How Financial Organizations Can Begin Their Journey Towards Secure Edge Operations

By Michelle Arney, Head of Product, Cybera

Financial services organizations have traditionally utilized virtual private networks (VPNs) to connect remote locations and/or to deploy new apps.  Until rather recently, VPNs were the ideal solution to assist in controlling costs, while also providing a level of security.

However, as the data landscape has evolved – with financial services organizations becoming increasingly decentralized, it has become clear that VPNs can no longer deliver the benefits for which they were originally intended.

They simply were not engineered with today’s requirements in mind.Unfortunately, many financial services organizations are learning this the hard way.

Michelle Arney
Michelle Arney

Todays’ compute environment, made up ofbig data, mobility, cloud, Internet of Things (IoT), and so on, continues to extend traditional enterprise perimeters, rendering VPNs highly vulnerable to threats and incapable of providing the cost advantages for which VPNs have been traditionally associated. In fact, as new applications are added to distributed locations, the cost and complexity of adding more VPNs to secure them now in fact escalates considerably.

Today, much of the answer can be found in innovative, multi-layered security solutions that are evolving to secure and protect assets.Unfortunately, often times the remote distributed sites of the newly updated HQ data centers are not brought up to date as quickly or as completely.  And, even when the remote sites are provided with like IT hardware and/or software, more often than not, they do not have the same level of onsite IT expertise to ensure ongoing optimum IT operation.  This renders the remote site(s)potential weak links in the overall security chain – and not just vulnerable at their specific location, but potentially opening avenues of vulnerability into the corporate site as well.  Given this all too common scenario, and its potential ramifications for the business and regulations compliance, it is not surprising that the question of how to extend enterprise data center-grade security to remote sites with limited IT staff and tight budgets remains at the top of most IT and security professionals’ priority list, not to mention the C-suite, compliance and legal teams.

Today, Secure Software Defined Wide Area Network(SD-WAN)for the Network Edge has emerged as an ideal solution to overcome these challenges.  Secure SD-WAN at the Edge puts the power and security of the compute resources as close to the sources of data as possible – i.e., at the network’s edge – near where the work is actually being done.  It is purpose built to address these challenges by uniting security and simplicity into an integrated solution.The power of secure SD-WAN Edge lies in taking a defense-in-depth approach while at the same time decreasing the enterprise attack surface by logically segmenting the network on a per application basis. Additionally, this multi-layered security methodology is offered with the architectural simplicity, scalability, reliability and significant cost savings of a virtual overlay network.

The majority of those responsible for data security in today’s increasingly distributed financial services organizations know only to well the challenges that lay with traditional connectivity solutions, such as VPNs: 

  • Complicated Deployment/Management – Connecting new locations and new applications is hard. Each location may have multiple devices, different device configurations and various security requirements. Turning up a new location on a VPN requires experienced IT staff to deploy, manage, troubleshoot and support. Today’s increasingly decentralized financial services ecosystem means security configurations may be deployed and/or managed by anyone from a highly trained professional to a novice. This opens-up edge compute locations to the possibility of misconfigurations or inconsistent configurations, and consequently, dangerously vulnerable to security risk.
  • Costly –The capital expenditure for acquiring, deploying, managing and supporting various point solution hardware, public IP addresses, and software continues to rise. In addition,and rightly so, the cost to hire and retain highly skilled IT professionals capable of managing the entire infrastructure – from HQ to the remote sites – is increasing. And, when such skilled professionals are tasked with managing and putting out fires in this area, it takes them away from activities that could more directly impact competitive advantage, profitability and shareholder value.
  • Rigid –Adapting to changing network needs, turning up new applications, or responding to new security threats, such as ransomware, malware and spoofing, must be automatic or rapidly executed to ensure security and business continuity. But, traditional connectivity measures are inflexible and require labor intensive efforts to execute and manage adequately. 

Straightforward and Uncomplicated

As financial services organizations continue to decentralize, and more business data is created and utilized at the network edge, a straightforward, uncomplicated solution to securely connect and manage them is required. Secure SD-WAN Edge is especially well suited for this endeavor.

Secure SD-WAN Edge technology streamlines enterprise networks and significantly reduces the capital and operational expense of managing enterprise WANs. Secure SD-WAN Edge technology effortlessly extends the multi-layered security defenses utilized in corporate data centers to branch locations and remote ATMs. Most importantly, secure SD-WAN Edge allows mission-critical infrastructure such as ATMs and electronic card readers to co-exist with public applications like Wi-Fi on a single network while providing application-specific security and end-to-end network segmentation. These applications are segmented into their own dedicated logical networks, preventing them from intermingling with other application traffic on the network.

With secure SD-WAN Edge solutions, these applications are connected in a cost-effective, scalable way without compromising security. This is a distinct benefit over VPNs, which provide an either/or scenario: either all traffic intermingles on one VPN, which is lower cost but very insecure; or all traffic can be segmented on separate VPNs, which requires more cost and complexity to maintain security.

Virtualizes the WAN

 

Secure SD-WAN Edge virtualizes the WAN so that all network intelligence is handled in software.
For example, remote locations can be defined simultaneously and then kept perfectly in sync using centralized cloud-based policy administration inherent in SD-WAN Edge connectivity models. This groundbreaking architecture helps reduce expenses and complexity, while increasing network flexibility. Best of all, it can be piloted in your network incrementally on a branch-by-branch basis, mitigating concerns about network disruption, and giving you a quick way to determine the return on your investment. Additional values of secure SD-WAN Edge are provided below.

Other Benefits for Financial Organizations

Increased Security – Logical network segmentation allows security policies to be enforced on a per application basis. By applying complete end-to-end segmentation of each application, exposure from any potential breach is limited to that single application. Just as importantly, the centralized virtual overlay approach of secure SD-WAN Edge configurations eliminates the multiple manual configurations that open your network up to security risks. With secure SD-WAN Edge, you can easily extend the multi-layered security approach used in data centers out to the edge of your network without highly skilled IT professionals at the branch.

Increased Agility – Secure SD-WAN Edge functionality allows for zero touch deployment, resulting in the rollout of network services “on demand”, supporting the needs of an agile business. For example, new cloud applications, such as POS and loyalty, can be rolled out quickly.

Reduced Complexity – Distributed enterprises can be operationalized in minutes instead of months. Secure SD-WAN Edge simplifies network setup with automatic provisioning and configuration from a central controller. The remote location will also receive network updates and changes automatically.

 Proven Scalability – Secure SD-WAN Edge is designed with scalability in mind and provides the level
of security and performance on demand network services need in large distributed enterprises. Policy changes, software updates, and new branch deployment are made simple and expedient without compromising network performance. It is precisely because of all these benefits at dramatically lower costs that multi-unit organizations such as Arby’s, Blimpie, Cold Stone Creamery, Rocky Mountain Chocolate Factory, Shell and Kirkland’s have incorporated secure SD-WAN Edge into their networks.

 Decreased Costs – With secure SD-WAN Edge virtualization, the cost of WAN infrastructure hardware, software, and support can be reduced by up to 79%. The technology eliminates the need for multiple, dedicated premise devices by integrating functionality, such as Wi-Fi, wireless back-up, firewall and intrusion detection/ prevention in one solution.

Here are the high level steps for financial organizations that wish to commence their Secure SD-WAN Edge Journey:

  1. Identify and engage all key stakeholders in creating and/or approving the Strategy & Program(IT, security, legal, regulations compliance, C-suite)
  2. Develop a data connectivity and security program for HQ, as well as your remote locations
  3. Do your homework – explore multiple solutions and vendors, seek guidance from trusted partners/advisors
  4. Narrow your search, conduct POCs (proof of concept testing)
  5. Once chosen, roll-out incrementally on a branch-by-branch basis