{"id":1278,"date":"2019-09-18T07:00:21","date_gmt":"2019-09-18T14:00:21","guid":{"rendered":"https:\/\/www.microsoft.com\/en-gb\/2019\/09\/18\/why-banks-adopt-modern-cybersecurity-zero-trust-model\/"},"modified":"2022-06-28T10:45:50","modified_gmt":"2022-06-28T17:45:50","slug":"why-banks-adopt-modern-cybersecurity-zero-trust-model","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-gb\/microsoft-365\/blog\/2019\/09\/18\/why-banks-adopt-modern-cybersecurity-zero-trust-model\/","title":{"rendered":"Why banks are adopting a modern approach to cybersecurity\u2014the Zero Trust model"},"content":{"rendered":"

Many banks today still rely on a \u201ccastle-and-moat\u201d approach\u2014also known as \u201cperimeter security\u201d\u2014to protect data from malicious attacks. Like medieval castles protected by stone walls, moats, and gates, banks that use perimeter security invest heavily in fortifying their network perimeters with firewalls, proxy servers, honeypots, and other intrusion prevention tools. Perimeter security guards the entry and exit points to the network by verifying the data packets and identity of users that enter and leave the organization\u2019s network, and then assumes that activity inside the hardened perimeter is relatively safe.<\/p>\n

Savvy financial institutions are now moving beyond this paradigm and employing a modern approach to cybersecurity\u2014the Zero Trust model. The central tenet of a Zero Trust model is to trust no one\u2014internal or external\u2014by default and require strict verification of every person or device before granting access.<\/p>\n

The castle\u2019s perimeters continue to be important, but instead of just pouring more and more investment into stronger walls and wider moats, a Zero Trust model takes a more nuanced approach of managing access to the identities, data, and devices within the proverbial castle. So, whether an insider acts maliciously or carelessly, or veiled attackers make it through the castle walls, automatic access to data is not a given.<\/p>\n

Limitations of a castle-and-moat approach<\/h3>\n

When it comes to safeguarding today\u2019s enterprise digital estate, the castle-and-moat approach has critical limitations because the advent of cyberthreats has changed what it means to ward and protect. Large organizations, including banks, deal with dispersed networks of data and applications accessed by employees, customers, and partners onsite or online. This makes protecting the castle\u2019s perimeters more difficult. And even if the moat is effective in keeping enemies out, it doesn\u2019t do much for users with compromised identities or other insider threats that lurk within the castle walls.<\/p>\n

The practices below are all sources of exposure and are common in banks that rely on a castle-and-moat approach to security:<\/p>\n