Can Zero Trust Redeem Fintech?
Reading Time: 5 minutes

Though the ripples are gentler than they once were, the wake of the 2008 financial crisis is still felt today. Financial regulators around the world have since adopted laws that increase transparency and scrutiny alike, making it difficult for traditional banks to operate as opaquely they once did. This has opened the market wide for tech-assisted financial services that people like to refer to as fintech.

It’s a mistake to assume that fintech innovations come from independent programmers or garage development shops, though it has lowered the barriers to entry for providing financial services. Almost all of the world’s biggest banks and institutions invest heavily in fintech for their own products in order to stay competitive, and accordingly the market is enormous, estimated to claim upwards of $4.7 trillion of the sector’s total revenue

However, opening a market may also mean exposing something within it, and alongside a rash of serious breaches in the last decade, fintech’s pace of innovation is now threatened by its inability to be a trustworthy custodian of customer data.

Technology Both a Catalyst and a Cure

The fintech sector is responsible for many new ideas, some of them the same types of products and investment instruments we already have, like loans, but improved. Others, like crowdfunding, robo-advisors, and mobile payments are new and could have only existed with the addition of technology. An online lender that uses an algorithm to match someone’s credit profile with applicable lenders, do a credit check, and approve the loan within 24 hours is a good example.

Despite convenience, a series of serious data breaches in the sector have customers thinking more about how complex fintech services like this handle their data, and regulators’ ears have perked up as well. Credit and identification details must be entered into an online database, trade hands, and be processed and sometimes stored and shared externally. It may result in an approval a hundred times faster than going into the bank, meeting with a loan agent and filling out forms, but it comes with risks that customers shouldn’t be forced to consider.

Even after GDPR laws went into effect, cyber attacks on EU companies increased to a rate of one attack every five minutes, and these days the bigger the company the harder they fall, with damage that’s both hurtful to their brand and to the bottom line. For organizations in the sector, innovation and the intricacy of data structures has resulted in growth, even if customer trust lags behind. Regulations like GDPR and MiFID II are pushing against this notion, just in time for technology like Zero Trust security to provide an answer: remove trust from the equation altogether.

Zero Trust: Few Can Step Into the Vault

What’s so safe about a brick and mortar bank? Cameras are there to watch all entrants and occupants at all times. The money is tucked away behind layers of security and many walls and floors. Only a few employees have access to the vault – where the customers’ most sensitive possessions are – and there are alarms everywhere. How can online financial services providers redeem this level of security?

At a time when hackers are more clever than ever and regulations are boosting enforcement, Zero trust security solutions represent a redemption. In terms of product, Zero Trust is a platform integrated across financial service providers’ networks to enable a superior level of protection for all the data their employees even get close to touching. It accomplishes this by giving IT control over which employees have access to certain parts of the network, and gain oversight over who enters it and what they do.

Using Zero Trust solutions, finance companies and banks can regain the confidence of the market, move faster towards growth and tech initiatives, and take a zero-tolerance approach to compliance, ending an era where data breaches are the new normal. There are three ways it can do so:

With segmented policy access: Don’t give every employee the key to the bank vault. This makes each employee as big a risk as the last, no matter their personal security hygiene. For a platform that helps someone do their taxes and submit the correct forms, an accelerated personal lender, or even a regular online bank, Zero Trust creates specific user access policies at the individual application and even file level, rather than providing full data access to any employee with a password. 

Employees of financial institutions only have access to the least amount of sensitive resources required to do their jobs, and no more. This significantly reduces the number of relevant targets for hackers, and lessens the impact of employees with poor security habits. Access is often synonymous with speed, however, and so banks with staff who wear multiple hats – a necessity in this era of customer convenience – can rely on other aspects of Zero Trust.

By monitoring the network: The equivalent of cameras to watch and record all corners of the bank, activity monitoring features are a central aspect of Zero Trust and run constantly when users are connected to the network. Suspicious activity is more visible to IT, which can then prioritize the threat and close the gap if necessary. Zero Trust also means zero tolerance, after all, so having proof of what occurred on the network in black and white is necessary for ideas that are crucial for financial services companies, such as compliance reporting. A central management dashboard reduces the manpower requirements of monitoring and also can funnel data to other processing tools that look for deeper insights. 

By securing network access: Though resources like files and applications can be segmented with the least-privilege principles of Zero Trust, it still benefits security to install multiple layers of identification and protection at the edge of the network. Encrypted IPSec tunnels, provided by a standard enterprise VPNbusiness VPN, or IPsec VPN stretches across the network and cloud and requires employees to first connect through an application before being allowed inside. This also offers the chance to integrate other network-wide features such as automatic Wi-Fi protection (which cuts the internet off should the VPN connection fail), multi-factor authentication for extra device-based security, and web filtering tools that limit what network-connected devices can access on the internet.

Trust is an Achilles Heel

With these tools, IT teams at banks and fintech companies can safely abandon the defenses they used to post at the network perimeter. Zero Trust lets them build a more agile, aggressive security apparatus which refocuses on users and employees instead. That’s an important milestone when the reality of financial breaches is that it’s often sloppiness or negligence that exposes customer data, not an intrepid hacker genius. For Equifax and JP Morgan, failure to patch and install 2-factor authentication on crucial servers, respectively, caused irreparable breaches of customer data and industry damage. 

Hackers search endlessly in repetitive fashion across employees, devices, and systems for these kinds of human errors, and so an idea like Zero Trust not only makes gaps less common, but also reduces their impact and improves accountability. It’s the type of safety net that helps organizations like healthcare providers and financial service providers and meet compliance expectations confidently, and meet the pace of innovation they’ve so far set for themselves without looking back.

Read More
Zero Trust Network Security - Perimeter 81
5 Non-Disruptive Tips to Get Started with Zero Trust Network Security
Reading Time: 4 minutes

Zero Trust is an alternative IT security model that remedies the shortcomings of legacy technology by removing the assumption of trust. Under the guiding principle, “Never trust, always verify”, Zero Trust restricts access to the entire network by isolating applications and segmenting network access based on user permissions, authentication and verification.

Conventional security models that “trust, but verify”, fail to meet increasingly sophisticated cyber threats, hyper interconnectivity, globalization and user mobility. By assuming everything “on the inside” can be trusted, these legacy technologies are, for the most part, no longer effective.

Zero Trust network security ensures policy enforcement and protection for all users, devices, applications and data, regardless of where they’re connecting from. This user-centric approach makes the verification of authorized entities mandatory, not optional.

The Benefits of Adopting Zero Trust Principles

Zero Trust provides adequate visibility, control and threat inspection capabilities that are necessary to protect your network from modern malware, targeted attacks and the unauthorized exfiltration of sensitive data.

By migrating to a Zero Trust architecture, organizations can experience several technical and business advantages, including:

  • Mitigating Data Loss
    Dramatically enhance your security posture and mitigate data loss via visibility, safe enablement of applications and threat prevention.
  • Effortless Compliance
    Simplify compliance with highly effective trust boundaries by segmenting sensitive resources into many small perimeters that are secured and segmented based on user policies and permissions.
  • Enabling Mobility and Virtualization
    Increase the ability to accommodate transformative IT initiatives such as cloud computing, infrastructure virtualization, user mobility, social networking and more.
  • Reducing TCO
    Reduce total cost of ownership (TCO) for IT security by replacing disconnected point products with a single, consolidated security platform.
  • Increasing Security
    By adequately accounting for encrypted traffic and filtering for known threats, organizations can prevent sophisticated cyber threats from penetrating perimeter defenses and moving laterally across the internal network thanks to a solid business VPN solution.

The Zero Trust Model – How it Works

Internal networks are comprised of different levels of trust which should be segmented according to sensitivity. Organizations looking to establish secure “trust boundaries” according to the Zero Trust model need to improve their defensive posture through:

  • Network Segmentation
    Network segmentation allows organizations to define internal trust boundaries to granularly control traffic flow, enable secure network access and implement network monitoring. This reduces the attack surface and provides a distributed security solution which operates as a holistic threat protection framework.  
  • Trust Zones
    Trust zones are comprised of distinct pockets of infrastructure where resources operate at the same trust level and similar functionality such as protocols and types of transactions. This minimizes the number of allowed pathways and limits the potential for malicious threats to access sensitive resources.
  • Infrastructure Management
    Zero Trust segmentation relies on the ability to efficiently monitor the network via centralized management capabilities. This allows data to be processed by out-of-band analysis tools and technologies that may further enhance network visibility, detect unknown threats, or support compliance reporting.

5 Tips to Get Started with Zero Trust Network Security

It is important for IT security managers and architects to realize that it’s not necessary to wait for the next network and security infrastructure. By obtaining unparalleled visibility into enterprise computing activity, organizations can incrementally and non-disruptively make the transition to a Zero Trust model.

Here are 5 tips to get started with a Zero Trust approach to network security:

Tip #1: Secure Network Access

To get started, it’s critical to ensure that all resources are accessed securely, regardless of location. Network security, implemented via a client application for endpoints, allows for secure IPsec and SSL VPN connectivity for all employees, partners, customers and guests no matter where they’re connecting from (e.g., remotely, on the local network, or over the Internet).

Additional policies determine which users and devices can access sensitive applications and data. This requires multiple trust boundaries, increased use of secure communications to and from resources and more.  

Tip #2: Inspect and Log ALL Traffic

To accurately monitor what’s happening in the network, organizations must identify and classify all traffic, regardless of ports and protocols, encryption or hopping. This reiterates the need to “always verify” while also making it clear that adequate protection requires more than just strict enforcement of access control. It also eliminates methods that malware may use to hide from detection.  

Tip #3: Least Privilege Access Control

Many legacy solutions are limited to port and protocol-level classification, resulting in too much unfiltered traffic. With granular access control, users can safely access appropriate applications and data by reducing available pathways and eliminating unauthorized and malicious traffic from the network.

With a least-privileged strategy and strictly enforced access control, organizations can define user interactions with resources based on relevant attributes, including application access, user and group identity and the sensitivity of the data being accessed.

Tip #4: Advanced Threat Protection

Legacy security that relies on stateful inspection technology is incapable of enforcing a least-privileged policy because their classification engines only understand IP addresses, ports and protocols – meaning they can’t distinguish between specific applications.

To implement Zero Trust, comprehensive protection against both known and unknown threats, including threats on mobile devices, is necessary to support a closed-loop, highly integrated defense stature that consistently and cost-effectively enables trust boundaries.

Tip #5: High-Performance Design

Since Zero Trust relies on numerous security and networking capabilities, these features must be implemented in a way that doesn’t hinder performance. The Perimeter Zero software architecture minimizes latency and surpasses processing requirements, providing high availability, avoiding loss of service and increasing the uptime of your network.

With unmatched visibility and control of applications, users, and content, organizations can migrate to Zero Trust network security with a highly flexible solution made possible by non-disruptive deployment.

Convert to Zero Trust on the Fly

Because every successful Zero Trust initiative depends on the right solution, organizations can feel confident that they can implement Zero Trust network security without needing to modify the existing network.

Perimeter 81’s software-defined perimeter Zero Trust access feature, called Perimeter Zero, provides a completely transparent experience for all users by enabling access to web applications, SSH, RDP, VNC or Telnet, through resilient IPSec tunnels – without an agent. All your organization’s employees can easily go to their application portal, select the application they have permission to enter and create a session that is fully audited, recorded and monitored.

With secure, segmented and audited access to cloud environments, applications and local services, Zero Trust increases security, auditing, monitoring and visibility while reducing help-desk support and hardware spending.

We hope you found this post helpful! Feel free to let us know if you have any questions and follow us on social media if you’d like to continue receiving all the latest business security news. 

Read More