Why financial institutions should prioritise microsegmentation

Why financial institutions should prioritise microsegmentation

Security practice helps firms take a unified approach to achieving key goals while protecting digital assets 

Richard Meeus |

Financial institutions have a strong requirement for cost savings through automation, resources optimisation, and agile technologies. They need a solution that can increase security while also promoting operational efficiency. 

Moreover, financial institutions have always been prime targets for crime. Given that remote and indirect transactions are the norm these days, attackers have even more opportunities to break through perimeter security. This further increases the risk of breach and the remediation costs. 

However, managing cybersecurity controls in financial services is a complex task. There are numerous drivers that make the work time-consuming and resource-heavy, such as country- and state-level cybersecurity requirements, evolving network infrastructure and the large number of third-party applications, partners and outsourcing vendors. All these factors combined with a multitude of tools, users and outside pressures make financial institutions especially attractive to cybercriminals. 

Enabling digital transformation for better customer service and availability leads to even more ways for banks to be potentially vulnerable to fraud and unauthorised transactions. Customers are well aware of these growing issues and want reassurance that their privacy and finances are protected. 

The best way to address these challenges is to create a single pane of glass for security, with complete network traffic visibility and full isolation of the digital crown jewels. Using flexible, quickly deployed, and easy-to-understand microsegmentation controls, financial institutions can protect their core assets simply and effectively. 

Microsegmentation is an emerging security best practice that offers several advantages over more traditional approaches, which rely heavily on network-based controls that are often cumbersome to manage. However, the software-based segmentation element of microsegmentation separates security controls from the underlying infrastructure and allows organisations the flexibility to extend protection and visibility anywhere. 

The added granularity that microsegmentation offers is essential at a time when many organisations are adopting cloud services and new deployment options like containers that make traditional perimeter security less relevant. 

In order to get the most from a microsegmentation solution, there are five critical steps to take: 

  1. Simplify and accelerate regulatory compliance. To achieve this goal, start by mapping everything and isolating all compliance-related applications and systems. Granular visualisation will help you understand how best to reduce the risk of breaches quickly and easily. 
  2. Protect your essential systems. Separate critical applications such as money transfers, payments, and customer applications from the general IT infrastructure. 
  3. Prevent unauthorised lateral movement. Properly isolate internet of things and third-party access. In addition, manage access routes and terminate access at the target applications, preventing further movement within the data environments (on-premises or in the cloud). 
  4. Adopt cloud, platform-as-a-service, and other emerging technology cost-effectively and securely. Use a single pane of glass for visibility and setting security policy across all infrastructures. In addition, be sure to enforce security via a unified set of tools. 
  5. Data Flow Visualization. Real time understanding of where data is, where it is going and the ability to look back and see historically what changed. This is what helps to see where ransomware has spread, allowing mitigation of its impact before it executes and encrypts a network. 

An example of the effectiveness of this approach is the success of one customer, a US regional bank, which has used Guardicore Centra’s visualisation and microsegmentation capabilities to vastly improve operations. The bank already had a few initiatives in place, including ring-fencing 10 of its most critical applications, limiting third-party access, making it possible to migrate applications to the cloud, and maintaining a single set of security controls across the entire hybrid infrastructure. 

With the help of a single security architect over the course of two months, the customer was able to meet all its goals exceeding original expectations to be fully operational in weeks not months. 

Ultimately, it was able to achieve granular east-west traffic visibility, ring-fence its business-critical applications, and restrict and properly route third-party access. Furthermore, the bank managed to map applications’ dependencies for seamless cloud migration and achieve full process automation with the DevOps integration.  

Financial institutions should also look for a tool that provides complete security coverage for applications, regardless of where they reside. After all, most financial institutions need to protect workloads that span across platforms and environments: on-premises, legacy and bare metal, virtual machines, containers, and public and private clouds, including Microsoft Azure.  

With simple and easy to manage microsegmentation controls, financial institutions can reduce the attack surface and quickly detect breaches within the data centre. Deep visibility into applications’ dependencies and traffic flows helps to enforce precise network and process-level policies that isolate critical applications and systems.  

Learn more at: https://bit.ly/3nf197L 

Richard Meeus is director of security, technology and strategy EMEA at Akamai 

This article was originally published in the Summer 2022 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.

Subscribe to the Technology Record newsletter

  • ©2024 Tudor Rose. All Rights Reserved. Technology Record is published by Tudor Rose with the support and guidance of Microsoft.