Chase CISO condemns the security of the industry’s SaaS offerings

A Chase employee, who asked to not be identified by name, tried to put that last line into context.

“There is no threat of boycott, [but] simply a commentary on integration models that don’t adequately address risks, and our decisions not to support them,” the Chase official said. “To achieve this, we’d like to build on the working groups in the IAM space, collaboratively with hyperscalers, financial institutions, and software companies that can enable the change and see solutions that provide continuous validation and transparency of supplier controls.”

The official explained that the Chase CISO’s team is “looking for the software industry to recognize the criticality of these risks today and collectively work together on a number of fronts [including] establishing and scaling standards, architectural patterns, and solutions to richer authorization decisions, providing transparency in the suppliers’ use of privileged access, especially when it results in access to our systems or data, and using technologies that de-risk the supplier in custody of our data, for example, [by offering] confidential compute, or bring your own cloud.”