Zero Trust in financial services

Issue 3 2022 Editor's Choice, Security Services & Risk Management

When it comes to adopting a Zero Trust approach, many organisations in the financial services sector already have most of the constituent parts required. In fact, we estimate organisations already have between 60-80% of the security building blocks that banking and financial services organisations need to adopt a Zero Trust approach. But moving from existing approaches to a new security model is a challenge. What needs to come next is a change of stance and a unification process to protect their business as they evolve.

In our white paper ‘Why you need to turbo-charge your Zero Trust journey’ (*bt1), we identify eight guiding principles for Zero Trust in banking and financial services.

1. Identify your goal and pull it through your planning

Form your security strategy around the fundamental assumption that you will always be operating a dynamic network in a hostile environment. Centre your thinking around how you can best use automated processes to create security rules that change dynamically in response to context. But remember that automating a broken process is a swift route to failure; make sure you’re training your AI to make correct decisions about risk so it can automate the appropriate response.

2. Assess existing capability before investing in more

Don’t rush to spend money on ‘Zero Trust’ point products because you may be duplicating capability or investing in areas that aren’t a priority for your organisation. Instead, optimise the value you already have in your security estate by establishing what latent capabilities you possess. For example, layer 1, 2 and 3 segmentations along with very narrow access lists could be a fruitful first step on your Zero Trust journey.

3. Focus on removing peer-to-peer protocols

Segmentation is your key defence in a Zero Trust environment, but you won’t be able to segment your network if you’re running peer-to-peer protocols. A vital part of any attacker’s kill chain is the ability to pivot from one host to another, but if you limit their ability to move easily, then you neutralise entire classes of attack. Think about how 5G architectures cut out peer-to-peer connections, forcing every call to go through a central gateway – this model should be your aim.

4. Control access to core assets

Leverage your security investments to secure your cloud and data centre servers, using Zero Trust segmentation to coordinate traffic authorisations across your estate. This needs to be universal so it’s as watertight as possible and servers only accept traffic sent by authorised users. Consider investing in red teaming ethical hacking exercises to check the security of your key assets.

5. Incorporate user identification

Limit your exposure to risks by only opening ports in your environment when they’re needed. Make user identity the first key to access your systems and make sure permissions are revoked as soon as the user logs out.

6. Build in security-by-design to your projects

Investigate how containerisation can be a springboard for your security DevOps, providing a pre-certified and pre-configured software ‘container’ that you can build on to create automation and machine-to-machine application service models. Containerisation is an ideal opportunity to leave waterfall cycles of patching behind, instead offering security that flexes with context.

7. Segment, segment, segment

Introduce micro-segmentation to segregate – and protect – your network at a granular workload level. This will give you the real-time visibility you need, as you monitor application behaviour and connections to understand what is talking to what and to identify risks. It will also give you the level of control you need to improve your breach containment, preventing lateral movement and reducing the blast radius of any attack.

8. Activate your human firewall

Remember the user in all this and make it easy to do the right thing and hard to do the wrong thing. Educating and motivating your workforce to follow protocols and stay vigilant against potential attacks is just as important as any other aspect of your Zero Trust security journey.

When you’re operating in an environment that’s constantly shifting in ways that open up new vulnerabilities, adopting a Zero Trust approach is essential. Getting it right is about extracting and extending value from your existing investments rather than jumping straight into new ones. Once you’ve identified latent capabilities that you can leverage immediately, employing these eight principles will alleviate the challenges of moving to a new security model.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

A closed security concept for test halls and perimeter
Dallmeier Electronic Southern Africa Editor's Choice
At its factory facilities in Vilsbiburg, Germany, Flottweg SE relies on tailored video security technology from Dallmeier for perimeter security and workplace safety.

What to do in the face of growing ransomware attacks
Technews Publishing Cyber Security Security Services & Risk Management
Ransomware attacks are proliferating, with attackers becoming more sophisticated and aggressive, and often hitting the same victims more than once, in more than one way.

Where does SA logistics stand as far as cybersecurity is concerned?
Logistics (Industry) Security Services & Risk Management
Lesiba Sebola, director of information technology at Bidvest International Logistics, says it is paramount to safeguard IT infrastructure given how central it has become to operations.

Advanced server performance and energy efficient design
Editor's Choice IT infrastructure Products
Dell PowerEdge server portfolio expansion offers more performance, including up to 2.9x greater AI inferencing while Dell Smart Flow design and Dell Power Manager software advancements deliver greater energy efficiency.

Free-to-use solar score for South African homes
Technews Publishing Editor's Choice
The LookSee Solar Score is one of the first of its kind to provide insight into the potential of solar power for South Africa’s residential properties.

Fast, reliable and secure cloud services
Technews Publishing Editor's Choice Cyber Security IT infrastructure
Security and speed are critical components of today’s cloud-based services infrastructure. Cloudflare offers a range of services supporting these goals beyond what most people think it does.

Fire-fighting force at Vergelegen
Editor's Choice Fire & Safety Residential Estate (Industry)
Vergelegen wine estate in Somerset West, and its neighbours, are set to enjoy greater peace of mind this summer, thanks to the delivery of a brand new fire truck .

Top fraud trends to watch in 2023
News Security Services & Risk Management
Even though financial concerns remain a significant obstacle for companies in implementing new anti-fraud technologies, 60% of businesses expect an increase in their anti-fraud technology budgets in the next two years.

Be cautious when receiving deliveries at home
News Perimeter Security, Alarms & Intruder Detection Security Services & Risk Management
Community reports of residents being held up at their gate when collecting fast food deliveries at home are once again surfacing.

Sasol ensures Zero Trust for SAP financials with bioLock
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Multi-factor authentication, including biometrics, for SAP Financials from realtime North America prevents financial compliance avoidance for Sasol.