Menlo Security kündigt strategische Partnerschaft mit Google an
Icon Rounded Closed - BRIX Templates

Why SASE is primed to secure the evolution of finserv

Tom Mcvey
July 20, 2021

Few industries have changed as dramatically as financial services (finserv) in the last decade.

While banking and financial transactions were once exclusively an in-person and largely paper-based process, the vast majority of financial affairs today are managed digitally, with a variety of new innovations and services powering an ever-advancing market.

From fintechs, challenger banks, and blockchain to mobile banking solutions and more, finserv today looks unrecognizable compared with the industry that existed even a mere half decade ago.

The improvement of service is just one element of the industry’s innovative focus, however. Behind the scenes, banks, credit unions, insurance firms, mortgage companies, and others have been working to transform their own infrastructure in order to streamline processes, optimize productivity, enhance security, and operate in a more effective, agile, and flexible manner.

COVID-19 needs little by way of introduction. Much like many industries, finserv was flipped on its head by the pandemic back in early 2020.

Finserv industry players had primarily operated out of offices before the pandemic, so social distancing restrictions and enforced national lockdowns shifted the hub of productivity to the home. Finserv organizations had to adapt to dramatic overhauls in a matter of days.

From an IT perspective, this change presented a challenge. Early on, many companies and IT teams thought the pandemic might last only a matter of weeks, and therefore the need to work from home was just temporary. Virtual private networks (VPNs) were implemented to provide disparate employees with access to key resources and applications by tapping into on-premises network infrastructure.

But now that hybrid work is so prevalent, even with the pandemic in our rearview, it’s safe to say that flexible, remote, and hybrid operating models are — at least in part — here to stay. With this in mind, it’s time for financial services organizations to consider how they might uphold such models more effectively moving forward.


Yes, VPNs initially made sense, acting as an extension of a company’s on-premises IT infrastructure. Yet they are equally fraught with challenges, and are simply not a viable, productive, and long-term solution.

While VPNs are capable of connecting employees in disparate locations to a centralized on-premises network, these very same networks weren’t designed to support remote operations. As a result, they can lead to bottlenecked traffic, hampered productivity, and security vulnerabilities that force network managers to make visibility concessions.

With employees now located across varied locations, as are many of the cloud-based tools and applications they use to complete their work effectively, the question is why would their network need to be managed and secured from a centralized, on-premises location that’s no longer being used physically?

Finserv should instead shift this activity to where the work is now happening — in the cloud. In doing so, these companies can realize a variety of benefits.

Both visibility and security can be increased using products like Zero Trust Network Access (ZTNA), Cloud Access Security Brokers (CASB), Data Loss Prevention (DLP), and Secure Web Gateways (SWG), while eliminating bottlenecked traffic and friction with users — without the need for them to jump through intricate, laborious, and suboptimal hoops to access vital tools and data.

Herein lies the argument for Secure Access Service Edge (SASE) adoption..

Coined by Gartner, SASE entails the simplification of a company’s networking and security functions by interlinking both elements as a cloud service that acts as an extension of the user, bypassing the need for an enterprise data center.

SASE isn’t a single solution. Rather, it’s a concept comprising the amalgamation of preexisting software-defined wide networking (SD-WAN) capabilities and network security functions (such as CASB, Cloud SWG, ZTNA/VPN, WAAPaaS, FWaaS, DNS, RBI, and other relevant components).

The key point is that SASE is not a case of revolutionizing security. Rather, it’s a natural evolution that uses the same techniques used by on-premises infrastructure in the cloud.

Unlike legacy solutions and the use of “square-peg-round-hole” VPNs, SASE has been built with a cloud-first mindset. As a result, it’s able to provide complete, seamless protection and visibility, while equally prioritizing productivity.

Indeed, SASE is garnering significant attention at present as an IT framework that’s much better suited to supporting today’s dynamic secure access needs. Yet as a relatively novel concept, there’s naturally some hesitancy as to the effectiveness of SASE, particularly within highly sensitive circles such as finserv.

While legacy security solutions are arguably outdated in terms of their usability, they’re extremely secure. The question, therefore, is whether SASE can match these standards.

Zero Trust is key

In order for it to achieve the required levels of security, SASE should be incorporated in tandem with a Zero Trust approach to security.

Zero Trust is a natural fit for the finserv industry. The sector has historically taken a Zero Trust approach with its vital assets, having previously used bank vaults and high-tech security investments that keep all people out — both internally and externally — of the organization.

Isolation technology is one method by which Zero Trust can be achieved in a highly effective manner within a cloud network.

It’s a technique that shifts the point of execution for active content away from a user’s browser to a disposable, cloud-based virtual container. This essentially acts as a screen, preventing all active content — including exploit code — from reaching its intended target. Thus, isolation prevents cyberattacks from reaching a user’s device — even Highly Evasive Adaptive Threats (HEAT) that make quick work of legacy security stacks.

Isolation separates the enterprise network from public access while providing users with secure, low-latency connections to the vital resources and SaaS applications they need. All content is rendered safely in a remote browser so that any potentially malicious code simply does not have an opportunity to execute on the endpoint.

Isolation is not “almost safe” like other security solutions. Rather, it offers complete protection against malware.

Cloud-first models are inevitable

Indeed, while SASE, Zero Trust, and isolation technology may appear to be relatively novel trends, it’s important to understand that technologies such as these that have been engineered to support cloud-first models will undoubtedly become the future of networking and security.

In the case of SASE, by 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access using a SASE/SSE architecture, up from 20% in 2021, according to Gartner.

Research from Frost & Sullivan shows that 44% of financial services companies are currently deploying SD-WAN, whereas 22% have plans to deploy it by 2023. Another 8% of the respondents in financial services indicate they are currently replacing or upgrading their SD-WAN solution.

Despite being a relative newcomer on the scene, the technologies and ideals that underpin SASE are rapidly becoming a priority for many businesses looking to optimize their hybrid, flexible, and remote business models in the new normal.

The tide is clearly turning in favor of cloud-first models. And while security hasn’t always been a primary investment priority for businesses, owing to a lack of tangible return on investment, SASE is changing that narrative with its productivity, accessibility, and future-proofed characteristics that are capable of embedding sound security and a series of wider benefits.

linkedin logotwitter/x logofacebook logoSocial share icon via eMail