fully, in some Brazilian banks today.
If you would like to learn more details on how Akamai can help you with Open Finance, contact us and we will be available to support you.
