Every time I log on to my company’s intranet -- whether from the office, home, or hotel, or via desktop, laptop, or mobile -- I am amazed by the remarkable number of activities it lets me perform and the sheer amount of information I can tap into.
But at the same time, I’m struck by how strictly limited my access is. I see only an infinitesimal sliver of what’s happening on our network, properly so. Out of thousands of payroll records, there’s only one I’m interested in. Of all the information that finance handles, all I need is our latest earnings release and a PowerPoint to assure customers’ about our stability. That’s all I need, and that’s all I see. But the rest is out there, almost instantly accessible by those who need it.
[For more on network security, check out: What Banks Can Learn From the Target Breach.]
That is daily proof of what a sensitive balancing act network security is. And whatever challenges we had in segregating our network into what each employee can access, banks face even more daunting challenges. After all, it’s not likely that tag-teams of hackers are pounding away at our network to compromise our internal blogs and bios.
It is banks that tempt intruders, after all. Banks are still where the money is, and bank networks are where sensitive data is in constant motion. Account transfers within the bank, wire transfers outside the bank, vendor communications, customer records -- whenever they are in motion, they are vulnerable to network intrusions, whether by criminals or by legitimate users whose access was insufficiently circumscribed.
So with that knowledge of being under constant cyber attack, it is understandable if banks have resisted vendor urgings to “flatten” their networks. They well understand that flat networks offer significant cost savings and are easier to manage. But their traditional layered networks, for all the difficulty they pose when a change needs to be made or they need to interoperate with a new system, do offer security in the form of multiple layers, well segregated by groups of users. Flattening those networks eliminates the barriers of complexity and exposes a larger, more easily navigated surface to would-be attackers.
That’s where the debate has rested for some time -- between the rock and hard place of “flat vs. secure.” But now, advances in software-defined security are changing the calculation. Now, instead of physical barriers like layers, virtual LANs, routers, and firewalls, banks can erect logical barriers that segregate groups of users and their information, and that render other information invisible to them.
If you’re still having that rock/hard place debate at your bank, ask yourself:
- Are you spending too much on your network?
- Do changes to your network hold up innovation and compromise competitiveness because they take too long?
- After completing a change to your network, have you discovered inadvertent vulnerabilities created due to the complexity of network?
If your answer to any of these questions is “yes,” you’ll be glad to know there is a way out from between the rock and the hard place. You can let software, not infrastructure, segregate your flatter, cheaper, simpler network. Through tools like cryptographic keys, banks can allow fast, easy access to only those corridors where users’ roles entitle them, while the sensitive data remains cloaked to outsiders.
Most importantly, these growing safeguards among flat networks can not only save banks money, but also help them get out from between the rock and hard place where many of their peers are currently residing.
[Learn more about the Internet of Things at Interop's Internet of Things Summit on Monday, September 29.]
Bob Olson is a Vice President at Unisys where he manages the Global Financial Services Practice.He works with clients by providing a portfolio of IT services, software, and technology to help them solve their mission-critical problems. Prior to Unisys, Bob was ... View Full Bio