How to better protect a next-generation financial network

Recommendations for building integrated security architecture in banking, wealth management, and insurance

by Steve Sweeney, Principal Architect, AT&T Business

The COVID-19 era has demonstrated how constraining and unsustainable the traditional hub-and-spoke model of network security is now for banks, insurers, and wealth managers. With more distributed endpoints, unacceptable latency, and the global workforce undergoing a massive “work from anywhere” transition, Financial Services providers are accelerating their modernization of enterprise cybersecurity architecture.

Prioritizing security for network design

There has been no shortage of high-profile data breaches over the past decade. As the perimeter of corporate networks expands at an unprecedented rate and the reliance on process orchestration and automation grows, criminals are taking advantage of machine automation to conduct more sophisticated attacks. Hackers have proven to be relentless and agile – expertly targeting vulnerabilities in the “seams” between endpoints and applications.

Trends like localized off-loading, metro edge nodes, and decentralized backhaul have also compelled the industry to reconsider how to address evolving security concerns. Financial institutions (FIs) have fought back with technologies like Secure Access Service Edge (SASE) that converge SD-WAN with comprehensive network security functions. Connecting devices through a single global platform (with embedded cybersecurity tools) is proving more effective for management of the next generation of cyber-risk. Additional efficiencies are coming from hardware innovation, virtualized functions, and reimagined network designs with security as a primary consideration. As financial providers run more applications in the cloud, considerations like Zero Trust readiness, fraud prevention and mitigation, network-based firewalls, and cloud security gateways can be crucial to help manage risk in your business.

SASE

The concept of Secure Access Service Edge (SASE) was popularized by Gartner, specifically the hyperconvergence of cloud services, application policy, and dependence on low latency for application performance. It includes corporate data migrating from inside the customer enterprise network to a distributed infrastructure that uses multiple cloud services. This necessitates a security architecture that adapts to the increasing dependence on near real-time data in the Cloud. SD-WAN technologies that integrate security mechanisms in-line, parallel to, and in-cloud, can address security as an application policy, and help to address the hyperconverged enterprise network infrastructure. Consolidating the security requirements with the application performance can help provide a mechanism to address shifting data flows while allowing the flexible adoption of new technology and software.

SD-WAN

Over-The-Top (OTT) SD-WAN is the preferred framework for some FIs because of the flexibility, consistency, and high security it enables. Vendor agnostic, this architecture also supports Virtual Network Functions (VNFs), more agile management despite market volatility, and connectivity with existing cloud providers and data centers. Because SD-WAN may include public internet for some workloads within the financial, regulatory, and compliance environment, there is a need to provide a consistent security model across the various access methods during the migration to updated network designs. Cybersecurity tooling is indeed adapting to better interoperate with SD-WAN technologies, so the historical challenge of implementing security appliances (virtual or physical) is being mitigated by interweaving with the network. This also simplifies policy management and operations, while helping to protect endpoints and “seams.”

Zero Trust

The guiding principle behind successful Zero Trust strategy is for every user and action to be authenticated and authorized. While intended to help  prevent data breaches by limiting the movement of users inside trusted zones, a recent survey identified troubling gaps in security strategies. Many organizations (67%) said they don’t have staff or resources to manage and update their security tools effectively, and only 31% said they’re protecting their network from internal threats and vulnerabilities. As data and endpoints extend beyond traditional zones of control, security initiatives must be enhanced to address new threat vectors. The solution is to adopt a Zero Trust security policy to replace the principle of “trust but verify” with “always verify, never trust.”

Highly secure gateways

Cloud security gateway services can be deployed globally and provide a comprehensive set of security capabilities.  Traffic originating on or destined for a corporate network branch, data center, or campus can traverse these always-on, continually updated nodes. Increasingly becoming a feature of SD-WAN services, cloud security gateways can help enable localization, faster deployment, lower latency, and connections to specific resources in the on-premises network.

The COVID-19 crisis has also accelerated the need to work remotely, and the increasing availability of LTE-enabled devices allows FIs to support remote worker and branch office access to the enterprise WAN. It also provides access diversity across backup applications. Extending existing WAN infrastructure into the mobility network can help to enable FIs to pursue application deployments that also include hard-to-reach and temporary locations.

Network-based firewall (NBFW)

The modern ecosystem is distributed and interacts with third parties across a variety of network types. To manage complexity and provide cost-effective protection, a network-based firewall is a critical component. Regionally deployed cloud nodes can be selected at the location of an optimal egress/ingress point, based on concentration of data. Networks are better protected by providing highly secure, multi-tenant firewalls between the VPN service and the public network.

To learn more about the measurable results Financial Services providers have achieved with our help, check out our latest customer success stories.

AT&T Business is a trusted advisor to Financial Services professionals and a leading provider of highly secure Edge-to-Edge℠ solutions. Achieve smarter, more trusted interactions with our unique ecosystem of technology, expertise, and global network.