Enough has been said about the criticality and vulnerability of core banking applications in the past few decades. In 2021, the Bank for International Settlements reported the finance industry to be the second most targeted by cyber threat actors. There are several inherent attributes of the finance sector that act as deterministic factors for why that is the case. For one, there is the prospect of direct financial gains. Breaking into the digital core of financial institutions – such as banks – could potentially give attackers access to accounts, enabling them to make fraudulent transactions.
While direct financial theft is lure enough for attackers, the instances of indirect monetary gain have been far more widely observed. Banks depend on storing and using sensitive, personally identifiable information (PII) to provide better services and experiences to their customers. This kind of data is valuable to cyber criminals who can use it to create increasingly hard-to-identify phishing attempts and ransomware attacks or even sell them on illegal marketplaces.
There are several other reasons for threat actors to target the finance sector but it all boils down to the efficacy of security of banks’ digital ecosystem. As the Financial Stability Board puts it, “a major cyber incident, if not properly contained, could seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial stability implications.” Besides the massive economic cost of such an event, the damage to public trust and confidence could take a major hit as well.
Securing the Core Banking System: A Rock and a Hard Place
Indian banks were introduced to the core banking system (CBS) in the 1990s, and it completely revolutionized the banking sector. Today, CBS is often referred to as the heart of modern banking operations – the backbone on which all digitalization efforts rest. However, the rapid digitalization and adoption of web-based applications have also contributed to CBS’ increasing attack surface, making it more vulnerable to cyber threats.
Despite banks investing heavily in beefing up security and heightening access restrictions, attackers seem to always find newer ways to swipe money and data. The large number of disparate security tools, large IT teams, and the extensive reach of cybersecurity challenges make it extremely difficult to identify anomalies before harm is inflicted.
In response to the rising threat, the Reserve Bank of India (RBI) has provided banks with a set of regulations and guidelines that enforce (and encourage) a more proactive approach to securing the digital banking ecosystem. One of these mandates is the isolation of the core banking application from non-core banking applications.
From a security vantage, this helps banks achieve several goals. These include:
- Reduced Attack Surface: By isolating the core banking application, the attack surface is minimized. This means that potential attackers have fewer points of entry, making it more difficult for them to gain unauthorized access.
- Containment of Threats: If a threat does manage to infiltrate the system, isolation can help contain it, preventing it from spreading to other parts of the network.
- Improved Monitoring: Isolated systems are easier to monitor. Any unusual activity can be detected and addressed much faster.
- Enhanced Access Control: Isolation allows for more granular control over who has access to the core banking application. This can prevent unauthorized users from gaining access.
- Data Protection: Isolation can help protect sensitive data. Even if an attacker gains access to one part of the system, they won’t necessarily have access to the data in the isolated core banking application.
Isolating the core banking application is one of the most pertinent ways to proactively thwart any cyber threats posed to banks. However, it also presents a significant challenge in terms of IT cost controls and user experience. Besides the one-time significant investment in hardware, software, and network infrastructure, banks also have to deal with recurring maintenance costs of the bifurcated ecosystem, effectively doubling their operational expense in the process.
Cutting Costs, Not Corners: Cost-effective Security
At a glance, it would seem that banks have no choice but to bear the massive cost burden to ensure the security of the core banking system. However, there is an alternative. One such workaround is the use of virtual desktops and applications.
Virtualization technology can help in isolating the core banking application from other systems, thereby reducing the attack surface. It also allows for better control over changes to the application, making it easier to manage updates, patches, and modifications without affecting other systems. But simply deploying virtual desktops may not be enough to ensure a much-needed multi-layered defence strategy.
Accops’ combination of virtual desktop, zero trust access, and thin client solutions does just that. It provides banks with a secure network to access their CBS applications. Accops can deliver the virtual desktop to the same end-user PC that is used for accessing other non-core financial applications, thus eliminating the need for additional hardware.
Accops’ VDI solution (HyWorks) allows banks to isolate their core banking applications on a secured network within the Bank’s data centre. By virtualizing the core banking application, end-users can run them on the same device as non-core applications. This virtualized ecosystem can be accessed remotely by end users, allowing for greater accessibility and productivity.
While the VDI allows users to eliminate any data foot-print on their local devices, the zero-trust network access (ZTNA) gateway (HySecure) ensures data protection by:
- Preventing download of data from core banking applications
- Enforcing watermark with user details on PC/remote session
- Preventing snipping and screen-sharing tools from running when accessing core banking applications
- Blocking USB ports of endpoint devices
The result: close to 50% reduction in Total Cost of Ownership (TCO) by avoiding overheads in network infrastructure and by adopting thin client computing.
Want to learn more about how Accops can help you secure your bank without incurring the heavy cost burdens that come with it? Reach out to us at contact@accops.com.