A new model means a new threat model: whether you are running a private cloud or using outsourced hosting, security is more than ever a key issue in today’s IT systems.
New developments in the financial sector, with the rapid growing of Fintechs and applications around the new European framework called PSD2, as well as other initiatives around the world such as Open Banking, are pushing the entire banking sector towards cloud solutions, or a mix of traditional hosting and cloud (called hybrid cloud). But what are the security implications of such a model?
Why the cloud for the banking industry?
In recent years, the banking sector has seen the arrival of many new players on the market. As society moves towards an increasingly digital world, new banks, or neo-banks, have arrived on the market in order to meet the demands of these users who are keen on new technologies; a complete digital management of accounts is at the heart of all neo-banks’ service offer.
Following the success of these neo-banks, many large traditional players have started developing 100% digital offers, without local branches or offices, offering contactless payments, mobile payments, online account management, and advisors who can be reached via chat, at virtually any time of day. Through dedicated brands (such as B For Bank for BNP Paribas, Boursorama Banque for Société Générale, and many others in France and other countries), banks can experiment with the services of the future, aimed at today’s customer.
All these new offers require, however, a radical change in the banks’ IT infrastructure: previously, only a few parts of the banking information system were exposed. These include SWIFT access, access to online banking, or payments via SMS.
Today, there is a swath of applications requiring complete access to customers’ data, directly through machine-to-machine application interfaces (APIs).
All these new applications have a development cost, but above all a hosting cost: this is where hybrid cloud solutions can come into play.
By enabling the rapid development and deployment of new applications, and with unparalleled agility and availability, the cloud is enabling the rapid expansion of digital services offered by banks to meet the tough competition from neo-banks and fintechs.
What model of threats?
A new paradigm means new threats: with an ever-increasing attack surface exposed, an increase in attacks on information systems, and a hosting model that has different security requirements, the impact of poor security could be catastrophic, especially for an industry such as banking, which is subject to strict regulations from institutions.
DDoS attacks, ID theft, data theft, unauthorised access: traditionally hosted, on-premises information systems are already the target of many attacks; the same attacks can target the cloud, but the lack of visibility could further increase the impact of such attacks.
Operational security is, in general, guaranteed by cloud providers; thanks to replication of facilities, multiple redundancies and backups, as well as numerous certifications, it can typically be assumed that the providers’ infrastructures are rather well monitored. To date, there are virtually no examples of data theft directly attributed to the providers of these services.
While providers are assumed secure, the cloud puts the onus of data security on its customers: access configuration, real-time access auditing, performance monitoring, web filtering, credential theft prevention… Data theft in the cloud is most often caused by configuration errors, or lack of monitoring. It is therefore essential that a 360° security solution is also implemented within the cloud.
What cloud security solutions exist?
There are new solutions that also take into account cloud hosting, that are offered by some security vendors. The most modern concept, which meets ever-increasing customer expectations, is SASE, for Secure Access Secure Edge.
One of the primary goals of SASE is to bring together all the innovations in remote application access, CASB, SD-WAN, ZTNA (Zero Trust Network Access), FWaaS (FireWall as a Service), application gateways, threat prevention, Internet of Things and data leakage prevention, and converge them into a single coherent solution, allowing administrators to know who is connecting to what, and when, in a completely holistic fashion, so allow or deny access to resources based on policies, all administered directly from the cloud.
Beyond the threats to the hosting of new applications, the challenges of the hybrid workplace, full remote workstations and access to more and more cloud applications, or even SaaS, are covered by such a solution.
p>Using a SASE solution promises an overview of the entire data stream, from any device, to any destination, created by any user.
What are the benefits of SASE?
The convergence provided by SASE solutions offers many advantages to companies in the management of its networks and users. By centralising access management, SASE makes network security policies consistent in a way never before possible.
The benefits of such consistency are numerous, and mainly due to a perfect visibility of all network flows – their origin, their destination and the authentication of each of them – the IT teams have a complete and detailed view of everything that happens on the network.
These solutions allow for increased efficiency of IT services, reduced security risks, and simplified access management.
For users, centralising access management and authentication at all points on the network provides increased security, while simplifying their daily lives; by using a central authentication authority, user identity checks are made easier. By simplifying and strengthening security, without making it burdensome, productivity and user satisfaction are increased.
For the company in general, a unified security policy through SASE solutions allows a reduction in operational costs, a better scaling of IT policies, and an increased and consistent security. These advantages also bring external benefits, such as a reduction in the risk of data leakage, and therefore a preservation of the brand image.
Such a convergence therefore allows for a consistent, simplified and more agile security policy. In a world where the cloud will represent an increasingly important part of the hosting of services, it is essential to have a solution that allows access control to data.
Among the suppliers of such a solution, Gartner lists Fortinet and NetSkope as references in the SASE market.
Cloud solutions are here to stay, and all industries will, at their own pace, move towards one type of cloud solution or another that best suits their needs. These new solutions are responding to new challenges of rapid growth, and cannot be ignored. However, especially in the financial industry, security requirements dictate that all incoming and outgoing data flows must be carefully managed, especially with the expanded attack surface that these new solutions imply.
The SASE security concept is emerging in the market as the convergence of all cloud and security innovations in the market to provide a unified solution to attacks and misconfigurations. It provides a view of the entire network to secure all exchanges, both between the Internet and internal systems, and within the local network.
For over 30 years, Sonema has been offering its customers unified telecommunications solutions, as well as hosting solutions, network and system security solutions, cloud solutions, and support from its network experts.
For more information, please contact us.