Blogs

DataCloak Implements Zero Trust Data Security Solutions on Multiple Scenarios in the Financial Industry

On May 13, the “2021 China Financial Industry Fintech Application Development Seminar” hosted by the magazine Financial Computerizing was successfully held in Guangzhou. More than 60 units including the Department of Science and Technology of the People’s Bank of China, Guangzhou Branch of the People’s Bank of China, large state-owned commercial banks, joint-stock banks, and city commercial banks attended the meeting and conducted lively discussions on topics including financial supervision, financial technology, and financial security. Gao Yang, Senior Security Consultant of DataCloak was invited to attend this conference and delivered a keynote speech with the title of “Zero Trust-Based Data Security Solutions: Sharing of Landing Scenarios in the Financial Industry”, which aroused great interest of the guests at the meeting and received widespread attention.

formula

Chen Yuhai, vice president of the Guangzhou Branch of the People’s Bank of China, and Zhai Xianghui, director of China Financial Computerizing Corporation, and other guests pointed out at the seminar that financial technology is in the ascendant and is driving profound changes in the financial industry. Financial institutions need to continue to promote financial technology research and application innovation, accelerate business-oriented and technology-driven digital transformation, and comprehensively enhance the innovation capabilities of technology-enabled businesses.

With the rise of mobile payment and the strengthening of industry supervision, financial companies have adopted technology empowerment methods to enhance operational efficiency, improve user experience, and promote product innovation. In digital transformation, the IT infrastructures of financial companies have introduced a large number of emerging technologies including cloud computing, mobile computing, and big data, etc. In the past, financial institutions usually relied on physical isolation (differentiating intranets and extranets) to establish corporate security boundaries. However, as business boundaries become blurred, regulatory requirements including data security and hierarchical classification have increased, and the demand for data sharing and computing has increased. Therefore, traditional solutions seem increasingly insufficient for the existing requirements, facing huge challenges in terms of agility, safety, and adaptability especially.

formula

Gao Yang, Senior Security Consultant of DataCloak said in the sharing that the Zero Trust concept is geared towards solving reasonable authorization and access security issues in an open network environment. It is the trend of global network security development and has been widely recognized. Facing the development trend of multi-cloud, ubiquitous, intelligent and autonomous IT infrastructure, DataCloak puts forward the security concept of “security as an infrastructure”, launched the Zero Trust Endpoint Secure Workspace (DACS). DataCloak also adopts core technologies including a new generation of security sandboxes, high-performance network tunnels, software-defined boundaries (SDP), and AI security policy engines to apply innovative solutions to solve data security and business continuity problems encountered in digital transformation for financial institutions.

DataCloak’s zero trust data security solution has been applied in more than ten large state-owned banks, insurance companies and securities companies, and has received positive comments. In this seminar, Gao Yang and the guests shared and discussed technical solutions for several common scenarios in the financial industry.

Scenario 1. Financial data and code loss prevention: cost reduction and efficiency increase, easy expansion

Financial companies have strict data security requirements and specifications, and usually adopt VDI(Virtual Desktop Infrastructure) solutions to meet the requirements that data does not land, loss, and goes through secure research and development, but they also face the following problems:

  • Poor experience: VDI video transmission relies on high-quality networks, and network freezes greatly affect user experience.
  • Poor compatibility: Peripheral compatibility is not sound, including external cameras, OCR equipment and other peripherals, which are poorly used.
  • Difficult to manage: It is difficult to achieve refined isolation on the server side, and it is difficult to ensure data security.
  • High cost: A large number of servers, network equipment and authorizations need to be purchased, and the expansion period is long.

After a large bank adopted the DACS solution, the cost was greatly reduced, from nearly 100 million-level expenses directly down to the order of millions, which greatly improves user experience and peripheral compatibility while improving security, and supports rapid and flexible expansion and secure office anytime, anywhere, and fully guarantees business continuity and effectiveness.

Scenario 2. Secure remote office: Solving security issues of VPN

The remote access of financial enterprise employees usually relies on VPN to connect to the enterprise intranet, and they face the following problems:

  • Security vulnerabilities: Traditional VPN technology adopts the method of first connection and then authentication, which has security vulnerabilities and complex expansion problems.
  • Excessive authorization: The granularity of access permission control is too coarse, which is prone to east-west attacks and infiltration, which brings great security risks.
  • Data leakage: There is no data prevention and control method in the remote terminal part, which may easily cause financial data leakage.

After adopting the DACS solution, a large securities company achieved the external invisibility of the business system, which greatly reduces the exposure of the Internet. Meanwhile, it ensures accurate and safe business access and anti-leakage through continuous verification of human, equipment, and resources, and achieves minimal-privileged access, which prevents the risk of internal penetration.

Scenario 3. Data security and classification: Data security protection throughout the life cycle

The “Financial Data Security Data Security Classification Guide” issued by the People’s Bank of China points out the concept of data life cycle security protection, and provides standard guidance from multiple parts including data collection, transmission, storage, use and circulation, deletion, and destruction. DataCloak’s solution of DACS helps financial companies solve data isolation and full life cycle security:

  • Data collection: A safe working space is constructed in the terminal equipment. The business personnel collect client photos, certificates, data, etc. in the safe working space, and data cannot be sent out of the safe space privately.
  • Data transmission: The data collected and processed on the terminal device is transmitted to the enterprise back-end server through a high-performance encrypted tunnel to ensure the safety and credibility of the data.
  • Data storage: Financial and client data can be encrypted and stored locally or remotely, and cannot be accessed without authorization, even if the device is lost or hard disk copy is not available.
  • Realtime computing: Employees or clients can only use the DACS secure space to access and use data, and the system effectively isolates the computing environment to ensure the security of financial data.
  • Deletion and destruction: Through the management and remote control of keys, enterprises can delete and destroy useless or unauthorized data at any time to ensure the security of financial data.

Scenario 4. Outsourcing personnel management: Flexible deployment and realtime adjustment

Financial companies often hire a lot of outsourcing engineers to help develop and maintain IT systems, and there are also a large number of partners onsite to provide services. Under normal circumstances, financial companies provide particular office space for outsourcing personnel, and adopt a variety of protection methods to ensure data security, including independent network segments, VDIs, DLP, dedicated physical machines, etc. However, in the case of rapid expansion of business and personnel, the following problems often exist:

  • Limited office space: Limited by physical space and network issues, the increase in outsourcing staff often leads to many deployment problems.
  • Difficulties in equipment management: The cost burden of the equipment provided by the enterprise, and the management difficulties of the outsourced BYOD equipment.
  • Complicated authority management: Outsourcing R&D usually requires simultaneous access to external resources and corporate intranet, and security policy management is complex.
  • High personnel mobility: Frequent replacement of outsourcing personnel results in management costs, and requires high timeliness and accuracy.
  • Data security risks: Outsourced personnel bring their own equipment or peripherals, which greatly increases the difficulty of preventing data leakage.

A financial technology company adopted the DataCloak’s DACS solution to meet the needs of more than 2,000 outsourced personnel to use BYOD equipments to work safely, and to achieve the separation of public and private data, which not only ensures that data cannot be leaked to third parties, but also greatly improves R&D efficiency. Meanwhile, the measure greatly saves equipment purchase costs, reduces office space, and achieves more flexible staffing and deployment. In addition, the company can also effectively control the data on the equipment of outsourced personnel, and even if the outsourced personnel leaves, the company can remotely delete unauthorized access data.

formula

Based on rich experience in infrastructure, large-scale distributed systems, cryptography, and enterprise services, DataCloak has successfully helped more than a dozen financial companies achieve the implementation and application of a zero trust security architecture. While reducing costs and increasing efficiency, it helps companies accelerate digital transformation and upgrades.

In addition to the financial industry, DataCloak’s DACS solution has also been adopted by a large number of top-tier clients in many industries including the Internet, advanced manufacturing, and professional services. With leading technology, excellent user experience, and good reputation, DataCloak was selected as a supplier in Gartner Vendor Ratings in 2020.

Contact Us 0755-21616605 contact@datacloak.com.cn Free Trade Center of ShenZhen