Indian regulatory bodies such as RBI & SEBI have issued a series of guidelines for financial institutions across the country including commercial banks, insurance companies, non-banking financial companies, cooperatives, pension funds, mutual funds, and other smaller financial entities.
Recently, SEBI issued an advisory on Remote Access and Telecommuting which has significant implications for depository participants. Similarly, RBI has issued comprehensive MFA implementation guidelines to safeguard banks and customers against cyber threats due to the sudden surge in Internet banking fraud.
Accops’ cutting-edge zero trust-based secure remote work solutions are designed to align perfectly with RBI & SEBI’s guidelines, enabling organizations to comply seamlessly. Find out how our comprehensive features ensure robust security, empowering businesses to embrace remote work confidently while safeguarding critical data and ensuring a secure virtual workspace.
1. Building a Secure Remote Access Policy Framework
Regulatory Guideline: Ensure proper remote access policy framework incorporating the specific requirements of accessing the enterprise resources securely located in the data center from home, using an internet connection.
Accops Solution: Accops HySecure, a Zero Trust Network Access (ZTNA) Gateway solution, empowers organizational workforce to securely access corporate applications and desktops, enabling enhanced productivity. Utilizing Layer 4 to Layer 7 application tunnel-based technology, it establishes a zero-trust access model and a software-defined perimeter (SDP). This seamless integration of performance, management, and security ensures robust remote access for enterprises.
2. Implementation of Trusted Machines for Authorized Access
Regulatory Guideline: For implementing the concept of trusted machines, as end-users categorize the machines as official desktops/laptops, the same may be configured to ensure implementation of the solution stack considering the requirements of authorized access. Official devices shall have appropriate security measures to ensure the configuration is not tampered with. Participants shall ensure that internet connectivity provided on all official devices shall not be used for any purpose other than remote access to data center resources.
Accops Solution: Accops Management Server allows controlled onboarding of devices and users based on profiles by an approved authority in the organization. For example, corporate-issued laptops/tablets/desktops to employees, BYOD, vendor-issued laptops/tablets/desktops, and similar devices issued to contractors. Furthermore, users may have different personas based on their roles. Accops solution ensures that only whitelisted applications (LoB, Corporate) are visible to a specific person on an enterprise-approved device(s). These device approvals are based on the hardware signature of the device, such as CPU ID, motherboard ID, HDD ID, and many more. The internet use at the end-user device can be controlled through the Accops agent running on the endpoint with whitelisted URLs only.
3. Guidelines for BYOD Devices and Application Audits
Regulatory Guideline: If personal devices (BYOD) are allowed for general functions, then appropriate guidelines should be issued to indicate a positive and negative list of applications permitted on such devices. Further, these devices should be subject to periodic audits.
Accops Solution: The appropriate authority within the organization should formulate application restriction policies for BYOD regarding application whitelisting. Such policies can be enforced through Accops solutions for BYOD. The Accops Reporting Server provides data on user profiles, application access patterns, and other data for audit purposes.
4. Enhancing Data Security with Multi-Factor Authentication (MFA)
Regulatory Guideline: Implement the various measures related to Multi-Factor Authentication (MFA) implementation to verify user access to ensure better data confidentiality and accessibility. VPN remote access through MFA shall also be implemented. It is clarified that MFA refers to using two or more factors to verify an account holder’s claimed identity.
Accops Solution: Our solutions enable organizations to implement strong authentication with its integrated MFA, which uses multiple token options like SMS, email, mobile app, or biometrics to ensure strict verification of a user’s claimed identity before providing access to corporate applications and data. It also checks device authenticity along with 2FA, making it a complete MFA solution that thoroughly verifies account holders’ identities.
5. Device-Specific VPN Login for Enhanced Data Center Security
Regulatory Guideline: Ensure that the trusted machine is the only client permitted to access the data center resources. The participants shall ensure that the Virtual Private Network (VPN) remote login is device-specific by binding the device’s Media Access Control (MAC) address with the IP address to implement appropriate security control measures.
Accops Solution: Accops follows Zero Trust architecture principles. Accops verifies the user and device signatures based on multiple parameters (more than 20) like MAC address, WAN/IP address, geolocation, firewall status, antivirus status, CPU ID, motherboard ID, etc. Based on the device and user control, a user on a specific device may be denied access, allowed access or further multi-factor authentication can be enforced. Such policies formulated by the appropriate authority can be enforced through the Accops Management Server. It also pushes restrictive policies to the endpoints where the Accops agent is installed.
6. Enhancing Remote Access Security with Video-Recognition and Short Session Timeouts
Regulatory Guideline: Explore a mechanism for ensuring that the employee using the remote access solution is indeed the same person to whom access has been granted and not another employee or unauthorized user. A suitable video-recognition method has to be implemented to ensure that only the intended employee uses the device after logging in through remote access. Participants shall implement short session timeouts for better security. Towards this end, it is suggested that the participants may consider running a mandatory monitor on the device that executes at random intervals, takes a picture with the webcam and uploads the same to the participant’s server at random intervals, pops up and prompts biometric authentication with a timeout period of a few seconds. If there is a timeout, this is flagged on the participant’s server as a security event.
Accops Solution: With Accops’ facial recognition and authentication features, organizations can ensure that the employee using the remote access solution is indeed the same person to whom access has been granted and not any other unauthorized user. Accops allows organizations to scan users’ faces periodically and ensures there is no event of identity theft or credential sharing. The frequency of facial authentication and session time-out can be defined through policies. Accops’ biometric authentication system also works on the same concept. The user’s fingerprint scanning is done at the time of login and periodically after that, as and when the authentication is timed out. In both methods, security logs are generated to the server and available for audit.
7. Risk Mitigation for Remote Data Center Access
Regulatory Guideline: Ensure that appropriate risk mitigation mechanisms are implemented whenever remote access of data center resources is permitted for service providers.
Accops Solution: With Accops solutions, enterprises can govern the business data and restrict access to managed/approved devices only. While user authentication is secured by MFA/OTP, endpoint device authentication and authorization will be managed by Accops endpoint security policy based on non-spoofable device signature ID like CPU ID, motherboard ID, and HDD ID. This ensures that even if users can access the user ID, password, and MFA/OTP, they will still be forced to use only enterprise-approved devices.
8. Continuous Monitoring and Implement Safeguard Mechanisms
Regulatory Guideline: Remote access has to be monitored continuously for any abnormal access, and appropriate alerts and alarms should be generated to address this breach before the damage is done. For on-site monitoring, the participants shall implement adequate safeguards such as cameras, security guards, and nearby co-workers to reinforce technological activities.
Accops Solution: Accops Management Server continuously looks for abnormal access patterns through its Zero Trust-based contextual, role-based access engine. Endpoint details will be captured and sent to the quarantine profile in case of abnormalities. The admin is notified about the user’s unusual access and login failure. However, if the user is genuine, the user shall still get his device approved by the administrator and attempt to log in again. Also, Accops facial recognition quickly identifies shoulder-surfing and immediately disconnects users from the session.
9. Seamless Data Management for Remote Access Scenarios
Regulatory Guideline: Ensure that the backup, restore, and archival functions work seamlessly, mainly if the users have been provided remote access to internal systems.
Accops Solution: Accops automates the backup, restore, and archival of its components. It also provides port access to all endpoint machines and ensures accurate, seamless functioning of backup, restore, and archival functions while following and complying with the enterprise policy.
10. Practicing Sound Judgment and Selective Deployment
Regulatory Guideline: Exercise sound judgment and discretion while applying patches to existing hardware and software and apply only those patches which were necessary and applicable.
Accops Solution: Accops helps organizations to promptly apply all critical security patches to existing hardware, software, and other critical applications to all endpoints, regardless of location, from a central location and ensure that all devices remain compliant.
11. Integration of Remote Access Security Controls with SOC Engine
Regulatory Guideline: The Security Operations Centre (SOC) Engine must be periodically monitored, and logs analyzed remotely. Alerts and alarms generated should also be analyzed, and appropriate decisions should be taken to address security concerns. The security controls implemented for the remote access requirements must be integrated with the SOC Engine and should become a part of the overall security posture monitoring.
Accops Solution: Our solutions easily integrate with the existing Security Operations Centre Engine and provide the required logs to be monitored by all leading SIEM (Security Information & Event Management) servers.
12. Enhancing Incident Response for Emergency Situations Preparedness
Regulatory Guideline: Update its incidence response plan in view of the any emergency situations such as natural calamities, pandemic, national crisis, etc.
Accops Solution: Does not appertain to Accops or other IT solution providers.
13. Embrace Robust Cybersecurity Regulatory Compliance
Regulatory Guideline: Implement cyber security advisories received from SEBI, MII, CERT-IN, and NCIIPC regularly.
Accops Solution: Accops provides 100% Make-in-India products and solutions that comply with all SEBI, MII, CERT-IN, and NCIIPC cyber security advisories. Accops will continue to incorporate and implement all applicable future advisories received from SEBI, MII, CERT-IN, NCIIPC, etc., on a timely basis.
14. Building a Post-Emergency Framework
Regulatory Guideline: Further, all the guidelines developed and implemented during any emergency situation will become SOPs post the crisis situation for future preparedness.
Accops Solution: The policies defined by the appropriate authority in the organization and implemented through Accops solutions shall always prevail.
Customer Stories
- The third largest bank in India
- An integrated solution for virtualization, secure remote access, MFA, and thin client hardware.
- Scaled up from 2,500 users to 25,000 users during the pandemic.
- Roaming users and vendor users could securely access the bank’s internal applications.
2. One of the most significant investment banking companies
- Zero endpoint management.
- Instant rollout of application/software upgrades.
- Secure access to unmanaged devices without any security concerns.
- Automatic device enrolment, audit, and control.
3. Largest insurance corporation in India
- Highly reliable & easily scalable solution.
- Seamless access even over low-bandwidth networks.
- Contextual access, device entry control, and detailed audit log.
- Secure, encrypted connectivity over the internet without any endpoint management.
4. Leading life insurance provider
- 360-degree visibility and control of enterprise applications.
- Detailed audits and logs available to IT administrators.
- Secure access to corporate resources and applications.
- Increased employee productivity.
With Accops solutions, organizations can easily ensure that all the above mentioned points remain a part of Standard Operating Procedures in challenging times for enhanced network security and data privacy. Want to know more details about Accops products and solutions, visit our website, or email our experts directly.