Technology
Hybrid Cloud Security in the Financial Services Sector
By Renee Tarun, Deputy CISO, Fortinet
Like most other industries, the financial services sector had to make the sudden and widespread transition to remote work last year. Correspondingly, digital services became more important than ever. This, of course, brought on new opportunities for cybercriminals to exploit weak points in the security infrastructure of financial institutions to gain access to highly targeted and lucrative data. These threat landscape trends aren’t going away in 2021, and that means CISOs need to take a hard look at their strategies to identify any potential gaps.
Because the financial services industry is such a highly prized target for cybercriminals, financial institutions must consider agile, flexible solutions to enable IT and security to scale and adapt without compromising security and performance. Since we expect to see an increased reliance on the cloud as digital services continue, maintaining visibility and control across their cloud, on-prem and hybrid environments will be pivotal.
While a hybrid cloud or multi-cloud approach does offer a certain number of advantages, this approach also comes with its own set of security considerations. Securing a multi-cloud/hybrid cloud environment requires a new approach, one in which the convergence of networking and security can play a key role.
The rise of hybrid and multicloud strategies
Adoption of hybrid cloud is expected to increase by 39% over the next five years, driven largely by the COVID-19 pandemic, according to the third annual Enterprise Cloud Index Report from Nutanix. The report also found that 43% of financial services companies plan to increase their investment in private cloud over the next year. That figure is 10% higher than the global average (33%), which indicates that private cloud adoption is a necessity for creating a modern hybrid cloud.
There is some important data that organizations prefer to keep on-premises, and hybrid environments make this possible. Hybrid cloud allows them to maintain full control over sensitive assets, while also taking full advantage of the scalability and agility that the cloud provides. However, as organizations become more hybrid and distributed, their security needs to be able to span across all environments.
Securing the hybrid cloud
The above-mentioned survey found that security concerns are driving private cloud adoption in particular, with financial services ranking security/compliance/privacy as the most concerning (62%) when running applications within public cloud solutions.
With a combination of private cloud services, a public cloud and on-premises infrastructure—all orchestrated to work together as seamlessly as possible—hybrid cloud environments provide for greater flexibility. However, a hybrid cloud that uses on-premises data centers and public cloud platforms requires rigorous security management.
Security must span all clouds. It needs to be consistent and universal across an enterprise’s infrastructure, from branch offices and data centers to multiple public clouds. Anything less presents gaps in visibility and control that threat actors will target.
Security must be integrated
Multiple disadvantages arise for organizations that lack integrated security. Vulnerabilities are not patched and both misconfigured devices and malicious behavior go undetected. Many applications and workflows now span several environments in a single transaction, and security needs to be consistently applied end to end – from your WAN edge infrastructure like SD-WAN to your LAN connections to your hybrid cloud environments.
Cybercriminals know all about such vulnerabilities. They also know that a comprehensive security strategy often lags behind network expansion in many organizations. But these organizations don’t need to sacrifice security to maximize agility and enhance performance among these interconnected edges – all of these elements can and should be realized.
Key components of a hybrid cloud security strategy for FSI
A hybrid cloud that uses on-premises data centers and public cloud platforms requires rigorous security management. An effective security solution purpose-built for a hybrid cloud infrastructure should include:
- Site-to-site VPN connectivity to migrate workloads
- Auto-scale capabilities for network security and capacity
- Centralized management for automatic provisioning
- Full transparency and control for compliance governance
- Segmentation of persistent connections to deliver end-to-end security
A secure cloud experience
Last year’s rush to remote work enabled financial service organizations to survive and keep serving customers, but it also opened many vectors for malicious actors to potentially sneak in through. They will continue to exploit these opportunities until financial institutions erect the barriers appropriate to today’s circumstances. More and more, that looks like hybrid and multi-cloud approaches that enable organizations to keep some data on-premises as needed. But this only works if security is integrated into the cloud strategy. Make sure your security plan includes the elements noted above so you can continue to serve customers with the highest assurance of data safety.
About the author:
Renee Tarun is Deputy CISO at Fortinet. She is focused on enterprise security, compliance and governance, and product security. She is also co-author to the book, Cyber Safe. Renee joined Fortinet as the Vice President, Information Security in early 2017. Immediately prior to joining Fortinet, she served as Special Assistant to the Director, National Security Agency (NSA), for Cyber and Director of NSA’s Cyber Task Force, in which she advanced NSA’s execution of its cybersecurity and cyber-related missions by acquiring, investing and overseeing resources; defining and integrating mission capabilities; and shaping agency strategy and national-level policy.
-
Top Stories4 days ago
Analysis-Spain’s battle of the banks as BBVA narrows gap to Santander
-
Top Stories4 days ago
Talgo’s top shareholder in talks with Stadler over takeover bid, report says
-
Top Stories4 days ago
Google, Apple breakups on the agenda as global regulators target tech
-
Business3 days ago
The Future of Global Trade Will Be Green or Not at All