Charbel Khneisser, Regional Director – Technical Sales, META at Riverbed
Just a few years ago, it would have seemed virtually unimaginable that the financial sector, one of the most stringently regulated industries, would embrace cloud to such a great extent. However, with recent pressures to enhance customer experiences, and modernize internal processes, it is a segment that is rapidly adopting cloud solutions. And while there are clear benefits to this move, the threat of cyber-attacks which have already disproportionately plagued the sector, are only further heightened by the cloud. As a result, it is now more challenging than ever for banks to manage regulatory compliance.
To complicate matters even more, the tactics from cybercriminals are rapidly evolving, and traditional prevention methods are struggling to keep pace. This is leaving employees and customers vulnerable to attacks. Left undetected, these can be highly damaging to any finance organization’s reputation and stability. In this climate where clouds obscure our ability to see, full-fidelity visibility has never been more important.
Security and compliance challenges associated with cloud, SaaS, and home device use
Put simply, a move to the cloud means that a company’s data transitions onto someone else’s infrastructure. Although cloud providers offer strong security measures, the data within the ecosystem is at a higher risk than it would be on-premises. This is due to cybersecurity threats – such as sophisticated ransomware and phishing attacks – which are harder to detect in a cloud-first remote working environment, as services move to the cloud, and workers move out of the office, valuable visibility is diminished. Arguably, there is also a greater risk of insider threats, as demonstrated by breaches that have occurred at major global banks over the past few years, with significant regulatory, financial, and reputational consequences.
The security risks the financial services industry faces are also being broadened by the move to SaaS applications which, due to their cloud-based nature, are also run on external servers. If we look at internal operations specifically, financial institutions are increasing their reliance on applications such as Office365, Salesforce, and Slack to maintain business operations, and ensure customers receive a good level of service, as the employees delivering them continue to work remotely. In fact, Gartner predicts SaaS revenue will grow to $140.6 billion by 2022, up from $102.1 billion in 2019. This expands the security perimeter for banks as the path to corporate data is no longer owned by them, minimizing their visibility over it.
To complicate matters even more, staff are creating their own versions of applications to maintain productivity. For example, if they find it takes too long to share a file over the corporate VPN, they are spinning up their own WeTransfer account and using this to share files with colleagues. Similar issues can occur with many collaboration tools, like Slack, that are free to use by small groups. The issue here is that it widens the threat surface while creating a modern form of shadow IT, which the enterprise has no visibility over and is therefore unable to secure.
The final layer of complexity is that employees are also logging into cloud-based applications via systems that aren’t managed by the enterprise, such as accessing Zoom or business email from their personal home device.
All of these changes in business processes, and employees’ individual approaches to them, mean that end-to-end traffic patterns can’t be monitored as they were when staff was in the office full-time. As such, it’s more difficult for IT teams to assess what normal patterns look like and identify signs of a security breach or breach in compliance.
Regaining full-fidelity visibility
To recover complete, otherwise known as full-fidelity visibility over the network and activity on it, financial institutions need to carefully consider which cloud-based applications they’re deploying, then establish clear rules about employee-run versions and personal device use. In addition, they must collect and record data from across the virtual enterprise to build a holistic view of their entire digital estate across both on-premises and cloud infrastructure. Network Performance Monitoring (NPM) solutions – that are capable of gathering flows, packets, and data from cloud VPCs, VDI endpoints, data centers, and the traditional network border – will be vital to this.
Harnessing the power of intelligent analytics, these solutions create thresholds for ‘normal’ activity and proactively warn IT about outliers and suspicious-looking activity. The data can also be manually analyzed to identify and mitigate cybersecurity risks by helping with threat hunting, incident response, and forensics; something Riverbed is seeing many of its NPM customers leverage its visibility capabilities for. What’s more, banks can use the insight from full-fidelity visibility tools like NPM to perform regular risk assessments and ensure they’re meeting compliance requirements: such as viewing the age of employees’ passwords, comparing these with corporate policies, and prompting staff to update them as appropriate to keep data safe.
Remaining secure and compliant amid digitization
As the financial sector continues to embrace digital transformation, the need to regain control over data, and remain secure and compliant, is paramount. The most important step in achieving this is attaining full-fidelity visibility across the entire IT infrastructure – from customers to bank branches and remote workers. Armed with this information, financial organizations can better detect and troubleshoot any security threats quickly and do effective forensics and incident response. In doing so: employees can continue to operate safely and productively, corporate and customer data can be successfully protected, and banks and other financial institutions can remain compliant while reaping the benefits of the cloud.