This summer has been a good one for nCino, the company behind the cloud-based lending platform of the same name. Almost a decade after starting development on the nCino bank operating system, the company has managed to build a customer base of more than 1,100 financial institutions, including Bank of America, Barclays, Santander, TD Bank, and plenty of other major global lenders. All of that success culminated in an IPO in July, and the company’s stock has climbed in the weeks since.
It’s not hard to see why the nCino platform has been so successful. In most banks across the globe, the lowest-paid employees are usually the ones tasked with facilitating sales and servicing journeys. These employees must find ways to provide optimal customer experiences while interfacing with perhaps dozens of applications and legacy banking systems.
The latter systems are usually mainframe-based with terminal screens hosted on the bank’s branch or contact-center desktop. Because they’re not integrated with newer banking applications, customer-facing employees commonly have to deal with session timeout and access issues — all while managing customer, transactional, and account information spread across a multitude of disparate applications and screens.
In this environment, delivering a superb customer experience is already a significant challenge. It’s made more difficult by the fact that the security and compliance processes built around the mainframe model (and often delivered as a service by legacy solutions providers) are vastly different from the processes needed to ensure secure usage of cloud-based applications.
Bolstered by an investment from Salesforce, one of the world’s largest platform-as-a-service providers, the nCino platform alleviates many of these challenges. The nCino platform has evolved to become an end-to-end bank operating system that spans business lines and integrates with core banking and transactional systems while providing unique features that improve data security and ensure regulatory compliance.
The platform is now the heart of Salesforce’s Financial Services solution and will undoubtedly continue to add customers in the coming years. If your organization plans to adopt nCino in the near future, you must keep in mind a few big issues related to security as you plan implementation:
Shared responsibility for security
The shared responsibility model that governs the agreement between cloud solutions providers and customers puts your organization in charge of data security. Salesforce is responsible for securing application services, network services, and infrastructure services, and it offers plenty of built-in security features to protect your data within the platform. However, it’s not responsible for ensuring the secure development and configuration of the applications you choose to run on its platform. For organizations used to receiving security support from legacy solutions providers, this can be a significant change.
Access management
Financial institutions that are more recent adopters of nCino/Salesforce tend to classify roughly 10-15% of the information fields in their Salesforce orgs as “high-risk.” For more mature users, that number is typically closer to 20%. Unfortunately, many institutions fail to implement access-control policies that restrict the visibility of these information fields, meaning almost any employee using the platform can see records containing sensitive data. Moreover, field change tracking and history retention are used sporadically, if at all, by the majority of institutions. Internal data breaches are one of the biggest threats facing any modern organization that collects and stores customer data. Prior to your implementation, carefully consider user permissions and access management policies to mitigate the risk of regulatory issues down the road.
Resource allocation
It’s critical to have a plan in place that accounts for security during and beyond the initial configuration. Most firms dedicate a huge chunk of resources to the procurement process and focus due-diligence efforts on application capabilities to ensure that new technology is mapped to core business requirements. They also invest heavily to make the move to the cloud as seamless as possible so that new applications can immediately begin augmenting business capabilities. While this level of investment and due diligence on the front end helps ensure that new technology is the right fit, it places an outsize focus on capabilities at the expense of security. Any organization that wants to maximize the long-term value of nCino or any other newly adopted cloud-based application must allocate resources to ongoing maintenance and support because they’ll no longer be able to rely on a legacy solutions provider to deliver those services.
Interested in learning more? Request a free Guided Risk Assessment for Salesforce today, or schedule a demo below.