4 min read
Key Management: New Digital and Security Models for Banks
Ulrich Scholten (guest) & Stefan Hansen
:
04. October 2022

In rethinking their strategies, traditional banks have eight digital business model options to consider in order to remain competitive against untraditional newcomers to the industry.
Several of these options are ones that their new competitors already implement:
1. Digitized Full-Service Banks
With the digitized full-service bank model, vertically-integrated banks maintain an offering of proprietary products through their own top-notch digital channels and branch network. This might seem like an evolution of their existing business model. However, this strategy involves a digital transformation and the simplification of their products and end-to-end processes.
2. Open Banks
In this model, the traditional bank creates and distributes its own products to its customers. However, they also work in partnership with third-party product and service partners. Because it is a highly digitized model, there is a need for seamlessly connecting with these partners.
3. Ecosystems
With an ecosystem digital model, a full-service bank becomes the platform for not only its product and service offerings but also those offered by an extensive network of partnerships. This includes collaborations outside of the banking and finance industry, also. Like the open bank model, a seamless connection is required between the bank and all partners, which also includes the ability to capture and share data from various sources to provide value to customers.
4. Product Engines
With this digital model, the bank is the manufacturer of products mainly distributed through third-party channels. The bank accepts the risk that they could lose relevance with their customer interface as investments in the product platform are prioritized. But the reward of their investment is becoming a partner of choice for the customer interface. This model has a highly competitive delivery cost.
5. Direct Banks
New entrants to the banking industry are using the direct bank digital business model. This model offers the features that a full-service bank would; however, it does this without a network of branches. Its focus is securing deposits.
6. Neobanks
The Neo bank digital model is designed for mobile on a new tech stack. It has a narrower product focus than its own products. However, it imports products and services from its third-party partners. Traditional banks can use it as a digital growth option.
7. Specialist Providers
The specialist provider's digital business model focuses on providing a narrow range of products. Typically, this is a single product or service, such as mortgages. Again, this could be an area for new digital growth for an existing bank.
8. Marketplaces
A marketplace digital banking business model provides a choice of products offered by competitors, including non-banking offerings. This type of model has a first-class user interface and capabilities. It can be used to expand a current bank’s offerings to its customers.
Direct Impact on the Security Architecture

All 8 digital models imply - in slightly different shapes - a rapid evolution along the following axis:
- Increased level of digitization of banking processes
- Opening up the banking APIs to external players (supply side and/or distribution side)
- Stretching of the critical banking IT across the Hybrid Cloud
- More dynamic product offerings with faster innovation cycles and shorter life cycles of a specific offering
Technically, the bank will be orchestrating composite services across a digital value chain, including
- On-premise (potentially decentralized) data centers with local security infrastructure (e.g., mainframes, HSMs)
- Cloud deployments of own (often containerized) applications (e.g., on the MS Azure Platform, Amazon AWS, or the Google Cloud)
- Inclusion of third-party services like MS Dynamics or the SAP Banking Services 9.0 on the supply side
- Inclusion of third-party services on the distribution side, such as retail banking applications
Normally we do not find any of the above 8 archetypes in a pure form, but rather a blend of several of them. Consequently, each security architecture needs to be adapted to each specific case.
To be able to respond to the model's individual requirements, the bank must combine multiple service modules into a composite solution.
Technical factors such as service availability, latency, or cyber resilience must be evaluated on a case-by-case basis, but privacy is always of utmost importance.
Given that the bank is the keeper of the grail of customer privacy and its financial assets, private data must never be exposed to third parties (unless it has the end-user’s explicit consent).
Simply put, whatever model the bank will implement, it needs to be the owner of the cryptographic keys throughout the complete key life cycle. Being the owner ensures that no third party has ever access to unencrypted data or the key itself. This not only ensures data privacy but also business dynamics.
As dynamic value nets can only be maintained when a bank is not locked-in with a specific supplier. Cryptographic lock-in is introduced to the bank’s infrastructure when the key ownership is given to a 3rd party (cloud service provider or SaaS provider).
The necessary step is a banking-grade and auditable bring-your-own-key strategy (BYOK), which is able to support all the various flavors of the digital.
References and Further Reading
- Read more articles about secure banking-grade key management in the hybrid cloud (2019 - today), by Stefan Hansen, Ulrich Scholten and more
- Global Retail Banking 2019 - The Race for Relevance and Scale (October 2019), by Thorsten Brackert, Chaojung Chen, Jorge Colado, Laurent Desmangles, Muriel Dupas, Pierre Roussel, Holger Sachse, Sam Stewart, and Monica Wegner at Boston Consulting Group
- Banking-as-a-Service - what you need to know (2016), by Dr. Ulrich Scholten at VentureSkies
- [1] How Value Creation Is Reshaping the Payments Industry (2017) by McKinsey Company
- McKinsey on Payments (January 2020), by McKinsey Company, Volume 12, Issue 30
- Platform-based Innovation Management: Directing External Innovational Efforts in Platform Ecosystems (2011), by Simone Scholten & Ulrich Scholten
- Composite Solutions for Consumer-Driven Supply Chains (2010), by Simone Scholten, Ulrich Scholten and Robin Fischer. In: Bogaschewsky R., Eßig M., Lasch R., Stölzle W. (eds) Supply Management Research. Gabler
- Banking-as-a-Service - what you need to know (2016), by Ulrich Scholten
- Winning in a world of ecosystems (2019), by McKinsey Company
- Global Banking Practice - The ecosystem playbook: Winning in a world of ecosystems (2019), by McKinsey Company
- The power of many: Corporate banking in an ecosystem world (2019), by McKinsey Company