by Vincent Kobel, VP Cyber Security at METACO
Cryptocurrency has been one of the best performing assets in 2020 and now represents a market worth over $550bn. In addition, the world is moving towards Central Bank Digital Currencies (CBDCs) – digital Yuans and Euros – faster than anyone could have conceived. However, financial institutions aren’t yet ready for these new realities – at least not with their current digital asset management setups.
It’s not that banks don’t want to enter the digital assets space faster. They’ve been contemplating the opportunity for years. However, it’s difficult for them to pierce through the dense technical complexity associated with this environment. After all, they aren’t technology companies – and they shouldn’t need to be. What’s more, mining and wallet service compromises keep them rightfully concerned about volatility and security issues.
Before financial organizations can commit to making digital assets a core part of their business, they need to be sure they can secure them – robustly and at scale.
Adopting and working with digital assets has intricate, deep implications for heavily regulated organizations. Their sophisticated processes and layers of complexity compel them to retain full control over security frameworks, their implementation, and ramifications. That’s why products which evolved from retail solutions – that often carry centralized points of failure – simply don’t cut it.
Banks need asset management security they can control, deploy, and manage on their terms, according to their context. And they need to be able to scale it as they need.
“Is it even possible?”, you may ask yourself.
It absolutely is. At METACO, we’re building security-critical infrastructure to propel traditional finance into a new era. Here’s how.
This is not an evolution. It’s a new territory with new risks.
There’s a pitfall delaying banks from becoming key actors in the digital asset ecosystem. It lies in treating this space as an evolution of the overlap between financials and technology.
But the truth is digital assets are not an evolution. They are an entirely new type of asset.
For example, the standard multi-approval process banks are accustomed to doesn’t work in this paradigm. To work and scale, security needs to be sequential and fit for the specific risks that digital assets introduce. Let’s explore what that involves.
Beware of irreversible consequences
If, for instance, a cybercriminal gains access to an organization’s cryptographic (private) keys, they can control them and steal the asset. Once it’s in the wild, there’s no way of getting that asset back. You can’t undo the action like banks can when they reverse erroneous payments.
When a risk associated with digital assets materializes, the consequences are irreversible. Because ownership is based on private key management, that is the most important risk to monitor, manage, and reduce.
We know it’s difficult to keep up with what’s going on in this area. It takes too much bandwidth to figure out what truly matters because the digital assets space moves very fast. That’s why we do it for you because this is our specialty – all day, every day.
The opportunity to become digital asset custodians
Digital assets are changing the ownership chain.
In the past, (physical) bearer assets implied that the holder was also the owner, even though no ownership information was recorded. As dematerialized assets started to play a more extensive role in the financial world, ownership became centralized, with a ledger entry guaranteeing ownership.
Now, whoever owns the private keys of a digital asset controls and owns it, without having to rely on a central party to facilitate that or ensure security. Key holders become the custodian of their own (intangible) assets.
However, this leads to a fragmentation of risks that opens up a new and critical role for financial institutions. Individuals having to secure their own assets creates a pain point that financial institutions are ideally placed to resolve given their long history of safeguarding customer assets – and regulators would also like them to move into this space. This is therefore an essential opportunity to build resilience and a strong foundation for future growth. But they shouldn’t go it alone.
Buying, not building, your digital asset management solution
Security challenges are coming towards banks faster and faster, more frequently, and in much more varied forms. It’s no wonder that 70% of US chartered banks identified this as the largest risk to their business. After all, the 2017 Equifax data breach is still a fresh and painful memory which other attacks and breaches regularly refresh.
Therefore, as financial institutions contemplate the implications of providing safe custody for digital assets which, as already mentioned, are an entirely new asset class requiring an entirely new approach to overcome entirely new threats – they are much better off partnering with an expert provider than to trying to build this technology and expertise themselves.
Working with specialists to architect this secure foundation lets banks benefit from their massive R&D investments and deep expertise. Additionally, they don’t have to worry about attracting and retaining technical talent which sometimes leaves the organization in pursuit of their own start-up.
The elements that underpin tailored security at scale in digital asset management
To build a secure and highly scalable digital asset management infrastructure, you need to intimately know how a bank operates. This includes the prerequisite that controls go well beyond securing endpoints and the perimeter.
To reap the growth opportunities in the fast-paced digital asset space, financial institutions need a dynamic programmable policy engine to implement their workflows. The goal is to make all the processes secure from start to finish. This encompasses signing keys, tokenization, smart contracts, access rights, permissions, user groups, and workflows.
Digital asset security must cover the bank’s entire technology stack with a uniform, flexible framework.
To achieve this, financial organizations need sequential workflows based on user groups that can change according to a myriad of rules, from asset class to transaction size and beyond.
We deeply understand these challenges and provide the unified solution for all protocols that financial institutions need to integrate these decentralized digital assets into their core infrastructure.
Two essential factors must combine to ensure this solution works across the board and scales to meet regulatory requirements.
One of the core conditions for tailored, scalable security is to apply the zero trust principles. In this threat model, everyone is considered a threat. All users outside and inside the organization have to be authenticated and authorized. They must continuously validate their identities against strict access controls to applications and data.
This eliminates centralized points of failure and enables banks to address the entire growing roster of threat vectors lurking in the public space, the permissioned space, or their sub-sectors.
Zero trust protects digital assets according to the highest threat threshold at all times. What’s more, we reinforce this principle by constantly tracking emerging developments in crypto-asset security and feeding them into this security posture. This enables us to maintain our technical and operational agility while also embracing innovations and developments – and help our customers do the same.
The second factor that underpins bespoke security has to do with the way financial organizations operate. There’s no one-size-fits-all solution for them. That’s why we choose to remain agnostic so our customers retain full control over how they deploy our solutions.
Tailored security means they don’t have to choose between hardware-based and software-driven solutions because our digital asset management system accommodates any combination they need. Because we designed it for versatility, our wallet management system supports hot, warm, and cold (air-gapped) configurations. It combines them with fine-grained approval workflows for a wide range of distributed ledger technologies and cryptocurrencies.
To provide all of this, we work with top-tier global partners and ensure banks can deploy both hardware-based security which they’re deeply familiar with – and cloud-based custody in virtual environments with equally powerful safeguards.
No matter where and how METACO customers choose to implement our digital asset management system, they get the same reliable security, flexibility, and resilience.
This highly secure, multi-tiered infrastructure for self-custody and tokenization enables financial institutions to scale their security to everything they do in the digital assets space.
As both financial organizations and digital assets evolve, new growth opportunities emerge. Banks might want to integrate and consume services from 3rd party providers, such as chain forensics. We provide this capability as well, making it easy to incorporate them into configurable and compliant workflows. The tight integration of software services and hardware security enables this and a lot more.
The bank-controlled framework that works across the digital asset management stack
We’re as engineering-led as we are focused on business growth. We leveraged our deep knowledge of how banks operate to build a security framework fit to capture the opportunity that digital assets provide as they’re coming of age.
Whether setting up an individual or a microservice or building groups and workflows, we enable a key holder to create any sort of secure framework they want – across transactions and user setups.
This type of flexibility is instrumental for large, complex organizations that want to successfully and productively operate in the digital asset space.
Minimizing risks across decentralized digital assets has a powerful compound effect. It also enables the essential balance between security and usability that keeps organizations productive and thriving. What’s more, the customer is always in control, making decisions that benefit the business and its end users.
From keeping the foundations for tokenizing finance (smart contracts) secure to every other element involved in managing a digital asset, banks get a universal framework they can apply to their entire digital stack, scaling it as it expands and connects to ecosystem partners.
What’s even more exciting is that we’ll soon be making our enterprise grade digital asset management system available as SaaS to companies who don’t have as many operational resources to engage in this sphere. This means it will be even easier for them to leverage our R&D and our technology, which incorporates changes in blockchains, new protocols, new tokenization standards, and new forms of cryptography. All without managing that tech stack and retaining control of their keys.
With tailored security, organizations get to design how they want to manage it without having to deal with all the complexity. This is what we envision for the near future. For those ready to start building, there’s a $550bn opportunity to seize now and plenty more to come.