Ian Perry, Principal Solution Architect at Zscaler
We are living in a changed world; one of hybrid home/office work and customers who may never return to bank branches and the services of the high street. According to RFi Group, 73 per cent of UK consumers interact with their main bank via digital banking at least once a week, and only 23 per cent believe nothing can replace what they get in a branch. Meanwhile, institutions including JP Morgan, HSBC and Nationwide have all indicated an intention to retain new higher levels of homeworking.
Now that employees work from a multitude of locations and customers bank and manage their money online the race is on to adapt processes, systems and support structures for safe, secure and productive homeworking and digital access for customers. Inevitably, this calls into question legacy infrastructures in financial services and how they might impact digital progress.
New tools, old systems?
The question is, how can banks and other financial institutions securely provide a higher level of remote access to their systems and applications when incumbent infrastructures were developed for an entirely different time?
Of course, the first thing to note is that banks aren’t coming at the problem from a standing start. Oft-cited legacy infrastructures have been added to over time so that many set-ups are now an on-premise/cloud-hosted hybrid. In fact, the finance sector has invested heavily in cloud infrastructures and cloud-based office applications.
The issue is how to harmonise this set-up so that it works for users and organisations as a whole. Here, there is work still to be done. It’s often the case that core banking applications remain in mainframe on-premise networks, whilst other operational tools reside in the cloud. Cloud-based Office 365 is a case in point. It supports digital working, as organisations need it to, but a range of its benefits and functions are at odds with legacy network setups.
Inevitably, when a product or service innovation reaches implementation planning stage, the starting point is the existing network, its systems and processes. The hard part is flipping this approach to assess what the resulting experience will be from the user point of view, but that is exactly what’s needed. It’s an approach that competing market disruptors have been ideally placed to adopt from day one.
However, that needn’t mean that financial institutions must completely overhaul their legacy infrastructure – something that would be expensive and complicated. They can still fully capitalise on the benefits of cloud-based services, among them flexibility, productivity, business continuity and the right customer and user experience.
Zero Trust without friction
One way is to take a ‘Zero Trust’ approach. As a result of recognised risks, 72 per cent of companies are prioritising the adoption of such a security model. This resets a data security approach from one that traditionally secured the perimeter to one that protects users, devices and business resources.
It’s a shift in emphasis from securing the network to securing each access and doing so without introducing friction into processes for users. We can think of legacy digital protection methods as a visitor getting a key from reception and being allowed to wander around the building, and compare that to a frictionless cloud experience in which a security guard shows the visitor directly to the room they need.
The Zero Trust model lends itself to high levels of remote access, which is exactly the situation organisations are now in. Employees work from anywhere, from a range of devices, and customers access services previously provided in-person online. Applications are no longer exclusively within the data centre, they are outside the network perimeter meaning that traffic must be enabled to run securely through the internet, rather than through corporate IT. Doing so not only equips organisations for the way things are today, it can also reduce the cost of individual site maintenance and enable the full benefit of cloud-based tools.
The technology now exists to make high levels of security completely invisible and so, with a growing number of security processes now taking place in the cloud, educating customers will be key. The industry must come together to improve user interfaces to signal what’s taking place behind the scenes.
With the right security approach, financial services can deliver on new access priorities to support their workforces and serve customers. Convenience, as well as security, should be the aim along with a strategy that ensures legacy doesn’t hold back innovation. That way, banks and other finance institutions can begin to fully capitalise on the benefits of cloud, adapt to meet customer demands as they evolve and compete in a disrupted market.
