A secure IT infrastructure: The mainspring of next gen banking

Aravindan Anandan

The changes in consumer behavior which is inclined towards a more IT equipped consumption over the internet and mobile devices is compelling the Financial institutions (FI’s) to deploy more online systems, including internet banking systems, mobile banking and payments, online trading platforms and insurance portals, to reach their customers.

Financial services organizations handle trillions of transactions each year, and many of their customers expect cutting edge technology and services to manage those transactions efficiently. As much as the open networks facilitate quicker and more flexible operations, it also puts forward fertile grounds for cybercrimes. Threats have become more radical in complexity, diversity and overall volume and have grown into powerful munitions that can inflict disaster in financial institutions.

For the FIs to succeed in the Web 2.0 era, it is fundamental to assess their vulnerability to cyber-risk and deploy a robust risk management sentinels that have the capability to track, manage and mitigate these risks.

The Changing Dynamics of the Financial Sector

Making banking services available at the fingertips is a revolutionary concept and the banking sector is making it accessible through their IT initiatives. However, despite the tremendous potential that the mobile platform offers with respect to financial services the distinctive risks impede the progress. It is critical that the new security risks presented by mobile banking are identified and mitigated.

‘Cloud’ and ‘big data’ are also gaining ground in the industry. Financial institutions hold sensitive information about their clients – individual, firms, and other parties. Safeguarding this data is the cornerstones for building client confidence. Without doubt cloud has its inherent advantages but it also presents disadvantages that are both real and seeming, chief among them being the reputation damage in the event of any security breach.

Banks are also using big data to analyze user patterns. It would be practically impossible to run the algorithms around raw data to derive business information without the cloud.

Deploying a Robust Security infrastructure

There is definitely a scope for technology improvement in the financial sector space.

A More Robust B2B integration of applications

The online platforms involve a complex supply chain of multiple vendors by integrating with their application in order to provide the seamless service with the consumers. This puts forward the probability of a security breach at every such integration point. There was a very unique case where one of the prominent banks of the country had a breach of security wherein the attacker was able to manipulate the data that he was paying to the payment gateway service- while that information was related to the bank, he was able to manipulate the data to the actual data that the bank would accept and in that way he ended up saving a lot of money for himself. So there are lots of small nuggets in terms of having a robust solution that works in that space.

Application Logic Security: Focus area for Financial Institutions

Most financial initiatives are on the web and we no longer indulge in emails or chats to do our transactions. We rely on the applications to do those transactions for us which requires the security requirements to be more robust for web application and in turn that can take care of the overall network security. People understand that they need to have a complex password for their accounts. But what they don’t understand is the underlying problem between applications that could still compromise their security and data. There are attackers who are targeting web applications more than anything else. The companies not only need password protection and flow control but also application logic security.

Invest in Web application Firewall, Email Archiver and Next Generation Firewall

Data protection technology and application security technologies are critical to any financial institution and therefore they should look out for technologies in three domains: applications security, content security and network security. Web application firewall takes care of application layer threats that would cover a mobile application as well as browser-based applications. Email archiver guards the email data of an organization for fast retrieval and protection of origin of the data on the premises of the company. Next Generation firewall covers the network security requirements of a company.  This technology renders visibility into what kind of data is traversing the network- both incoming and outgoing and also detects any breach of compliance by data or traffic that is not meant to be accessed by a particular layer.

A Vigilant Security Infrastructure

One of the most important aspects a financial institution should look into is the visibility they have on what is going on when their portal or app is up and running.  And this visibility is not only in terms of what the traffic is going through but also what data is being transferred. Having a good risk management approach to vulnerabilities is also another important thing that the banks need to invest in. Financial institutions also need to have an open ear to experts in the security domain. It is time that banks reach out for specialist offerings and opinion from security experts who bring to table experience, the expertise and a view into the latest technology that are best suited for their infrastructure.

The business of today flourishes in the environment that enables quick and secure information flow and transactional capability.  However, the financial industry is synchronized by the regulations that it needs to adhere to. A robust security infrastructure is the only element that can instill the confidence to transact freely and without fear. A secure infrastructure is the foundation and the mainspring of the next generation of banking.

The author is consulting systems engineer, APAC, Barracuda Networks