Finance

A zero trust environment is critical for financial services

Published

1 year ago

September 24, 2022

admin

Boris Bialek, Managing Director of Industry Solutions at MongoDB

Not long ago security professionals were still focused on protecting their IT in a similar formation to mediaeval guards protecting a walled city – concentrating on making it as difficult as possible to get inside. Once past this perimeter though, access to what was within was endless. For financial services, this means access to everything from personal identifiable information (PII) including credit card numbers, names, social security information and more ‘marketable data’. Unfortunately, we have many examples of how this type of security doesn’t work, the castle gets stormed and the data isn’t protected. The most famous is still the Equifax incident, where a small breach has led to years of unhappy customers.

Thankfully the mindset has shifted spurred on by the proliferation of networks and applications across geographies, devices and cloud platforms. This has made the classic point to point security obsolete. The perimeter has changed, it is fluid, so reliance on a wall for protection also has to change.

Zero trust presents a new paradigm for cybersecurity. In this context, it is already assumed that the perimeter is breached,no users are trusted, and trust cannot be gained simply by physical or network location. Every user, device and connection must be continually verified and audited.

What might seem obvious, but begs repeating, with the amount of confidential customer and client data that financial institutions hold – not to mention the regulations – this should be an even bigger priority. The perceived value of this data also makes financial services organisations a primary target for data breaches.

But how do you create a zero trust environment?

Boris Bialek

Keeping the data secure

While ensuring that access to banking apps and online services is vital, it is actually the database that is the backend of these applications that is a key part of creating a zero trust environment. The database contains so much of an organisation’s sensitive, and regulated, information, as well as data that may not be sensitive but is critical to keeping the organisation running. This is why it is imperative that a database is ready and able to work in a zero trust environment.

As more databases are becoming cloud based services, a big part of this is ensuring that the database is secure by default, meaning it is secure out of the box. This takes some of the responsibility for security out of the hands of administrators because the highest levels of security are in place from the start, without requiring attention from users or administrators. To allow access, users and administrators must proactively make changes – nothing is automatically granted.

As more financial institutions embrace the cloud, this can get more complicated. The security responsibilities are divided between the clients’ own organisation, the cloud providers and the vendors of the cloud services being used. This is known as the shared responsibility model. This moves away from the classic model where IT owns hardening the servers and security, then needs to harden the software on top – say the version of the database software – and then needs to harden the actual application code. In this model, the hardware (CPU, network, storage) are solely in the realm of the cloud provider that provisions these systems. The service provider for a Data-as-a-Service model then delivers the database hardened to the client with a designated endpoint. Only then does the actual client team and their application developers and DevOps team come into play for the actual “solution”.

Security and resilience in the cloud are only possible when everyone is clear on their roles and responsibilities. Shared responsibility recognizes that cloud vendors ensure that their products are secure by default, while still available, but also that organisations take appropriate steps to continue to protect the data they keep in the cloud.

Authenticate Everyone

In banks and finance organisations, there is always lots of focus on customer authentication, making sure that accessing funds is as secure as possible. But it is also important to make sure that access to the database on the other end is secure. An IT organisation can use any number of methods to allow users to authenticate themselves to a database. Most often that includes a username and password, but given the increased need to maintain the privacy of confidential customer information by financial services organisations this should only be viewed as a base layer.

At the database layer, it is important to have transport layer security and SCRAM authentication which enables traffic from clients to the database to be authenticated and encrypted in transit.

Passwordless authentication is also something that should be considered – not just for customers, but internal teams as well. This can be done in multiple ways with the database, either auto-generated certificates that are needed to access the database or advanced options for organisations already using X.509 certificates and have a certificate management infrastructure.

Tracking is a key component

As a highly regulated industry, it is also important to monitor your zero trust environment to ensure that it remains in force and exompasses your database. The database should be able to log all actions or have functionality to apply filters to capture only specific events, users or roles.

Role-based auditing lets you log and report activities by specific roles, such as userAdmin or dbAdmin, coupled with any roles inherited by each user, rather than having to extract activity for each individual administrator. This approach makes it easier for organisations to enforce end-to-end operational control and maintain the insight necessary for compliance and reporting.

Next level encryption

With large amounts of valuable data, financial institutions also need to make sure that they are embracing encryption – in flight, at rest and even in use. Securing data with client-side field-level encryption allows you to move to managed services in the cloud with greater confidence. The database only works with encrypted fields and organisations control their own encryption keys, rather than having the database provider manage them. This additional layer of security enforces an even more fine-grained separation of duties between those who use the database and those who administer and manage it.

Also, as more data is being transmitted and stored in the cloud – some of which are highly sensitive workloads – additional technical options to control and limit access to confidential and regulated data is needed. However, this data still needs to be used. So ensuring that in-use data encryption is part of your zero trust solution is vital. This also enables organisations to confidently store sensitive data, meeting compliance requirements, while also enabling different parts of the business to gain access and insights from it.

Securing data is only going to continue to become more important for all organisations, but for those in financial services the stakes can be even higher. Leaving the perimeter mentality to the history books and moving towards zero trust – especially as cloud and as-a-service infrastructure permeates the industry – is the only way to protect such valuable data.

Up Next

Mini-Budget 2022:

Don't Miss

Anyone Can Become an R&D Tax Expert with the Right Foundations

Business

In-platform solutions are only a short-term enhancement, but bespoke AI is the future

Published

15 hours ago

September 27, 2023

editorial

By Damien Bennett, Global Director, Principal Consultant, Incubeta

If you haven’t heard anyone talking about artificial intelligence (AI) yet, then where have you been? Conversations about AI and its advantages to society have been a key talking point over recent months, with advances being made in the generative AI race and ChatGPT opening a whole plethora of possibilities. Many have highlighted the advantages of AI, but notably it’s ability to create human-like content.

But these discussions have only scratched the surface of what AI is capable of doing. It is for far more than just essay writing, adding Eminem to your rave and photoshopping dogs into pictures.

In marketing, we have been using AI for years, for everything from analyzing customer behaviors to predicting market changes. It’s enabled us to segment customers, forecast sales and provide personalized recommendations, having a huge impact on how our industry works.

It is even, for the more savvy marketers of the world, becoming a key tool in maximizing budget efficiency – which is apt, considering over 70% of CMOs believe they lack sufficient budget to fully execute their 2023 strategy.

Now, as AI becomes more intelligent, the number of efficiencies it can unlock continues to rise. Not only can it help brands get the most out of their available resources and identify any areas of waste, but it can also help highlight new opportunities for growth and maximize the impact of your budget allocation.

The trick, however, is to veer away from the norm of using in-platform solutions with a one-size-fits-all approach and create your own, bespoke solutions that are tailored to your business needs.

Pitfalls of in-platform solutions

In-platform solutions aren’t by any means a bad thing. In fact, built-in AI tools have become increasingly popular, owing to their ease of integration, user-friendly interfaces and minimal set up requirements. They come pre-packaged with the platform, offering the user the ability to leverage AI technologies without the need for in-depth technical expertise or the upfront cost of building a solution from scratch.

However, the streamlined and accessible nature of in-platform AI solutions comes at the expense of complexity and customization. They are designed to serve a broad user base, but for the most part are built using narrow AI solutions with predefined features and workflows.

This makes them great for assisting with common AI tasks, but they lack the flexibility to tailor functionality towards unique business requirements or innovative use cases, limiting the potential efficiencies and cost savings that can be unlocked. Additionally, if a business’ competitors are using the same platform, they are probably using the same AI solution, meaning any strategic advantage gained from these will be reduced.

Bespoke AI solutions, on the other hand, may carry a higher initial investment – but can offer a significantly more attractive ROI over a short amount of time.

Why customized and adapted AI is the key

The difference between bespoke AI and in-platform solutions is similar to that between home cooked food and a microwave meal. Yes, it is more time consuming to prepare, and yes it likely carries more of an upfront cost, but the end result is going to be far more appealing and will carry more long-term value (financially… not nutritionally).

That’s because bespoke solutions, by nature, will have been tailored to address your brands specific needs and challenges. These custom-built tools allow for much greater efficiencies by streamlining workflows across different channels, automating more complex tasks, and providing deeper, more relevant insights.

The increased level of optimization can significantly improve productivity and reduce operational costs over time, offering a higher ROI. The increased flexibility of bespoke AI also allows brands to implement innovative use cases that can significantly differentiate them from their competitors.

The data analyzed can be specifically chosen to match business requirements, as can the outputs of the AI tool, providing a significant advantage when understanding and acting on the insights provided.

Additionally, these tools are, by nature, more scalable. They can be updated, upgraded and expanded as needs change, ensuring they continue delivering value as the business grows. They can also be designed to integrate with any existing IT infrastructure, from CRM systems and databases to marketing platforms and sales tools – leading to more efficient and effective decision-making.

Managing finances with AI

It’s no secret that AI in marketing automation has, and will continue to, revolutionize the way marketing is done. It has a bright, if slightly terrifying, future and can help CMOs to unlock new efficiencies, maximize the impact of their budgets and increase their ROI. And as this technology becomes more advanced, its impact will only increase.

But we already know that…and so does everyone else.

So, in order for businesses to make themselves stand out from the crowd , they must look to fully adopt the power of AI. Creating a customized and unique AI solution could be the way to set yourself apart from your competitors. A bespoke AI tool can provide brands and businesses with features unique to them and their business needs. As a result, companies will benefit from more useful data and better results to make more data-driven decisions for their business. Ultimately, this will help brands to maintain a competitive edge over their competitors, deliver ROI and most importantly optimize their budgets.

Business

Is your business suffering with Fintech FOMO?

Published

2 days ago

September 26, 2023

admin

Tom Kiddle, Chief Commercial Officer at Equals Money

It’s a challenging time for businesses of all sizes, but the past three years created storms that are particularly hard for SMEs to weather. For businesses dealing with shrinking margins, while a weakened pound is making international purchases more costly, it’s a scary time.

For many businesses this meant initially reigning in any unnecessary costs, reducing investment in anything deemed as a ‘nice to have’, and focusing on keeping the lights on. However, despite not being out of the woods in terms of economic challenges, this year many SMEs have their eyes on growth.

While some might have been buoyed by the news that the UK narrowly avoided a recession at the end of last year^[1], data shows businesses were already making investments before this news was released. In fact, UK business investment rose by 4.8% in Quarter 4 (Oct to Dec) 2022, coming in at 13.2% above where it was during the same quarter in 2021^[2].

So, where are SMEs putting their cash? As well as predictable spending on IT equipment, machinery, and transport^[3], businesses are also putting more funding than ever into technology investments – a trend that isn’t slowing down anytime soon. UK tech investment is set to grow at its fastest rate in over 15 years, both in terms of budget but also headcount^[4]

Tom Kiddle

UK businesses are clearly seeing the real opportunity that technology, in all its various forms, presents to their operations. This may also be bolstered by the fact that tech investments are potentially more cost-effective now that the government has made recent changes to R&D tax relief, which sees things like cloud computing and data included in expenditure categories^[5]. When it comes to revamping legacy systems and introducing Fintechs that offer businesses a smarter, easier, automated way of doing business, investing in technology can increasingly feel like a no brainer.

However, it’s rare that a one size fits all solution exists for businesses. What works for your competitor may not offer the same benefits to your organisation. In a world with so many risk factors, making smart investments that are aligned to your individual business goals is key.

Tom Kiddle, Chief Commercial Officer at innovative money movement solution Equals Money, explains four ways businesses can reap the rewards of smart tech investments:

1. Measurement

Can you measure the impact it will have on your business? It doesn’t have to be monetary, but if it gives you efficiency, visibility, or certainty, these can have measurable tangible impacts to your top and bottom line.

2. Insight

Does it tell you something you didn’t know before about your customers, your employees, your suppliers, and their behaviour? What could you do with that information? Often, businesses lack critical insight on their key drivers, and understanding those can open up new opportunities.

3. Action

Pretty charts and graphs make for good reading, but make sure you’re taking action with your new piece of tech. Setting accountability for action from your latest investment will drive your business to achieve a return on that investment and ensure it doesn’t sit on the shelf.

4. Adoption, adoption, adoption

Often, the latest tech trend may seem like a great investment to the motivated few, but look more broadly: if your intended internal target for your new tech fails to adopt the new practice, you won’t achieve the return promised. Also, more likely than not, you’ll frustrate both the key supporters of the new product and those you’re imposing it on.

Innovative technology, particularly in the finance space, can transform the way you do business, but avoid being lured in by solutions that don’t align to your individual needs. Good suppliers should always take the time to give an honest appraisal of whether their product is right for you and should leave you feeling empowered to devote time to what matters most – growing your business.

^[1] HR Solutions, 2022 ^[2] The Guardian, Feb 2023 ^[3] ONS, Dec 2022 ^[4] ONS, Dec 2022 ^[5] Nash Squared Digital Leadership Report, 2022 ^[6] BDO, 2023 [1] The Guardian, Feb 2023 [2] ONS, Dec 2022 [3] ONS, Dec 2022 [4] Nash Squared Digital Leadership Report, 2022 [5] BDO, 2023