JOHANNESBURG – Protecting valuable and sensitive financial data and maintaining customer trust through delivery of consistent, secure service is a key goal and priority for the finance industry.
Any disruption to service carries potential negative reputational and financial consequences for an organisation, so care must be taken to maintain service, even during times of maintenance and upgrades.
In the wake of high profile outages from the likes of payments firm Visa, regulators are now demanding that IT managers and financial service providers improve their operational resilience or face penalties that are likely to result in further financial and reputational losses.
However, any processes implemented must keep usability in mind, to avoid excessive downtime and adoption of workaround software by employees, which compounds issues surrounding security by introducing unauthorised applications into the organisation’s environment.
An outage can have serious continued repercussions for a company. The financial cost of a data breach is likely to be significant under GDPR and the reputational impact will continue to be felt in terms of loss of customer trust.
High availability and assurance are critical in the finance industry
In order to maintain high performance and accessibility – even during times of service interruption due to incidents (such as data breaches or system failures) or routine security updates – whilst effectively protecting sensitive content, the network must have high resilience, including availability and continuity.
Organisations must be able to provide consistent service through a system which allows for updates to be performed when they are needed, rather than waiting for scheduled windows of time without disruption. From an end-user’s perspective, a smooth experience with no service interruptions has to be achieved across the whole network, ensuring consistent reliability.
Widespread service disruption can have devastating consequences for an industry based on trust. Unhappy customers will not hesitate to voice their displeasure on social media platforms and additionally companies remain answerable to various regulatory bodies, including the Financial Sector Conduct Authority (FSCA).
This need for high availability must be balanced with the primary role of the network security: protecting vital assets. Securing the network begins with correct configuration and must be implemented at the start. In the end, systems and technologies will not be robust if setup is incorrectly configured and contains critical security holes which have not been addressed.
Misconfiguration is, in fact, the result of human error, which is the leading factor in security failures. As much as 80% of unplanned outages are due to changes made by administrators or developers who have not carefully considered potential pitfalls in their plans. Financial institutions simply cannot afford this downtime.
On top of security concerns, fixing issues requires increased resource investment, which negatively affects profitability and exacerbates the time that the service is offline. Misconfiguration also leads to increasing network complexity and makes overall control and troubleshooting more challenging.
A central management system is key
Network management systems play a critical role in avoiding human error and optimising time and resources used in network operations. All of this has a direct impact on the perceived security level and recurring costs.
Understanding the activities taking place within an organisation’s environment is fundamental and visibility is a key component of this. In this age of digital transformation, the more distributed and virtualised the network gets, the more essential remote management capabilities become.
Ensuring visibility across a network starts with a Next-Generation Firewall (NGFW) central management system. These management tools must enable organisations to rapidly react to network and business changes and provide constant control and visibility over the network.
At the same time, these tools must act in a way that does not hinder internal processes or negatively affect the user experience. This would result in increased IT security workarounds being implemented, which would compound problems surrounding visibility.
If a financial organisation is not keeping up with the changing demands of their workforce, employees will try to find workarounds or use personal technology that allows them to complete tasks effectively. Often these applications represent blind spots when it comes to network visibility and can leave organisations vulnerable.
As organisations increasingly move more and more of their infrastructure to the cloud, network security needs to evolve with it. Most organisations will be looking to extend network security to include not only the centralised infrastructure and data centres, but also into public cloud infrastructure and branches.
Modern NGFW vendors are integrating networking capabilities like SD-WAN in a bid to help network administrators to regain visibility and control of their expanding network.
There are many side benefits to implementing SD-WAN technology, one of the biggest is the reduction of WAN costs as organisations move from legacy dedicated MPLS networks to much cheaper local broadband connections for their distributed sites. Users get better direct to cloud performance, and these sites remain protected by enterprise class network security without increasing the management (visibility and control) overhead.
Protecting the vast amount of sensitive and highly valuable data held by financial institutions is critical to maintaining trust and safeguarding reputation. This industry is under an increasing amount of pressure to remain robust, even though no software solution is fool proof and will fail from time to time.
Through working with a trusted vendor, organisations can implement an NGFW solution that blocks malicious threats without affecting user experience, even when vital network maintenance is being carried out or during a security incident.
In addition, many financial institutions occupy different sites and operate in public cloud environments, so maintaining secure and scalable connectivity between these sites must also be a priority.
By implementing network security that meets all of these criteria, financial institutions will continue to provide a consistent service, which withstands system failures and changes to the threat landscape.
Mike Smart is a security strategist at Forcepoint EMEA.
The views expressed here do not necessarily represent those of Independent Media.