Ensuring Impenetrable Network Security Perimeters in 2020

Our connected world offers special challenges to the financial services industry. Protecting data privacy for customers and the business is imperative, yet this is becoming increasingly difficult to achieve—particularly when the industry is becoming “perimeter-less” like so many others, as the Internet of Things (IoT) and other new technologies gain an increasing foothold.

Network Security Perimeters

lakexyde / Pixabay

Deloitte has noted that while IoT may at first glance seem less relevant to the industry given the business model for financial services, “IoT applications aim to transform finance along with every other sector.” With that in mind, financial services organizations must be especially wary of data security issues.

Get The Full Seth Klarman Series in PDF

Get the entire 10-part series on Seth Klarman in PDF. Save it to your desktop, read it on your tablet, or email to your colleagues.

Q4 2019 hedge fund letters, conferences and more

Network perimeter security tips

Think about the proliferation of Raspberry Pi (RasPi) computers, which are being used by a ballooning number of businesses. Financial services’ IT departments are understandably gravitating toward this small-in-size yet hugely popular tool that is taking the world by storm when it comes to IoT. It’s considered an ideal IoT platform that can not only run Linux, but also helps IT control electronic components via general purpose input/output (GIPO) pins. Yet while RasPi is easy to learn, affordable, and highly effective for the development of IoT devices, the very connectedness that RasPi creates also raises potential data security problems. RasPi must be effectively secured to avoid compromise by cybercrooks.

The reality is that leveraging RasPi is a double-edged sword: it can bring great benefit to the industry, but it also potentially opens the floodgates to those who wish to do harm when it comes to accessing unauthorized financial and personal data. Security problems are even more likely to take root when using a virtual private network (VPN) or other traditional network perimeter that offers up substantial lateral attack surfaces.

VPNs were designed for an era where traditional network perimeter security worked, but their limitations come to light in our now much more globally connected and perimeter-less world. There are other issues with VPNs as well, from cumbersome set up and management to performance issues and concerns about the high cost of equipment. IT management often ends up shouldering unnecessary burdens from dealing with this somewhat outdated convention technology, losing time for strategic initiatives and more important corporate objectives.

Fortunately, financial services firms don’t have to remain vulnerable when it comes to data security in this scenario. Software defined perimeters (SDP) offer a step up in data security—one that is in tune with today’s workflows. SDP software can be used in tandem with RasPi to create IoT networks that are not only economical but extremely secure.

SDP and VPN

Consider these benefits of SDP that can help financial services firms circumvent VPN security shortfalls:

  • Segmentation at the application level rather than the network level, for isolation and protection.
  • A “Zero Trust” environment that requires verification before granting access to data and applications or enabling connection for any individual—whether an employee, third-party vendor, or someone else outside of the organization.
  • No automatic trust means the attack surface is eliminated and an encrypted network is formed. All system assets remain inaccessible to anyone who hasn’t been properly vetted, verified, and authorized.
  • SDP software improves the security of data flows between devices by removing an IoT device’s network presence.

RasPi definitely presents a major data security challenge to the financial services industry, but it’s far from the only one. A growing number of financial services organizations have found it necessary to boost their existing disaster recovery (DR) strategy (or completely replace it) with cloud-based DR, in light of operating in a compute environment dominated by multi-cloud and hybrid-cloud. The key with this though is to avoid ending up in the same predicament if you use a DR strategy that depends on VPN for data protection, which as explained above just isn’t designed for a cloud environment the way that SDP is.

Network perimeter security and predictions

With these points in mind, I’d like to offer a pair of New Year’s predictions for 2020:

  • More financial services organizations will begin to combine RasPi and SDP. The coming year will see a significant increase in enterprises starting to recognize and leverage the one-two punch of RasPi plus SDP software for security. This will offer not only greater data protection for IoT networks, but also an opportunity to stand out in the industry with greater differentiation of products and services.
  • The emergence of a disruptive new class of cloud-based DR software. This new entrant will incorporate SDP-enhanced disaster recovery software, helping enterprises circumvent a plethora of VPN-related headaches, such as higher expenses and IT management complexities, while offering needed security features. Look out for these smart endpoint DR environments, which will work on-premises as well as in the cloud.

2020 will see unprecedented innovation in IoT and new technologies, which will forever change—and in many ways improve—how we live and work in the world. By combining SDP software with the ubiquitous RasPi and embracing DR software that’s designed for the cloud, financial organizations will be able to maximize what’s best about technological progress while steering clear of the potential security consequences that come from using traditional network perimeter security.


About the Author:

Don Boxley Jr is a DH2i co-founder and CEO. Prior to DH2i, Don held senior marketing roles at Hewlett-Packard where he was instrumental in sales and marketing strategies that resulted in significant revenue growth in the scale-out NAS business. Don has spent more than 20 years in management positions for leading technology companies, including Hewlett-Packard, CoCreate Software, Iomega, TapeWorks Data Storage Systems and Colorado Memory Systems.  Don earned his MBA from the Johnson School of Management, Cornell University.



About the Author

Don Boxley Jr
Don Boxley Jr is a DH2i (www.dh2i.com) co-founder and CEO. Prior to DH2i, Don held senior marketing roles at Hewlett-Packard where he was instrumental in sales and marketing strategies that resulted in significant revenue growth in the scale-out NAS business. Don has spent more than 20 years in management positions for leading technology companies, including Hewlett-Packard, CoCreate Software, Iomega, TapeWorks Data Storage Systems and Colorado Memory Systems. Don earned his MBA from the Johnson School of Management, Cornell University.