Why zero trust security is critical for regulatory compliance
As systems get more complex and dependency on IT grows, cyber threats proliferate. Therefore, designing systems with a zero trust approach - built in from the start - must become a fundamental step in the security process.
Today’s cybersecurity challenges are overwhelming. Research suggests that the vast majority (80%) of financial institutions have seen greater change in IT systems over the past few years than over the company’s entire lifespan. Businesses of all sizes now operate with extremely complex and fast-evolving IT estates that span on-premises and cloud deployments, home and hybrid working, legacy systems and the latest applications.
Other organizations identified similar challenges. VMware reported that the first half of 2020 saw a 238% increase in cyberattacks on financial institutions.
With failures increasing all the time, that number can only be higher today. As to the cost, IBM and the Ponemon Institute’s annual research found that the average cost of a data breach in the financial sector was $5.72 million.
New security for a new era
The most effective response to this is a “zero trust” approach. As the name suggests, this assumes that no piece of software and no person accessing the system can be trusted. It assumes that hackers can – and will – penetrate outer defences and wreak havoc once inside the network, as many of the vulnerabilities above suggest.
Every individual should therefore be challenged each time they carry out a given action or access a certain system - and prove their right to be there. If legitimate users don’t have free run of the place, then neither do criminals. This may involve a marginal increase in load, and consequently a marginal decrease in performance. But that is nothing compared to the catastrophic loss of performance that a full system outage causes.
Advanced system monitoring plays a key role in the adoption of zero trust and checking that software and unreliable users are not introducing new vulnerabilities to the system. But the biggest challenge is that the financial services industry – like most other technology-reliant sectors – operates legacy systems that were not designed with zero trust in mind. Long-established middleware and mainframes struggle to cope with the model, and the security threat alone is reason to modernise the software architecture.
Zero trust security is central to operational resilience – and regulatory compliance. Security incident and event monitoring (SIEM) technology is part of the answer.
Log Analytics from ITRS can play a huge part in helping you take that visibility and security one step further by integrating with your existing monitoring solutions, improving logging visibility, correlation, reporting and alerting – for businesses of any scale.
You can read the original article in its entirety here:
