By John Atkinson, Director of Solutions Engineering, UK & Ireland, at Riverbed Technology 

 

Security and compliance have always been a top priority for financial services due to the highly sensitive nature of the data they hold. However, as the industry increasingly turns to cloud technology – to modernise its internal business models, and create digital, customer-centric experiences – cybersecurity threats are increasing and it’s becoming more challenging to manage regulatory compliance needs. For example, the transition to remote working, acceleration of cloud and Software-as-a-Service (SaaS) applications, adoption of VDI, along with the use of personal devices for business has made it more cumbersome for IT teams to maintain basic security hygiene. 

To complicate matters even more, the tactics from cybercriminals are rapidly evolving, and traditional prevention methods are struggling to keep pace. This is leaving employees and customers vulnerable to attacks. Left undetected these can be highly damaging to any finance organisation’s reputation and stability. In this climate where clouds obscure our ability to see, full-fidelity visibility has never been more important.  

Before we dive into this, let’s further explore how the pandemic has influenced business operations in the financial sector and increased security and compliance complexity. 

The shift from on-premises to the cloud 

Traditionally, the majority of financial institutions have operated mainly on-premises. However, over the past five years adoption has steadily increased, with an accelerated shift triggered by the pandemic. Rising financial pressures, brought about by low economic activity and loan losses, encouraged banks to consider how they could recuperate costs. The cloud, with its flexible cost-model, presented an opportunity to do so.  

What’s more, the cloud has offered a way to facilitate efficient and effective remote working amid lockdown restrictions. Hence Goldman Sachs and Deutsche Bank struck partnerships with Google, while HSBC signed a deal with Amazon Web Services in July of last year. All following in the footsteps of Santander Bank, who completed a rollout of Microsoft Teams as the pandemic first hit. 

Just as the cloud enabled internal operations to continue to run while employees worked at home, it also allowed financial institutions to innovate and continue to deliver digital banking services to customers while branches were shut down. This trend is set to continue after the pandemic ends, with companies such as Emirates NBD building personalised retail banking experiences on Amazon Web Services. 

Given all of this, it comes as no surprise that more than a quarter of banks anticipate migrating at least half of their business to the public cloud by next year, according to EY’s UK Banking Cloud Adoption Index. However, reservations about the shift persist, with UK banks identifying concerns over data security and regulatory risk as the top obstacles to adoption.  

Security and compliance challenges associated with cloud, SaaS and home device use 

Put simply, a move to the cloud means that a company’s data transitions onto someone else’s infrastructure. Although cloud providers offer strong security measures, the data within the ecosystem is at a higher risk than it would be on-premises. This is due to cybersecurity threats – such as sophisticated ransomware and phishing attacks – which are harder to detect in a cloud-first remote working environment, as services move to the cloud, and workers move out of the office, valuable visibility is diminished. Arguably, there is also a greater risk of insider threats, as demonstrated by breaches that have occurred at major global banks over the past few years, with significant regulatory, financial, and reputational consequences.  

The security risks the financial services industry faces are also being broadened by the move to SaaS applications which, due to their cloud-based nature, are also run on external servers. If we look at internal operations specifically, financial institutions are increasing their reliance on applications such as Office365, Salesforce and Slack to maintain business operations, and ensure customers receive a good level of service, as the employees delivering them continue to work remotely. In fact, Gartner predicts SaaS revenue will grow to $140.6 billion by 2022, up from $102.1 billion in 2019. This expands the security perimeter for banks as the path to corporate data is no longer owned by them, minimising their visibility over it.  

To complicate matters even more, staff are creating their own versions of applications to maintain productivity. For example, if they find it takes too long to share a file over the corporate VPN, they are spinning up their own WeTransfer account and using this to share files with colleagues. Similar issues can occur with many collaboration tools, like Slack, that are free to use by small groups. The issue here is that it widens the threat surface while creating a modern form of shadow IT, which the enterprise has no visibility over and is therefore unable to secure.  

 The final layer of complexity is that employees are also logging into cloud-based applications via systems that aren’t managed by the enterprise, such as accessing Zoom or business email from their personal home device.  

All of these changes in business processes, and employees’ individual approaches to them, mean that end-to-end traffic patterns can’t be monitored as they were when staff were in the office full-time. As such, it’s more difficult for IT teams to assess what normal patterns look like and identify signs of a security breach or breach in compliance.  

Regaining full-fidelity visibility 

To recover complete, otherwise known as full-fidelity visibility over the network and activity on it, financial institutions need to carefully consider which cloud-based applications they’re deploying, then establish clear rules about employee-run versions and personal device use. In addition, they must collect and record data from across the virtual enterprise to build a holistic view of their entire digital estate across both on-premises and cloud infrastructure. Network Performance Monitoring (NPM) solutions – that are capable of gathering flows, packets and data from cloud VPCs, VDI endpoints, data centers and the traditional network border – will be vital to this.  

Harnessing the power of intelligent analytics, these solutions create thresholds for ‘normal’ activity and proactively warn IT about outliers and suspicious looking activity. The data can also be manually analysed to identify and mitigate cybersecurity risks by helping with threat hunting, incident response and forensics; something Riverbed is seeing many of its NPM customers leverage its visibility capabilities for. What’s more, banks can use the insight from full-fidelity visibility tools like NPM to perform regular risk assessments and ensure they’re meeting compliance requirements: such as viewing the age of employees’ passwords, comparing these with corporate policies, and prompting staff to update them as appropriate to keep data safe.  

Remaining secure and compliant amid digitisation 

As the financial sector continues to embrace digital transformation, the need to regain control over data, and remain secure and compliant, is paramount. The most important step in achieving this is attaining full-fidelity visibility across the entire IT infrastructure; from customers to bank branches and remote workers. Armed with this information, financial organisations can better detect and troubleshoot any security threats quickly and do effective forensics and incident response. In doing so: employees can continue to operate safely and productively, corporate and customer data can be successfully protected, and banks and other financial institutions can remain compliant while reaping the benefits of the cloud.