Connect with us

Finance

A zero trust environment is critical for financial services

Published

on

Boris Bialek, Managing Director of Industry Solutions at MongoDB

Not long ago security professionals were still focused on protecting their IT in a similar formation to mediaeval guards protecting a walled city – concentrating on making it as difficult as possible to get inside. Once past this perimeter though, access to what was within was endless. For financial services, this means access to everything from personal identifiable information (PII) including credit card numbers, names, social security information and more ‘marketable data’. Unfortunately, we have many examples of how this type of security doesn’t work, the castle gets stormed and the data isn’t protected. The most famous is still the Equifax incident, where a small breach has led to years of unhappy customers.

Thankfully the mindset has shifted spurred on by the proliferation of networks and applications across geographies, devices and cloud platforms. This has made the classic point to point security obsolete. The perimeter has changed, it is fluid, so reliance on a wall for protection also has to change.

Zero trust presents a new paradigm for cybersecurity. In this context, it is already assumed that the perimeter is breached,no users are trusted, and trust cannot be gained simply by physical or network location. Every user, device and connection must be continually verified and audited.

What might seem obvious, but begs repeating, with the amount of confidential customer and client data that financial institutions hold – not to mention the regulations – this should be an even bigger priority. The perceived value of this data also makes financial services organisations a primary target for data breaches.

But how do you create a zero trust environment?

Boris Bialek

Keeping the data secure 

While ensuring that access to banking apps and online services is vital, it is actually the database that is the backend of these applications that is a key part of creating a zero trust environment. The database contains so much of an organisation’s sensitive, and regulated, information, as well as data that may not be sensitive but is critical to keeping the organisation running. This is why it is imperative that a database is ready and able to work in a zero trust environment.

As more databases are becoming cloud based services, a big part of this is ensuring that the database is secure by default, meaning it is secure out of the box. This takes some of the responsibility for security out of the hands of administrators because the highest levels of security are in place from the start, without requiring attention from users or administrators. To allow access, users and administrators must proactively make changes – nothing is automatically granted.

As more financial institutions embrace the cloud, this can get more complicated. The  security responsibilities are divided between the clients’ own organisation, the cloud providers and the vendors of the cloud services being used. This is known as the shared responsibility model. This moves away from the classic model where IT owns hardening the servers and security, then needs to harden the software on top – say the version of the database software – and then needs to harden the actual application code. In this model, the hardware (CPU, network, storage) are solely in the realm of the cloud provider that provisions these systems. The service provider for a Data-as-a-Service model then delivers the database hardened to the client with a designated endpoint. Only then does the actual client team and their application developers and DevOps team come into play for the actual “solution”.

Security and resilience in the cloud are only possible when everyone is clear on their roles and responsibilities. Shared responsibility recognizes that cloud vendors ensure that their products are secure by default, while still available, but also that organisations take appropriate steps to continue to protect the data they keep in the cloud.

Authenticate Everyone  

In banks and finance organisations, there is always lots of focus on customer authentication, making sure that accessing funds is as secure as possible. But it is also important to make sure that access to the database on the other end is secure. An IT organisation can use any number of methods to allow users to authenticate themselves to a database. Most often that includes a username and password, but given the increased need to maintain the privacy of confidential customer information by financial services organisations this should only be viewed as a base layer.

At the database layer, it is important to have transport layer security and SCRAM authentication which enables traffic from clients to the database to be authenticated and encrypted in transit.

Passwordless authentication is also something that should be considered – not just for customers, but internal teams as well. This can be done in multiple ways with the database, either auto-generated certificates that are needed to access the database or advanced options for organisations already using X.509 certificates and have a certificate management infrastructure.

Tracking is a key component 

As a highly regulated industry, it is also important to monitor your zero trust environment to ensure that it remains in force and exompasses your database. The database should be able to log all actions or have functionality to apply filters to capture only specific events, users or roles.

Role-based auditing lets you log and report activities by specific roles, such as userAdmin or dbAdmin, coupled with any roles inherited by each user, rather than having to extract activity for each individual administrator. This approach makes it easier for organisations to enforce end-to-end operational control and maintain the insight necessary for compliance and reporting.

Next level encryption

With large amounts of valuable data, financial institutions also need to make sure that they are embracing encryption – in flight, at rest and even in use. Securing data with client-side field-level encryption allows you to move to managed services in the cloud with greater confidence. The database only works with encrypted fields and organisations control their own encryption keys, rather than having the database provider manage them. This additional layer of security enforces an even more fine-grained separation of duties between those who use the database and those who administer and manage it.

Also, as more data is being transmitted and stored in the cloud – some of which are highly sensitive workloads – additional technical options to control and limit access to confidential and regulated data is needed. However, this data still needs to be used. So ensuring that in-use data encryption is part of your zero trust solution is vital. This also enables organisations to confidently store sensitive data, meeting compliance requirements, while also enabling different parts of the business to gain access and insights from it.

Securing data is only going to continue to become more important for all organisations, but for those in financial services the stakes can be even higher. Leaving the perimeter mentality to the history books and moving towards zero trust – especially as cloud and as-a-service infrastructure permeates the industry – is the only way to protect such valuable data.

Finance

Crypto’s tipping point

Published

on

By

Chris George, Senior VP of Product at Somo argues that Crypto needs to improve its scalability to be taken seriously

Cryptocurrencies are no longer the exclusive domain of high risk financiers or tech Bitcoin jockeys, willing to ride a niche and volatile asset for good or ill. Today, neobank and mainstream banking apps alike offer crypto banking, helping them trade in Bitcoin or Ethereum from as little as one dollar(https://www.revolut.com/crypto/).

Indeed, in September 2022, Finbold reported that British citizens had invested nearly £32bn in cryptocurrencies, and additional research from HMRC would have it that one in 10 UK adults has bought crypto, double the number from the previous year. 

But even given the legitimacy lent to crypto by the fact that now 50% of UK banks allow customers to interact with these currencies as well as other digital assets, how can the asset management industry turn it into a significant – and mainstream – asset, particularly in today’s turbulent economic climate? With the collapse of FTX, this must be taken into serious consideration. FTX was sold as being a safe and stable way to trade digital currency, alas this has not been the case. It turns out Sam Bankman-Fried seriously over-promised and dramatically under-delivered, gambling away customer assets and ultimately prioritising fraud and malpractice.

First, we need to acknowledge that not all crypto is created equal. Some, such as Bitcoin or Ethereum, do function as a currency, are limited in volume and therefore can increase and (as 2022 amply showed) decrease in value. But other blockchain-based crypto doesn’t behave like what most people commonly accept as currency at all. 

For there to be significant uptake in crypto as an asset, there is going to have to be a far broader and deeper understanding of what it is and what it can do. As Christophe Diserens, chief compliance officer at SwissBorg has suggested: “Value and useability are going to be key. Metcalfe’s Law has been used to value tech and internet stocks so why not crypto?”. That value took a bit of a beating during the recent sell-off and crypto’s perceived volatility will need to be addressed if it is to achieve scale. Because that’s what it’s going to need if it’s ever going to be considered as a legitimate global payment alternative in the future.

 

The role of The Merge

Not the latest B-movie, sci-fi flick, The Merge in September 2022 saw the world’s second-biggest cryptocurrency, Ethereum, move from a ‘proof of work’ to a ‘proof of stake’ protocol. This was nothing short of seismic. 

Proof of work is how the vast majority of crypto has been mined to date. People solving complex equations to validate transactions (the ‘work’) uses masses of computer processing energy, accounting for a significant slice of the world’s electricity consumption. In today’s climate (in both senses of the word), that’s just not on. 

Proof of stake, on the other hand, relies on far fewer ‘miners’, fewer computers and less energy as a result. This so-called ‘Merge’ is not only expected to reduce worldwide energy consumption by 0.2%, but also boost the crypto economy as a whole, creating more opportunities for investors and allow developers to build more products and applications on Ethereum. Ultimately, it could be what drives the decentralised internet of blockchain, crypto and NFT – Web3 – mainstream. 

What does this mean in the ‘real’ world? This could present a real opportunity for the financial services sector as a whole. It will change the way it operates, speeding up transactions, creating new business models and generally just making the whole thing a more efficient way of working. Fully cashless payments for business would be a real boon, given the costs and potential losses involved in transacting in cash. Digitisation also makes transacting an altogether more intuitive experience. 

One thing crypto and its associated technologies and solutions needs to be wary of is becoming a solution in search of a problem. For a truly mainstream breakthrough, the industry needs to make sure it’s bringing the consumer along on the journey. For end users to be truly confident in crypto, it has to benefit from the same levels of governance and regulation that cover the rest of the financial services industry, building and maintaining consumer confidence will be extremely important as trust levels have been shaken by the recent lack of solid administration and “irresponsible lending practices” leading to the FTX implosion . It has to be simple to transact, but with all the protections that investors have come to expect. It can’t afford to take them on another rollercoaster ride like 2022’s. 

While 50% of the UK’s banks may be getting on board with crypto to some degree, there is still a wide open ocean of opportunity for asset management players to realise value for themselves and their clients. It will involve some reshaping and more investment in digitisation to manage the assets of the future, whatever they may be. 

Somo, part of the CI&T family, will be publishing a report titled ‘Assessing the Crypto Conundrum: Will cryptocurrency ever be a significant trading asset and how can digitalisation shape its future?’ in 2023. 

Continue Reading

Finance

Skedadle to change the game for advertising with Currencycloud partnership

Published

on

By

Currencycloud, the experts simplifying business in a multi-currency world, has partnered with Scottish start-up app Skedadle to provide its users an easy, secure and seamless way to transfer money earned in-app while playing games on public transport.

Skedadle rewards travellers for the time they spend playing on-the-go. They can earn £2 per day simply for playing games on the move. That’s an extra £60 in their pocket each month. This can be done thanks to a disruption in the advertising market, by using algorithms to verify and track the users’ engagement with ads, proven to be higher while playing than in traditional online advertising, which increases product and brand recall for advertisers. Thanks to the partnership with Currencycloud, Skedadle users can use the app on public transport and be reassured that all financial transactions and financial data comply with the highest standards of security and validations.

By connecting to Currencycloud’s API technology, Skedadle has been able to integrate in their app a state-of-the-art payments ecosystem that seamlessly bulk settles the money earned from advertisers into a secure account and then processes withdrawals from users fast. At the same time, Currencycloud also sets the infrastructure that will enable them to grow both geographically in the UK and globally, by providing access to 38 currencies and low cost, fast FX rates.

Says Nick Macandrew, CEO and Founder at Skedadle: “Trust and security are crucial, especially when it comes to people’s money. As we rapidly grow our platform, we need a solution that can keep up with our pace and Currencycloud do just that. Our cutting-edge technology requires a secure, stable, and simple way of managing payments, whilst guaranteeing the best user experience possible.”

Nick Cheetham, Chief Revenue Officer at Currencycloud commented: “Backing bold start-ups from day one has always been part of our DNA. Skedadle’s creation of new revenue streams for travellers and advertisers alike is an exciting business endeavour. We are eager to see how the  platform can grow and disrupt the market by integrating our seamless payment capabilities.”

Continue Reading

Magazine

Trending

Business15 hours ago

Ransomware chokes COBRA: How AI-powered data analysis can support financial services’ plight

By Toby Butler, Financial Crime Solutions Manager at Ripjar   Ransomware attacks are on the increase in the United Kingdom....

Banking22 hours ago

How Banks Can Boost App Innovation, Speed and Compliance

Steve Barrett, Senior Vice President of International Operations, Delphix  As new finance and banking applications disrupt the market each day,...

Business22 hours ago

SVEA BANK ACQUIRES AREX’S FINTECH OPERATION IN FINLAND

AREX Markets, the data-driven FinTech company that drives financing costs down for SMEs and enables them to get paid quicker, has...

News22 hours ago

ICICI Lombard and AU Small Finance Bank announce Bancassurance tie-up

ICICI Lombard General Insurance, India’s leading private sector non-life insurance company, is entering into a Bancassurance tie-up with AU Small Finance Bank....

Finance22 hours ago

Crypto’s tipping point

Chris George, Senior VP of Product at Somo argues that Crypto needs to improve its scalability to be taken seriously Cryptocurrencies are...

Business4 days ago

Why Procurement is key in delivering your ESG strategy

By Edward Cox, Principal at Efficio Consulting   Environmental, social, and governance (ESG) has shifted from a niche to a...

Finance4 days ago

Skedadle to change the game for advertising with Currencycloud partnership

Currencycloud, the experts simplifying business in a multi-currency world, has partnered with Scottish start-up app Skedadle to provide its users...

Finance4 days ago

How financial services organisations can harness the power of low-code/no-code

By Joman Kwong, Strategic Solutions Manager, Financial, at Laserfiche   The UK’s erratic economy, and its spiralling cost-of-living crisis, have...

Finance4 days ago

SaaScada Top Five Predictions for 2023

From BNPL for business, to sustainability and financial inclusion, 2023 is going to be a year of change as the...

Business6 days ago

Hidden channel costs: how to find and tackle them

By Mark Wass, Strategic Sales Director, UK and North EMEA at CloudBlue     Growth for businesses will always be a...

Finance6 days ago

Is your business ready for finance automation?

Mari-Frances Bentvelzen, Business Head and General Manager of Global SMB at SAP Concur   As managers continue to drive their...

Top 106 days ago

The power of a proactive customer service

By Delia Pedersoli, COO, MultiPay   2023 is shaping up to be another challenging period for B2C businesses. While the...

Business6 days ago

Automation nation: Liberating workers from desks, data entry and the doldrums

Gert-Jan Wijman, VP of EMEA at Celigo.   Just when businesses thought the tough times were over, even more challenges...

News6 days ago

Protean and Fino Payments Bank tie-up to expand PAN card issuance services in India

Fino Payments Bank has tied up with Protean eGov Technologies (formerly NSDL e-Governance Infrastructure Limited), a market leader in universal,...

Business6 days ago

What is the True Cost of SMS Phishing?

Gemma Staite, Threat Analytics Lead   Cybercriminals will recycle attack strategies for as long as they are effective. In Fraud...

Technology7 days ago

Digital Asset Management (DAM) To Transform Enterprise Brand Management

Alexander Rich, Co-founder and CEO – Desygner    Rapid digital transformation fuelled by the pandemic has undoubtedly proven beneficial to...

Finance7 days ago

Cost of living: How to identify vulnerable customers

Ellie Engley is account director at REaD Group   In the current climate, the cost of living crisis is a...

Banking7 days ago

Is traditional business banking the best option for SME finance squeezes?

Airto Vienola, CEO, AREX Markets  The pressures facing business and personal finances alike have been well documented. Stories are now starting...

Business7 days ago

Breaking down communications silos to streamline the customer experience

Dave Tidwell, Head of Technical Pre-sales, DigitalWell   The pandemic has, without doubt, moved the goalposts when it comes to...

Business7 days ago

How growth can be a big challenge when a business becomes multiple entities

By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit. Organisations don’t just grow in size – they also...

Trending