Banks and credit unions have one of the toughest security jobs in the world. They must balance the needs of handling some of the most important data in the world (financial records and transactions) with the need to facilitate seamless access to this data for their customers and staff.
As the events of 2020 unfolded and virtually every banking employee began connecting to their work applications from a variety of locations, a new security complication was introduced to this already hardened but complex stack.
And while the introduction of remote employees was not totally new, the need to evolve security and support for 2 to 20 times more users brought a number of unplanned challenges.
The applications serving a typical banking organization live in both the cloud and bank-controlled data centers. The traditional network, centered around a bank controlled data center, is now borderless. And while tools such as VPN have served as the primary way for end-users to access applications in the data center, they no longer cover the needs of infrastructure that mixes in public and private cloud applications.
With a large majority of web traffic now consisting of cloud services, banks and credit unions need a new remote work connectivity approach that tackles both the scaling issues AND the challenges around hybrid cloud environments.
All roads lead to Zero Trust network access (ZTNA)
When VPN first hit the market, its dominance was swift and unchallenged. Employees working from home, or while traveling, now had access to corporate email and applications running in a company controlled data center.
Since then the cloud has become a growing part of a bank’s IT environment. But despite many applications residing in the cloud, financial institutions often continue to backhaul user traffic through the data center due to its legacy investments in tools and architecture. The use of dated technology to address modern infrastructures and workflows has led to a growing technical debt impacting everything from security to user experience. This mounting debt exploded with the recent surge in remote workers, forcing banks to address the problem.
Zero Trust network access (ZTNA) has emerged as the solution to the shortcomings of VPN. ZTNA is a network security architecture that only allows traffic to flow applications to authenticated users according to company security policies.
The goal of ZTNA is to ensure that a user only has access to an application if they have a legitimate need and permission to do so. Instead of granting a user course-grained access to applications residing within large network segments, ZTNA shifts to a method of directly connecting employees to applications based on a user’s identity.
This is accomplished by integrating network access with an organization’s identity provider to provide users with policy-driven, micro-segmented access to individual applications.
We developed Trustgrid Remote Access around the principles of ZTNA. As an agentless alternative to client-based VPNs it allows for any user on any device to connect to private or web applications (cloud or data center hosted) without requiring additional layers of security appliances, expensive proprietary hardware and weeks of configuration. As a cloud-delivered, software-defined service it provides Zero Trust network access without the ongoing management of hardware or software, making it easy for networking teams to deploy and maintain.
When evaluated against traditional VPNs, ZTNA presents a number of advantages:
- Browser-based portal enables easy access for most devices
- More stable connections that reduce VPN latency issues
- Minimal changes to existing network and security configurations
- A single connectivity experience for all applications (cloud and data center)
- Eliminates the need for publicly exposed application and network IP addresses
- Auditable logs of access help simplify compliance requirements
Additionally, access to new applications can be added and terminated quickly and easily integrates with many existing security solutions.
As the technology landscape continues to shift and supporting remote work becomes more common the need to ensure business continuity, security, and productivity becomes more relevant to banks and credit unions.
Applying the principles of Zero Trust to remote user access is not only considered best practice in the world of network security but is the rare technology innovation that doesn’t require a significant network redesign to implement.