Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

Hybrid Cloud Security in the Financial Services Sector

Hybrid Cloud Security in the Financial Services Sector

By Renee Tarun, Deputy CISO, Fortinet

Like most other industries, the financial services sector had to make the sudden and widespread transition to remote work last year. Correspondingly, digital services became more important than ever. This, of course, brought on new opportunities for cybercriminals to exploit weak points in the security infrastructure of financial institutions to gain access to highly targeted and lucrative data. These threat landscape trends aren’t going away in 2021, and that means CISOs need to take a hard look at their strategies to identify any potential gaps.

Because the financial services industry is such a highly prized target for cybercriminals, financial institutions must consider agile, flexible solutions to enable IT and security to scale and adapt without compromising security and performance. Since we expect to see an increased reliance on the cloud as digital services continue, maintaining visibility and control across their cloud, on-prem and hybrid environments will be pivotal.

While a hybrid cloud or multi-cloud approach does offer a certain number of advantages, this approach also comes with its own set of security considerations. Securing a multi-cloud/hybrid cloud environment requires a new approach, one in which the convergence of networking and security can play a key role.

The rise of hybrid and multicloud strategies

Adoption of hybrid cloud is expected to increase by 39% over the next five years, driven largely by the COVID-19 pandemic, according to the third annual Enterprise Cloud Index Report from Nutanix. The report also found that 43% of financial services companies plan to increase their investment in private cloud over the next year. That figure is 10% higher than the global average (33%), which indicates that private cloud adoption is a necessity for creating a modern hybrid cloud.

There is some important data that organizations prefer to keep on-premises, and hybrid environments make this possible. Hybrid cloud allows them to maintain full control over sensitive assets, while also taking full advantage of the scalability and agility that the cloud provides. However, as organizations become more hybrid and distributed, their security needs to be able to span across all environments.

Securing the hybrid cloud

The above-mentioned survey found that security concerns are driving private cloud adoption in particular, with financial services ranking security/compliance/privacy as the most concerning (62%) when running applications within public cloud solutions.

Renee Tarun

Renee Tarun

With a combination of private cloud services, a public cloud and on-premises infrastructure—all orchestrated to work together as seamlessly as possible—hybrid cloud environments provide for greater flexibility. However, a hybrid cloud that uses on-premises data centers and public cloud platforms requires rigorous security management.

Security must span all clouds. It needs to be consistent and universal across an enterprise’s infrastructure, from branch offices and data centers to multiple public clouds. Anything less presents gaps in visibility and control that threat actors will target.

Security must be integrated

Multiple disadvantages arise for organizations that lack integrated security. Vulnerabilities are not patched and both misconfigured devices and malicious behavior go undetected. Many applications and workflows now span several environments in a single transaction, and security needs to be consistently applied end to end – from your WAN edge infrastructure like SD-WAN to your LAN connections to your hybrid cloud environments.

Cybercriminals know all about such vulnerabilities. They also know that a comprehensive security strategy often lags behind network expansion in many organizations. But these organizations don’t need to sacrifice security to maximize agility and enhance performance among these interconnected edges – all of these elements can and should be realized.

Key components of a hybrid cloud security strategy for FSI

A hybrid cloud that uses on-premises data centers and public cloud platforms requires rigorous security management. An effective security solution purpose-built for a hybrid cloud infrastructure should include:

  • Site-to-site VPN connectivity to migrate workloads
  • Auto-scale capabilities for network security and capacity
  • Centralized management for automatic provisioning
  • Full transparency and control for compliance governance
  • Segmentation of persistent connections to deliver end-to-end security

A secure cloud experience

Last year’s rush to remote work enabled financial service organizations to survive and keep serving customers, but it also opened many  vectors for malicious actors to potentially sneak in through. They will continue to exploit these opportunities until financial institutions erect the barriers appropriate to today’s circumstances. More and more, that looks like hybrid and multi-cloud approaches that enable organizations to keep some data on-premises as needed. But this only works if security is integrated into the cloud strategy. Make sure your security plan includes the elements noted above so you can continue to serve customers with the highest assurance of data safety.

About the author:

Renee Tarun is Deputy CISO at Fortinet. She is focused on enterprise security, compliance and governance, and product security. She is also  co-author to the book, Cyber Safe. Renee joined Fortinet as the Vice President, Information Security in early 2017. Immediately prior to joining Fortinet, she served as Special Assistant to the Director, National Security Agency (NSA), for Cyber and Director of NSA’s Cyber Task Force, in which she advanced NSA’s execution of its cybersecurity and cyber-related missions by acquiring, investing and overseeing resources; defining and integrating mission capabilities; and shaping agency strategy and national-level policy.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post