Don’t break the bank – Cyber Security, banking and breaches

DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.

Matthew O’Neill, Financial Services Industry Managing Director, Office of the CTO, VMware

It doesn’t matter what bank or financial institution they work for, there’s one thing that I guarantee keeps all CIOs awake at night – Cyber Security. To be fair, security in the digital era is probably the number one topic across all sectors. Like so many things, the disruption and change that is impacting every facet of life is happening to how we protect and secure our systems, our operations and our very selves.

In many ways, Cyber Security is going through the exact same evolution that physical defence went through. Like that, Cyber Security used to be about fixed, defined castle-like walls. We put our defences up around our organisations, and everything behind that is safe, and attackers shouldn’t be able to breach that line. Pretty much just like an actual castle, inside was safe, outside was quite probably hostile.

Then things change. In the physical world, the development of weapons technology and innovation led to the creation of tools, such as cannons and guns, which made short work of once formidable walls. In the digital world, threats have become more sophisticated, but also the way we work has changed. We want fast, intuitive experiences that are delivered by agile applications and services. To do that, data needs to be shared rapidly across multiple locations, both cloud-based and on-premises, which means it can’t be restricted by fixed line defences.

That’s hard to manage and protect for any sector; for regulatory-heavy and compliance-focused banking, it’s a huge challenge. And the consequences for failing are significant. Not only is there the damage to customers, to corporate reputation, even possibly to careers; in some jurisdictions, failure to properly prevent Cyber attacks can lead to individual criminal charges.

It’s no wonder, therefore, that Cyber Security keeps senior decision-makers awake at night. Nor why it’s the topic of the third episode of ‘Don’t Break the Bank, Run IT and Change IT’, our new podcast series for curious minds in Financial Services.

In this episode, I’m joined by Scott McKinnon, Business Solutions Architect at VMware and an expert on Security, Regulation and Information Assurance Compliance. I can imagine a lot of people would traditionally not see VMware for Security, as it’s preconception I had in my prior life in banking IT, but Scott starts off by talking about why we have a perspective and how it’s built upon three tenets – supply chain risk, how we build solutions and operating cloud services.

As part of our conversation, we looked at how the Security Industry is structured and what needs to change. One of the questions we often ask customers is how many vendors they use. For storage, it’s two or three; for servers, a similar number; for security, upwards of 100. It’s insane, and a result of a whole sector in a reactive mindset – a threat comes along that targets a specific issue, so someone develops a solution. That then gets integrated, but because it’s not connected to other solutions, managing it becomes incredibly challenging – making sure it works, keeping it updated. Multiply that by 100, and it becomes clear why security is so complex.

There has to be a simpler way, a more straight forward approach. And there is.

Have a listen to the podcast to find out more, and as always let us know what you think. As I mentioned in a previous post, we’d love to incorporate our listeners’ views and questions into future episodes, so please tell us what’s keeping you up at night.