How Zero Trust Network Access Helps Protect Banks
The benefits of the cloud are recognized in finance. Especially now that many institutes employ their employees in the home office, it is worth looking at the security advantages of Zero Trust Network Access.
The transition to cloud infrastructures is in full swing at many financial institutions. In the course of the restructuring, Cloud-first network architectures are required that enable employees to access their applications in the cloud securely – regardless of whether they work from the office or home. Employee mobility brings with it new requirements for secure remote access to applications in the cloud.
Secure Network Access
Financial institutions have to think in terms of new work environments, especially about remote access by employees. In traditional remote access, the VPN acted as an extension of a physical network for employees or third parties who needed to access the network from remote locations. Using the traditional network connectivity model, the user is connected to the entire network via a gateway. Only in the second step does he access the desired application. The VPN tunnels used are reliable but offer an open barn door into the entire network, which today’s attackers also exploit.
If the entire network context in the company is no longer relevant due to the relocation of applications to the cloud, an RA VPN is no longer required conventionally. Instead, simple and seamless access at the individual application level is needed, regardless of where the application and user are. This not only increases security but also takes the aspect of user-friendliness into account.
Bank In The Home Office
A practical example: In the course of the COVID-19 crisis, the Australian bank NAB sent tens of thousands of employees to work from home within three weeks and assumed that they would continue to work from home until further notice. There are now 32,000 employees who stay in touch with one another using a wide variety of collaboration tools.
The bank’s executive general manager for customer contact reports that after the NAB launched its customer support efforts, the bank saw a massive surge in contact volume, so it had to expand its support for employees in remote locations quickly. “Our technology team reacted quickly. With secure remote access for both cloud-based and on-site applications; we were able to ensure that our 1,000-strong contact center team – all based in Australia – are our customers and can continue to supervise. “
Banks Are Revising Their Remote Access Strategy
A new cloud-based work environment with modern cyber security threats forces financial companies to rethink their remote access strategy. The approach based on a software-defined perimeter for remote access by employees and partner companies offers a way out of the dilemma of secure remote access. This approach is based on the zero trust model, loosely translated as “trust nothing and nobody.” With the idea of Zero Trust Network Access (ZTNA), the access model is fundamentally changing.
Instead of the previous network-centric model, a cloud-based solution approach for remote access establishes an outgoing connection to the application. With the defined guidelines for access authorizations, only the authorized user has access to an application, regardless of where it is held. The permission of entry is the first component. The second is the secure connection path to the location where the application is stored. This is where the critical difference to RAS VPN models becomes apparent: A secure tunnel is established from the application to a user, regardless of where both parties are. If the user does not have access authorization, he cannot see which applications are available.
ZTNA Adaptation Is Gaining Momentum
Since with this approach, neither the application via the company network and its IP addresses nor the user is exposed to the Internet, the previous attack vector is no longer applicable. The administration of this access management turns out to be easy. The connection is not established via the public Internet but a private infrastructure and is, therefore, more isolated. The security motto here applies: What is not visible on the Internet cannot be attacked. This not only corresponds to the security requirements of the company but also takes into account user-friendliness. Because the connection to the application via a broker means that the user does not notice where the application is held, the IT department only needs to manage the policies that define the authorization of access rights for each user.
2019 Zero Trust Adoption Report by Cybersecurity Insiders shows that access concepts based on the Zero Trust concept are on the advance – spurred on by cloud adaptation: 78 percent of the IT decision-makers surveyed are dedicated to the topic of Zero Trust and are planning an introduction in the foreseeable future, or have already introduced the approach. Fifteen percent of the companies have implemented a solution based on Zero Trust, 19 percent are in the implementation phase. The remaining 44 percent plan to introduce it in the next one to two years.
Also Read: The Network Of The Future: 5G