Security Implications of Using AI & ML for Banking InnovationsHDFC Bank CISO Sameer Ratolikar Emphasizes Security-By-Design Approach
When leveraging artificial intelligence and machine learning to drive banking innovations, it is essential to take a structured approach in implementing security-by-design for conducting proper risk assessment of the organizations and people involved, says Sameer Ratolikar, CISO, HDFC Bank.
Security-by-design is the first step in the business integration process to roll out any innovation, he says, such as banks using AI and ML tools to introduce chatbots, robots and other such technologies for easy banking.
"The security-by-design process enables CISO team to understand the risks involved in terms of people, process and technologies and the liabilities there .. as part of the business initiative," says Ratolikar, in an interview with Information Security Media Group during the DSCI BCP meet in Bengaluru.
"The use of AI and machine learning algorithms for business innovations increasingly thrives on huge data sets and it is important to make sure the data used is absolutely correct, with high integrity and quality, which becomes the foundation for cybersecurity," he says.
"We follow a three pillar formula as part of any new initiative that is being rolled out to a customer, which includes, protect, detect and respond," says Ratolikar. In addition, he says, "When the initiative is being rolled out to a customer, we take into account how are we protecting the customers' data, their applications and the access control mechanism as part of the risk assessment strategy."
In this interview, Ratolikar discusses the process involved in rolling out a business initiative with security as the key component.
He offers insights on:
- Understanding the liability of the third party solution provider;
- Identifying necessary skill sets to meet desired goals;
- Customer data privacy and protection.
Ratolikar heads the information security group at HDFC Bank, where he provides leadership on the development and implementation of an information security program. Previously, he served as CISO at Axis Bank.