Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

TECHNOLOGY

How Cloud is Driving Forward Implementation of Zero Trust Security

How Cloud is Driving Forward Implementation of Zero Trust Security 45

How Cloud is Driving Forward Implementation of Zero Trust Security 46

 

By Manuel Sanchez, Information Security & Compliance Specialist, iManage

The UK government’s Cyber Security Breaches Survey 2022 is overflowing with statistics that paint a concerning picture of just how challenging the threat landscape is for today’s companies, including those in the financial sector.

For starters, phishing is widespread: Of the 39% of UK businesses who identified a cyber security attack, the most common threat vector was phishing attempts (83%). Meanwhile, around one in five businesses experienced a more sophisticated attack type such as a denial of service, malware, or ransomware attack. 

 

The National Cyber Security Centre and the Information Commissioner’s Office also observe that there is a rise in ransomware payments being made. 

The reason that the financial services space remains a popular target for cyber criminals is because of the sensitive nature of the data they hold. According to the survey, the sector that is most likely to hold personal data about customers is finance and insurance (with an 85% likelihood of holding personal data, vs. 61% of businesses overall).

Does this mean that financial institutions should resign themselves to the inevitability of a data breach? 

The answer, unfortunately, is yes. But there are steps that businesses can take to significantly lower the risk and impact from potential data breaches. One of these steps is taking a Zero Trust security approach as part of their digital transformation strategy. 

The move to cloud

As it did with so many other aspects of life, COVID upended normal work patterns. Suddenly, people were working from home as often as they were from the office, and this instigated the move to cloud systems – for document management, project management, billing, and other workflows – so that data and the controls to secure that data could be accessible at any time, from any location.

This continued migration to cloud from on-premise systems has picked up so much momentum that Gartner reports that more than 85% of organisations are expected to embrace a cloud-first principle by 2025 – and any application that isn’t cloud will be viewed as a legacy application.

This shift towards cloud has also had a significant impact on the traditional security model, where the approach was to “secure the perimeter” and protect the corporate network against anything coming from the outside in. For the few workers who were working from home, the primary means of accessing corporate assets was via a VPN (virtual private network) that would let them connect to the corporate network.

One of the flaws of this approach is to automatically trust all users and devices once they are inside the perimeter. Not only does this put the business at risk from malicious internal actors but also allows external bad actors to take advantage of compromised accounts and wreak havoc once inside. 

Relying on technologies like VPN to protect the infrastructure within the four walls of an office is no longer an option for the current times. Organisations should look to protect applications, assets, users, and devices, wherever they are. And with cloud applications allowing data to be accessible from anywhere, it is important to ensure employees can access sensitive files and data that they are allowed to access securely, without impacting their productivity.

 

A comprehensive security model

Taking a Zero Trust approach has never been more critical, as it offers higher levels of security with reduced complexity and operational overhead.

The premise of Zero Trust is to verify “everything, every time”, whether inside or outside the company network. Unlike older security models, which would verify user credentials just once at the point of entry, Zero Trust is based on the concept that no user is given implicit trust until their identity is verified – and every interaction is constantly verified throughout the user session to reduce risk.

If we take the example of a cloud-based document management system (DMS) used exclusively by Finance and Legal staff to manage sensitive content, a Zero Trust approach would ensure that access to, or even visibility of the DMS application, is limited to only those employees who are in the Finance and Legal teams and are authorised to view the data, with authorisations determined granularly – not just to file level, but also usage rights. For example, one user could be granted only viewing rights for a defined period of time, whilst another may be able to also edit. By implementing this level of need-to-know security, the damage a threat actor could achieve via lateral movement once inside the network can be significantly reduced.

A Zero Trust approach combines various technologies such as multifactor authentication (MFA), endpoint security, identity and access management (IAM) and device certification. These technologies can help to authenticate and validate users and devices across multiple cloud applications and internal systems.

This allows organisations to incorporate cloud applications into a standardised and robust security model, as well as taking advantage of all the benefits of migrating to the cloud, while increasing protection across their data. 

 

Cloud requires Zero Trust

Zero Trust isn’t a “product” or a shiny new thing that will replace the existing security stack. Zero Trust is a journey, and it requires careful, patient planning. As the migration to the cloud continues, it will become increasingly critical for financial organisations to embark on their own Zero Trust journey sooner rather than later. If they don’t, they risk becoming just another statistic for next year’s cybersecurity report.

 

Continue Reading