Dean Clark, Group Chief Technology Officer for GFT
Today’s customers expect mobile-first banking experiences that allow them to manage their finances seamlessly via an app. These evolving demands have forced even the most conservative legacy banks to rethink their technological strategies and embrace change. Many are now pursuing cloud transformation strategies to modernise their operations, reduce costs and meet consumer expectations.
Yet, as banks transition from centralised mainframes to cloud-based platforms, they must carefully navigate the balance between innovation and security.
The security imperative in digital banking
Whilst cloud transformation offers exciting opportunities for financial institutions, it also introduces new security challenges. Many banks are adopting hybrid multicloud models to modernise incrementally. Meanwhile, new digital banks are being launched fully on the cloud, enabling them to prioritise agility and scalability from day one.
Security in this context must be seamlessly embedded into every stage of development. One of the key challenges is securing cloud infrastructure, often built using Infrastructure as Code (IaC). In particular, it is key to ensure that IaC adheres to best practices, free from vulnerabilities or misconfigurations.
In addition to backend systems, consumer-facing portals and mobile applications must also incorporate robust security measures. These elements not only protect user data but also enhance trust, which is critical for customer retention in an increasingly competitive market.
The importance of a unified security platform
A unified security solution is essential for streamlining security management across the entire lifecycle of a digital bank. This approach is built on three interconnected pillars. Firstly, risk prevention involves integrating security tools directly into development pipelines, which helps identify and prevent risks and misconfigurations before they reach production. Secondly, visibility and control are achieved through continuous monitoring and management of cloud assets, offering a clear and dynamic understanding of the security landscape. Finally, runtime protection ensures the safeguarding of cloud workloads, web applications and APIs through solutions like cloud threat detection, host security, container security, serverless security, and web application & API protection.
Together, these pillars create a proactive, transparent and resilient security framework. By adopting this holistic strategy, digital banks can reduce risks, enhance operational efficiency and meet stringent compliance requirements – laying the foundation for secure and scalable growth in a highly competitive financial environment.
‘Zero trust’: A pillar of digital banking security
The ‘zero trust’ model has become a cornerstone of modern security strategies, especially for cloud-native banks. Guided by the principle of “never trust, always verify,” this approach ensures that no user or system is granted access without rigorous authentication and that all interactions are continuously monitored.
Implementing zero trust involves defining and enforcing clear boundaries between the applications the users are accessing and the cloud resources. Access should be strictly controlled, with no permissions granted unless identification and authentication requirements are met. Once access is established, monitoring and logging mechanisms must be deployed to inspect and document all interactions with the system, providing critical visibility into potential threats and ensuring compliance.
To further enhance security, mutual transport layer security (TLS) can be integrated as a foundational design principle, ensuring secure authentication with third-party entities over the internet. By embracing these practices, digital banks can build a robust security framework that protects against evolving threats whilst maintaining trust and operational integrity.
Salt Bank: A case study that sets the standard for security in digital banking
A leading example of embedding security into a digital banking platform is Salt Bank, a next-generation digital bank launched in Romania. Built and launched in under 12 months, Salt Bank exemplifies how a security-by-design approach can be seamlessly integrated into a bank’s architecture from the outset.
Guided by this security-by-design philosophy, Salt Bank implemented measures such as zero trust architecture, threat modelling, cloud security posture management, and automated security operations. Together, these strategies established a robust defence against cyber threats whilst allowing the bank to focus on improving customer experience.
Key to Salt Bank’s success was Engine by Starling, a SaaS platform tailored for digital banking, paired with Palo Alto Networks’ Prisma Cloud. Prisma Cloud played a critical role in securing the bank’s cloud infrastructure. Its comprehensive capabilities, including misconfiguration monitoring, risk detection, remediation, and compliance management, provide a unified and proactive approach to managing security in a complex cloud environment.
The future of digital banking
As digital banking continues to evolve, the financial sector faces a dual challenge: meeting growing consumer expectations, whilst combatting increasingly sophisticated cyber threats. Advanced security measures, like those exemplified by Salt Bank, are paving the way for a future where banks can deliver both.
The integration of security into every stage of the development lifecycle – from design to deployment – will be critical. Regulatory requirements will continue to grow more stringent, and banks that can balance security, scalability and user experience will emerge as leaders in the market.
Ultimately, fostering consumer trust will depend on the industry’s ability to maintain robust security without sacrificing innovation. The future of banking may be digital, but its success will hinge on ensuring customers feel safe and confident in every interaction.
