{"id":1229,"date":"2019-09-18T07:00:21","date_gmt":"2019-09-18T14:00:21","guid":{"rendered":"https:\/\/www.microsoft.com\/en-au\/2019\/09\/18\/why-banks-adopt-modern-cybersecurity-zero-trust-model\/"},"modified":"2022-06-28T10:43:04","modified_gmt":"2022-06-28T17:43:04","slug":"why-banks-adopt-modern-cybersecurity-zero-trust-model","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-au\/microsoft-365\/blog\/2019\/09\/18\/why-banks-adopt-modern-cybersecurity-zero-trust-model\/","title":{"rendered":"Why banks are adopting a modern approach to cybersecurity\u2014the Zero Trust model"},"content":{"rendered":"
Many banks today still rely on a \u201ccastle-and-moat\u201d approach\u2014also known as \u201cperimeter security\u201d\u2014to protect data from malicious attacks. Like medieval castles protected by stone walls, moats, and gates, banks that use perimeter security invest heavily in fortifying their network perimeters with firewalls, proxy servers, honeypots, and other intrusion prevention tools. Perimeter security guards the entry and exit points to the network by verifying the data packets and identity of users that enter and leave the organization\u2019s network, and then assumes that activity inside the hardened perimeter is relatively safe.<\/p>\n
Savvy financial institutions are now moving beyond this paradigm and employing a modern approach to cybersecurity\u2014the Zero Trust model. The central tenet of a Zero Trust model is to trust no one\u2014internal or external\u2014by default and require strict verification of every person or device before granting access.<\/p>\n
The castle\u2019s perimeters continue to be important, but instead of just pouring more and more investment into stronger walls and wider moats, a Zero Trust model takes a more nuanced approach of managing access to the identities, data, and devices within the proverbial castle. So, whether an insider acts maliciously or carelessly, or veiled attackers make it through the castle walls, automatic access to data is not a given.<\/p>\n
When it comes to safeguarding today\u2019s enterprise digital estate, the castle-and-moat approach has critical limitations because the advent of cyberthreats has changed what it means to ward and protect. Large organizations, including banks, deal with dispersed networks of data and applications accessed by employees, customers, and partners onsite or online. This makes protecting the castle\u2019s perimeters more difficult. And even if the moat is effective in keeping enemies out, it doesn\u2019t do much for users with compromised identities or other insider threats that lurk within the castle walls.<\/p>\n
The practices below are all sources of exposure and are common in banks that rely on a castle-and-moat approach to security:<\/p>\n
The benefits of a Zero Trust approach have been well documented<\/a>, and a growing number of real-world examples show that this approach could have prevented sophisticated cyberattacks. However, many banks today still adhere to practices that diverge from Zero Trust principles.<\/p>\n Adopting a Zero Trust model can help banks strengthen their security posture, so they can confidently support initiatives that give employees and customers more flexibility. For example, bank executives would like to untether their customer-facing employees\u2014such as relationship managers and financial advisors\u2014from their desks and meet clients outside bank premises. Today, many financial institutions support this geographic agility with analog tools like paper printouts or static views of their counsel. However, both bank employees and customers have come to expect a more dynamic experience using real-time data.<\/p>\n Banks that rely on a castle-and-moat approach to security are hesitant to disperse data outside the physical network. As such, their bankers and financial advisors can only tap the dynamic models of proven and disciplined investment strategies if their client meetings take place on bank premises<\/em>.<\/p>\n Historically, it\u2019s been cumbersome for bankers or financial advisors on the go to share real-time model updates or actively collaborate with other bankers or traders, at least not without VPNs. Yet, this agility is an important driver of sound investment decisions and customer satisfaction. A Zero Trust model enables a relationship manager or an analyst to harness insights from market data providers, synthesize with their own models, and dynamically work through different client scenarios whenever and wherever.<\/p>\n The good news is this is a new era of intelligent security\u2014powered by the cloud and Zero Trust architecture\u2014that can streamline and modernize security and compliance for banks.<\/p>\n With Microsoft 365<\/a>, banks can make immediate steps towards a Zero Trust security by deploying three key strategies:<\/p>\n Banks can also deploy strong authentication methods such as two-factor or passwordless Multi-Factor Authentication (MFA)<\/a>, which can reduce the risk of a breach by 99.9 percent. Microsoft Authenticator<\/a> supports push notifications, one-time passcodes, and biometrics for any Azure AD connected app.<\/p>\n For Windows devices, bank employees can use Windows Hello<\/a>, a secure and convenient facial recognition feature to sign in to devices. Finally, banks can use Azure AD Conditional Access<\/a> to protect resources from suspicious requests by applying the appropriate access policies. Microsoft Intune and Azure AD work together to help make sure only managed and compliant devices can access Office 365 services including email and on-premises apps<\/a>. Through Intune, you can also evaluate the compliance status of devices. The conditional access policy is enforced depending on the compliance status of the device at the time that the user tries to access data.<\/p>\n <\/p>\n Conditional access illustration.<\/em><\/p>\n <\/p>\n The Microsoft 365 security center.<\/em><\/p>\n <\/p>\n Example of a classification and protection scenario.<\/em><\/p>\n Microsoft 365 helps simplify the management of security in a modern Zero Trust architecture, leveraging the visibility, scale, and intelligence necessary to combat cybercrime.<\/p>\n As you consider how to safeguard your modern \u201ccastle,\u201d a Zero Trust environment is optimal for modern cybersecurity threats. A Zero Trust environment requires up-to-the-minute oversight of who is accessing what, where, and when\u2014and whether they should even have access.<\/p>\n Microsoft 365 security and compliance capabilities<\/a> help organizations verify before they trust a user or device. Microsoft 365 also offers a complete teamwork and productivity solution<\/a>. Altogether, Microsoft 365 provides a comprehensive solution to help bank executives focus on customers and innovation.<\/p>\n","protected":false},"excerpt":{"rendered":" Many banks today still rely on a \u201ccastle-and-moat\u201d approach\u2014also known as \u201cperimeter security\u201d\u2014to protect data from malicious attacks. Like medieval castles protected by stone walls, moats, and gates, banks that use perimeter security invest heavily in fortifying their network perimeters with firewalls, proxy servers, honeypots, and other intrusion prevention tools. Perimeter security guards the entry<\/p>\n","protected":false},"author":0,"featured_media":1233,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[146],"product":[148],"audience":[195,193],"tags":[219,257,225],"coauthors":[],"class_list":["post-1229","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","product-microsoft-365","audience-banking","audience-enterprise","tag-azure","tag-windows-hello","tag-zero-trust-security"],"yoast_head":"\nMicrosoft 365 helps transform bank security<\/h3>\n
\n
\n
\n
Simplify security management with Zero Trust<\/h3>\n