Modernising IT and security in financial services with visibility

Martyn Crew, director at Gigamon

16 February 2021

In recent years, the financial services (FS) industry has gone through transformative changes to embrace digitalisation and keep up with customers’ ever evolving expectations when it comes to the online experience. The pandemic only contributed to further accelerating this digital evolution, and driving forward the adoption of new technologies at a rate rarely seen before. However, with new technology comes new security threats and FS firms face a need to better modernise and secure their existing infrastructure. In fact, KPMG has noted the increased cyber risk FS businesses are facing, stating that they ‘need to shore up their cyber defences’.

A disrupted environment

A number of key trends have contributed to the disruption of traditional IT within financial services, making the current landscape unrecognisable to that of ten or twenty years ago. We are witnessing new and revitalised competition within the sector as technology lowers the bar for those wishing to enter the market, changes in processes to ensure compliance with new regulations, and ever evolving security threats.

Existing technology often struggles to meet these new trends, so there is a need to modernise processes to better adapt to today’s environment. Many FS firms built siloed applications to help support them as they grew – for example, having different applications for each stage of the mortgage or commercial lending process – which now need to be de-siloed in order to offer customers a more seamless experience. What’s more, the network is evolving and businesses need data visibility across hybrid infrastructure at a global scale, as well as consistent and effective security policies and tools across geographies and environments – on-premise, virtualised and cloud.

However, something positive that has come out of this evolving technology landscape is that business and IT teams are better aligning around the need to drive agility and innovation – we are no longer battling an adversarial relationship. With new apps being deployed using agile DevOps methods and the shift to the cloud, the two groups are now working towards a shared goal of a scalable and consistent platform. This merging of interests has also led to security being baked in from the start, rather than IT teams developing apps and handing them over to security at the last minute. More unity within all teams is crucial for future success, especially within an industry as critical as finance.

Network visibility to drive security and optimisation

To manage the ongoing challenges financial services firms are facing they must modernise their IT and security processes, while optimising costs during this economically challenging time. The key to achieving this is by enhancing infrastructure visibility.

A clear, unclouded view of on-prem, cloud and hybrid environments is crucial to ensure applications, traffic and users are all being monitored effectively to prevent and thwart attacks. This is especially important for FS companies as many still operate with legacy technology and are reliant on systems of record. The bottom line is, their corporate network is fed by different types and generations of systems and devices, which must all be monitored through a single pane of glass.

With a clear view of all data in motion on the network, security teams will be able to better prepare for a cyberattack – for example, by identifying when a DDoS attack is looming by analysing network traffic – and respond to secure the network proactively rather than reactively. Visibility is also central to enabling a Zero Trust security architecture, something financial organisations should be considering as the network perimeter expands and blurs. A Zero Trust framework contributes to network security by forgoing the implicit trust that is usually granted to users and devices from within a corporate network. Complete network visibility is crucial to this architecture as all network traffic needs to be discovered and analysed in order to grant, or not grant, access.

Full visibility is also a valuable asset when looking to optimise network tools, which will be a key tenet of this year as businesses strive to make the most of what they’ve got as they battle reduced budgets. Visibility of all data in motion – included encrypted traffic – on the network is crucial to swiftly assess whether traffic needs to be inspected in depth (in case it’s from a risky or unknown source) or if the inspection can be avoided (in the case of traffic associated to known, safe applications, like Zoom or Microsoft Teams). With this capability, IT teams can ensure only the necessary traffic is sent to each tool and filter out low risk, irrelevant or duplicate traffic. This instantly frees up bandwidth within current tools, thereby optimising the work of these tools and saving valuable resources. What’s more, with reduced traffic volume tools will report fewer and more reliable alerts, which can be instantly acted on by IT and security teams.

Networks have been turned inside out over the past year, meaning security and efficiency challenges have been rife. However, as businesses emerge out of the other side of this chaos it’s crucial that they make investments to secure their place in the new tomorrow. By ensuring complete visibility of all traffic on their network, financial services businesses can not only improve security – which is crucial for firms dealing with such valuable data – but they can drive tool optimisation, cost savings and greater efficiency.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development