Financial services companies operate in data-rich environments that are constantly shifting, opening them up to new vulnerabilities and making them significant targets for cyberattacks. Adopting a Zero Trust-based approach to security architecture is essential for the companies to maintain the cyber resilience needed to avoid damaging attacks.
Leveraging Zero Trust as a framework for safeguarding data and infrastructure directly addresses the many IT security challenges that banking and capital markets companies face. These companies must combat cybersecurity threats, protect valuable digital assets, secure remote workers and meet stringent compliance requirements that are unique to the industry. Embracing Zero Trust not only involves implementing new solutions, but also requires a different approach and change in mindset — one that encompasses all aspects of the business and focuses on enterprise security.
Addressing industry challenges
A Zero Trust security environment is characterised by a “never trust, always verify” stance in which all users inside and outside an organisation’s network are identified, authenticated, authorised and continuously validated. Maintaining airtight security is especially crucial in the financial services industry, in which organisations represent high-value, primary targets for threat actors. Any loss of a customer’s digital assets or data to a security breach can cause severe reputational harm, not to mention potential fines and penalties.
When implementing a Zero Trust architecture in an operational environment, however, banking and capital markets companies face many challenges. For one, organisations are challenged to keep up with the quickly changing enterprise security landscape, in environments where change has traditionally been slower and approached more cautiously.
Of course, the pandemic forced a fast change in financial services. The traditional paradigm of workers sitting in corporate offices connected to a single corporate network has been replaced by a predominantly remote workforce. The shift to remote working has greatly increased risk, broadened the attack surface and multiplied the number of network access points that need to be continuously secured.
About the authors
About the authors
Mark Hughes is president of Security for DXC Technology. He is responsible for DXC’s Security business including cyber defense, digital identity, secured infrastructure and security risk management. He previously led DXC's offerings and strategic partners organization. A Royal Military Academy graduate and British Army veteran, Mark serves on the World Economic Forum’s Global Cybersecurity Board. Connect with him on LinkedIn.
Jeremy Donaldson, managing director of EMEA Banking and Capital Markets for DXC Technology, has more than 25 years of experience in applying technology solutions to solving complex business challenges in numerous management and consulting roles. Connect with Jeremy on LinkedIn.
Jay Hibbin, client executive for DXC Technology’s cloud practice, has close to 30 years of experience in the IT industry, most recently, in helping organizations build solutions that enable successful digital transformation. Connect with Jay on LinkedIn.