To address growing competitive and cost pressures, financial institutions have been moving toward private cloud computing, which provides flexible and scalable IT resources on demand, based on the pooling of resources within private data centers. Yet cloud security can be a significant challenge if the controls in place cannot keep pace with dynamic environments such as VMware NSX. Many of the principles that make cloud computing attractive run counter to network security best practices, such as separation and segmentation. Replicating the essentially flat, open network found in a legacy data center would be a mistake for financial institutions. Cyberattacks have been successful in such open environments, where much of the lucrative data and systems are readily accessible. As examples, across the multiple SWIFT member attacks and in ATM malware attacks (Ripper and Cobalt gang), the malicious actors moved laterally in search of items of value after gaining an initial foothold within those targeted organizations.
Attacks and intentional – or even accidental – compromises in a virtualized environment are amplified because the workloads (some with varied trust levels) and associated data are centralized and lack any security barriers to keep them segmented. If the virtual environment is compromised without being appropriately secured and segmented, the attacker has access to everything. In addition, requisite updates to traditional security policies cannot keep pace with the rapid speed of workload changes in these dynamic environments. Thus, cybersecurity remains a significant challenge when embracing even private cloud computing.
Download our use case "Apply Network Segmentation in Virtualized Data Centers" to read about the benefits that Palo Alto Networks can bring to this environment, and learn about the approach one anonymous financial institution took to protect their private cloud from a data breach.
For more information on cybersecurity for the financial sector, visit our Financial Services industry page at https://www.paloaltonetworks.com/products/security-for/industry/financial-services.html
