Named a Visionary in Gartner Magic Quadrant for Secure Web Gateways (SWG)

Back to blog

Why SASE is primed to secure the evolution of finserv

Share this article

Few industries have changed as dramatically as financial services (finserv) in the last decade.

While banking and financial transactions were once exclusively an in-person and largely paper-based process, the vast majority of financial affairs today are managed digitally, with a variety of new innovations and services powering an ever-advancing market.

From fintechs, challenger banks, and blockchain to mobile banking solutions and more, finserv today looks unrecognizable compared with the industry that existed even a mere half decade ago.

The improvement of service is just one element of the industry’s innovative focus, however. Behind the scenes, banks, credit unions, insurance firms, mortgage companies, and others have been working to transform their own infrastructure in order to streamline processes, optimize productivity, enhance security, and operate in a more effective, agile, and flexible manner.

COVID-19 needs little by way of introduction. Much like many industries, finserv was flipped on its head by the pandemic back in early 2020.

Finserv industry players had primarily operated out of offices before the pandemic, so social distancing restrictions and enforced national lockdowns shifted the hub of productivity to the home. Finserv organizations had to adapt to dramatic overhauls in a matter of days. 

From an IT perspective, this change presented a challenge. Early on, many companies and IT teams thought the pandemic might last only a matter of weeks, and therefore the need to work from home was just temporary. VPNs were implemented to provide disparate employees with access to key resources and applications by tapping into on-premises network infrastructure.

Now that the pandemic is more than 18 months on, however, it’s safe to say that flexible, remote, and hybrid operating models are—at least in part—here to stay. With this in mind, it’s time for organizations to consider how they might uphold such models more effectively moving forward.

Why SASE?

Yes, VPNs initially made sense, acting as an extension of a company’s on-premises IT infrastructure. Yet they are equally fraught with challenges, and are simply not a viable, productive, and long-term solution.

While VPNs are capable of connecting employees in disparate locations to a centralized on-premises network, these very same networks weren’t designed to support remote operations. As a result, they can lead to bottlenecked traffic, hampered productivity, and security vulnerabilities that force network managers to make visibility concessions.

With employees now located across varied locations, as are many of the cloud-based tools and applications they use to complete their work effectively, the question is why would their network need to be managed and secured from a centralized, on-premises location that’s no longer being used physically?

Finserv should instead shift this activity to where the work is now happening—in the cloud. In doing so, these companies can realize a variety of benefits.

Visibility can be increased using products like cloud access security brokers (CASB), data loss prevention (DLP), and secure web gateways (SWG), while eliminating bottlenecked traffic and friction with users—without the need for them to jump through intricate, laborious, and suboptimal hoops to access vital tools and data.

Herein lies the argument for secure access service edge (SASE) adoption.

Coined by Gartner, SASE entails the simplification of a company’s networking and security functions by interlinking both elements as a cloud service that acts as an extension of the user, bypassing the need for an enterprise data center.

SASE isn’t a single solution. Rather, it’s a concept comprising the amalgamation of preexisting software-defined wide networking (SD-WAN) capabilities and network security functions (such as CASB, Cloud SWG, ZTNA/VPN, WAAPaaS, FWaaS, DNS, RBI, and other relevant components).

The key point is that SASE is not a case of revolutionizing security. Rather, it’s a natural evolution that uses the same techniques used by on-premises infrastructure in the cloud.

Unlike legacy solutions and the use of “square-peg-round-hole” VPNs, SASE has been built with a cloud-first mindset. As a result, it’s able to provide complete, seamless protection and visibility, while equally prioritizing productivity.  

Indeed, SASE is garnering significant attention at present as an IT framework that’s much better suited to supporting today’s dynamic secure access needs. Yet as a relatively novel concept, there’s naturally some hesitancy as to the effectiveness of SASE, particularly within highly sensitive circles such as finserv.

While legacy security solutions are arguably outdated in terms of their usability, they’re extremely secure. The question, therefore, is whether SASE can match these standards.

Zero Trust is key

In order for it to achieve the required levels of security, SASE should be incorporated in tandem with a Zero Trust approach to security.

Zero Trust is a natural fit for the finserv industry. The sector has historically taken a Zero Trust approach with its vital assets, having previously used bank vaults and high-tech security investments that keep all people out—both internally and externally—of the organization.

Isolation is one method by which Zero Trust can be achieved in a highly effective manner within a cloud network.

It’s a technique that shifts the point of execution for active content away from a user’s browser to a disposable, cloud-based virtual container. This essentially acts as a screen, preventing all active content—including exploit code—from reaching its intended target. Thus, isolation prevents cyberattacks from reaching a user’s device. 

Isolation separates the enterprise network from public access while providing users with secure, low-latency connections to the vital resources and SaaS applications they need. All content is rendered safely in a remote browser so that any potentially malicious code simply does not have an opportunity to execute on the endpoint.

Isolation is not “almost safe” like other security solutions. Rather, it can stop malware 100 percent of the time.

Cloud-first models are inevitable

Indeed, while SASE, Zero Trust, and isolation may appear to be relatively novel trends, it’s important to understand that technologies such as these that have been engineered to support cloud-first models will undoubtedly become the future of networking and security.

In the case of SASE, where Gartner had originally predicted that it would take 10 years for the concept to become mainstream, the pandemic has now cut this projected timeframe in half.

Research shows that 67 percent of finserv firms will be looking to deploy an SD-WAN—a key component in SASE—in the next year. Further, 54 percent of organizations are prioritizing improvements of visibility and security for home infrastructure.

Despite having barely been mentioned two years ago, the technologies and ideals that underpin SASE are rapidly becoming a priority for many businesses looking to optimize their hybrid, flexible, and remote business models in the new normal.

The tide is clearly turning in favor of cloud-first models. And while security hasn’t always been a primary investment priority for businesses, owing to a lack of tangible return on investment, SASE is changing that narrative with its productivity, accessibility, and future-proofed characteristics that are capable of embedding sound security and a series of wider benefits.

A logical starting point for the journey to SASE is focusing on eliminating attacks on users with an emphasis on where they spend most of their working day–in a web browser. Discover how you can take a pragmatic path to SASE by downloading this recent ESG white paper or discover why Zero Trust is unlocking productivity at fiserv organizations.

Share this article

Make the secure way to work the only way to work.

To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.