The CISO for the $181 billion financial giant sidestepped any specifics about what he considered acceptable security today, but stressed that SaaS is undermining security efforts.