How we manage technology risk at Monzo ⚖

Hey everyone, it’s Ken from the internal audit team!

Me and my colleagues from Risk and Control have put together a blog post about how we handle technology risk at Monzo. It covers the risks involved with designing, building and releasing our app, which we’re doing every day - so it’s important to get it right.

If you’ve got any burning questions, feel free to drop them here.

10 Likes

Can we ask specifics?

Do you allow byod for desktops and can users install whatever extensions they want on browsers that can login to monzo staff portals?
Something I saw implies that the second one may be a yes and I thought that’s security and privacy 101.

1 Like

Thanks for your question, before answering on security specifics I will check in with our brilliant security squad first. Hope that is alright. :slightly_smiling_face: I’ll update my post when they get back to me.

@kolok here you go:

  • We restrict extensions on Monzo Chrome Browsers
  • In most cases, we restrict extensions we do allowlist to not be able to access our internal portals.
  • Our Web Tools have strong Content Security Policies that aim to mitigate the risk of a malicious extension.

And byod for desktops is a no no. :slightly_smiling_face:

2 Likes

Thanks,
That sounds like a strong policy.

The mention of an extension I was talking about must be on the list.

This recent writeup is also a good review of account creation, access control and privilege management if you haven’t seen it yet.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.