In a recent post I discussed how Juniper’s hybrid cloud capabilities enhance our CRA strategy (Cost, Risk, Agility) for addressing the most critical business technology decisions of our clients. The first question posed by any financial services (FSI) firm considering a move to the cloud is whether they can build in appropriate levels of security. The answer is yes; however it requires a shift in the traditional way of thinking about security.
The notion of securing a system’s endpoints is no longer feasible or scalable. Consumers continue to increase the number of devices they use, and can’t be counted on to take the lead in implementing the necessary safeguards. Therefore, FSI firms need to protect all of these endpoints.
Internally, the risks posed by ransomware and the potential for security breaches are all too real. Attacks on mission critical hospital systems have made headlines, turning these extortion attempts into literal life-or-death situations. Apple’s iOS devices - often viewed as immune to such schemes - have recently become targets as well. In late 2015 the FBI generated unwelcome headlines on this topic when an agent was quoted as acknowledging the easiest remedy is often to pay up. This is in addition to the many other threats that are making FSI IT administrators increasingly disconcerted, including unintentional malware access, credential phishing, and disgruntled, tech-savvy employees who may wreak havoc on distributed computing systems.
At the same time, the market’s ongoing push to make key applications more open and accessible runs counter to conventional ideas of security. FSI firms cannot afford to allow the market promise of open systems to open the door to more hacking opportunities.
The answer to these challenges is deceptively simple: Secure the network, not the endpoints. Juniper’s Software Defined Secure Networks (SDSN) provide ideal foundations for such a solution. Juniper’s SDSN enables security enforcement to be targeted to specific locations - IT can identify the relevant areas, segment activities and enforce policies only on the areas that need to be isolated. For example, by securing the network rather than restricting the individuals with access to the network, SDSN can potentially mitigate (if not eliminate) the impact of a ransomware attack by providing detailed information on how particular servers were accessed.
SDSN requires only a central offline ticket rather than a site visit when configurations need to be changed, allowing the task to be accomplished in minutes instead of weeks. Think about the endpoint approach another way - an individual can run an antivirus scan on their FitBit, smartphone, smart watch, tablet, etc., to identify and expose risks. As soon as an iOS or other operating system update is pushed, however (as is done with increasing frequency), the entire process must be repeated. Extend this analogy to a bank’s footprint, and the task of protecting all endpoints become virtually impossible. A network-based approach, by contrast, reduces the complexity by orders of magnitude.
One of the factors behind Blockchain’s building momentum in financial services settings is its end-to-end encryption (see my colleague Tony Evans’ insightful blog on Blockchain). Securing the entire network accomplishes many of these same goals, fostering data integrity and access by ensuring that no single entity can decrypt a data packet. With SDSN, Juniper is best suited to implement such an approach.
Through SDSN, security primarily addresses the Risk component of the CRA model - although it could be seen as reducing cost and enhancing agility as well. Security is also a major consideration in the way banks establish system connectivity for new branches - I’ll explore this topic in my next entry.