How financial services firms can secure their WFH networks

As the pandemic continues to spread, people still working from home – and businesses - remain at risk. By Don Boxley, co-founder and CEO, DH2i

August 14, 2020

As the coronavirus continues to haunt the human race, many companies worldwide have stretched out their work from home (WFH) arrangements—some of them permanently. Technology giants are leading the way back home, as companies including Twitter, Square, and Facebook roll out variations of  “work from home forever” models. Like nearly every industry, financial services firms have also been affected by WFH realities that have both pros and cons for both employers and employees.

Workers can orchestrate more control over their schedule when working from home, which is particularly welcome for many employees during a global pandemic. Employers benefit as well, as virtual working has been proven to increase productivity. Researchers have published that remote employees do three additional weeks of work per year, improving the bottom line.

Whether your firm has extended a full WFH setup or if you’re among those that are considering various hybrid WFH scenarios that include a mix of office time with remote work, there are clear considerations of this new way of working for IT when it comes to security. Working from home offers health safety benefits, but when it comes to data safety, it’s a different story. There’s the nightmarish possibility that WFH employees could compromise the network, inadvertently unlocking the door to network attacks.

Financial services firms need a way to eliminate the network attack surface to safeguard their systems and data when people are working from home. But how can IT best accomplish these goals?

One choice is a traditional (read: old school) solution: virtual private networks (VPNs). VPNs are still the go-to in some financial firms—but that’s based on their performance in an on-premise environment, not a hybrid multi-cloud environment. Today, with financial services firms favoring hybrid cloud settings, and on-premise mixed with multiple clouds both public and private, VPNs have issues. More IT settings mean greater risk of data exposure and security breaches.

WFH setups add even more security vulnerabilities, as WFH employees have access to a slice of the network, unveiling a massive unprotected attack surface. It isn’t being dramatic to say that WFH employees can lead to corporate network attacks by exposing the entire network to lateral movement, whether inadvertent or intentional. VPNs have other drawbacks as well, such as creating headaches for IT administrators to manage. With each third party having different networking configurations, IT gets stuck managing a plethora of VPN connections.

SDP, or software-defined perimeter solutions, can make these VPN security problems go away quickly by green lighting connectivity across multiple clouds, sites, and domains to distributed apps and clients. In a work from home environment, this is not just nice to have but has become a necessity. The result is application-level access, doing away with VPN’s network-level access. SDP thus prevents lateral attacks in a “secure by default” environment.

Here’s the key for firms that are leveraging WFH setups: SDP solutions set strong limits on those who are accessing the company system from home, preventing global access and instead allowing IT-approved access only to specific applications that a user needs. By eliminating the network attack surface, you can protect company data—as well as your employees’ personal data—creating security and goodwill throughout all levels of the organisation.

About the author
Don Boxley Jr is a DH2i co-founder and CEO. Prior to DH2i (, Boxley spent more than 20 years in management positions for leading technology companies, including Hewlett-Packard, CoCreate Software, Iomega, TapeWorks Data Storage Systems and Colorado Memory Systems. Don earned his MBA from the Johnson School of Management, Cornell University.



TS Imagine - One Year in Business

Video | Trading & brokering TS Imagine - One Year in Business

TS Imagine
WWS OnetoOne Omnia: Omnichannel Marketing for Your Bank

Video | Infrastructure/architecture WWS OnetoOne Omnia: Omnichannel Marketing for Your Bank

TS Imagine Team at SimCorp IUCM 2022

Other | Trading & brokering TS Imagine Team at SimCorp IUCM 2022

TS Imagine
Bitcoin Financialization (Part 3) – Calling All Crypto Asset Managers

Other | Trading & brokering Bitcoin Financialization (Part 3) – Calling All Crypto Asset Managers

TS Imagine