Page 23 - Banking Finance July 2025
P. 23
ARTICLE
In a post-pandemic world where remote access has become Least Privilege Access
the new normal, traditional security methods based on Zero Trust enforces the principle of least privilege, meaning
physical boundaries no longer suffice. Zero Trust shifts the users, applications, and systems are granted only the mini-
focus to user identity and device health, enabling secure mum level of access necessary to perform their specific func-
access regardless of location. This makes it particularly suit- tions. This limits potential damage in case of a breach or
able for securing mobile banking, digital account opening, insider misuse. For example, a customer service executive
and cloud-based platforms. should not have access to the bank's internal IT systems, just
as a system administrator should not have access to cus-
Moreover, Zero Trust helps financial institutions meet strin- tomer financial records unless absolutely necessary.
gent regulatory requirements such as those under GDPR,
PCI-DSS, and RBI guidelines. By enforcing fine-grained ac- Micro segmentation
cess controls and maintaining detailed logs of user activity, Micro segmentation involves dividing the IT infrastructure
institutions can more easily demonstrate compliance and into small, secure zones and applying access controls to each
reduce the risk of penalties for data mishandling.
zone individually. This approach prevents attackers from
moving laterally across the network. If a breach occurs in
Key Principles of the Zero Trust Security one segment, it can be isolated and contained, reducing the
Model likelihood of a widespread compromise. In banking, this
means that a breach in the HR system wouldn't automati-
The Zero Trust Security Model is a modern approach to cally grant access to the loan processing or customer ac-
cybersecurity that assumes no user or system should be in- count systems.
herently trusted-whether they're inside or outside the net-
work. It emphasizes rigorous verification, minimal access, Continuous Monitoring
and constant oversight to prevent breaches and limit their
impact. Below are the core principles that define this model: Zero Trust relies on real-time monitoring and analytics to
detect unusual behaviours and threats as they emerge. By
constantly observing user activity, login patterns, access fre-
Never Trust, Always Verify
quency, and device behaviour, security teams can identify
This is the foundational concept of Zero Trust. Unlike tradi- anomalies and take immediate action. Continuous monitor-
tional models that automatically trust users or devices in- ing ensures that even if a threat manages to penetrate the
side the network perimeter, Zero Trust assumes that no
first layer of defence, it can be quickly detected and neu-
entity-internal or external-should be trusted by default. tralized before it causes significant damage.
Every access request must be explicitly authenticated, au-
thorized, and continuously validated, regardless of where it Device Security
originates. This principle ensures that trust is earned and In a Zero Trust environment, access is not only dependent
re-evaluated constantly, not granted once and assumed
on user identity but also on device health and compliance.
forever.
Only devices that meet established security standards-such
as having up-to-date antivirus software, secure configura-
tions, and no known vulnerabilities-are granted access to
resources. This is especially critical in remote work scenarios,
where personal or unmanaged devices could otherwise be-
come points of compromise.
Strong Authentication (Multi-Factor Au-
thentication - MFA)
Authentication in a Zero Trust model goes beyond simple
usernames and passwords. It incorporates multiple layers
of verification to ensure that users are who they claim to
be. Multi-Factor Authentication (MFA) typically combines:
BANKING FINANCE | JULY | 2025 | 21
