How can FinTechs ensure security when employees work remotely
This time, we have an interview with a technology leader who knows all the ins and outs of security in wealth management and Fintech companies. In a time when the whole world is being exposed to unprecedented security risks, he has one key insights about how you can save your business and reduce costs.
Sid Yenamandra is a founder and CEO of Entreda, a provider of comprehensive cybersecurity software, systems and training to the independent financial advice industry. Last month Entreda announced the delivery of its award-winning Endpoint Monitoring and Remediation suite of solutions on a complimentary basis for the first month of use to financial advisors and wealth management firms that are already using the company’s services. Endpoint Monitoring and Remediation is a comprehensive suite of tools and services for use specifically by broker-dealers, RIAs and their affiliated financial advisors to bolster their cyber defenses while working with residential internet services. The offer is part of Entreda’s commitment to support industry-wide coronavirus pandemic response efforts that involve transitioning to a work-from-home model.
In this article, we share comments from Sid on the current situation, including tips and useful practices that will help you ensure your company’s security during the coronavirus outbreak.
What specific problems have arisen during the coronavirus outbreak?
Sid: Well, a number of new opportunities have become front and center as a result of the coronavirus outbreak and really the WFH (work from home) dynamic. All users are now working from home. In the past, it was just independent contractors, but now all employees will need to be treated as independent contractors from an IT security perspective. The classic definition of the enterprise IT boundary has blown up. The new IT perimeter is the users themselves.
The control that IT departments have historically had is now drastically reduced. This has created significant challenges, particularly around policy enforcement and compliance reporting.
Historically, most enterprises have done some third-party risk due-diligence on their vendors. These risk models are now significantly affected, especially in the area of physical security and off-shore worker security and policy/risk due-diligence enforcement.
Because of increased reliance and pressure on remote work and collaboration software, as well as VPN and remote desktop login tools, some services are “breaking at the seams,” whereas others are facing enhanced security issues. These issues are a clear testimony to the surge in sudden demand.
What should companies implement to mitigate these issues?
Sid: This is a complicated answer because there is NO silver bullet. Stay calm! Enterprise IT and risk managers need to embrace the new normal because there is no choice. The new normal is here to stay for an indefinite period of time. Therefore, I recommend the following actions:
- Invest in enterprise-grade remote work and collaboration tools
- Rethink enterprise risk from third-party vendors. Invest more time in asking the right questions
- Invest in security awareness education
- All users and end-points need to be treated as potential sources of vulnerability.
- Invest in enhanced access control tools to ensure that users and devices are vetted before providing access to mission-critical systems.
How can businesses keep customers secure and yet not spend too much on security?
Sid: I think budgets need to be re-allocated based on risk. Enterprises need to rethink investments made in the past and prioritize certain areas more heavily now than before. For example, invest less in beefing up the corporate perimeter and investment more in remote work security and compliance reporting. Embrace the notion of “zero trust” and enable this paradigm for mission-critical corporate applications.
Where is Fintech and wealth management security heading to now? What does your future outlook look like?
Sid: At Entreda, we believe COVID-19 has and will continue to fundamentally change the way organizations work. There is going to be a fundamental shift toward enhanced telepresence and virtual service delivery models. I believe there is going to be substantial innovation in preserving the best of human social dynamics while leveraging virtual tools. This applies to client communication or B2B communication models. We believe that security and compliance workflows are going to see a large attach rate with these types of new communication models.
To expand on the security and compliance piece, we believe that remote work IT and security are now a key enabler for the wealth management industry. Historically, this was often ignored as a discretionary spend or an inconvenience. We think the Fintech/wealth management sector will embrace virtual security enforcement tools now more than ever before. Most organizations have traditionally relied on brick-and-mortar IT businesses to support them on-premise. Under the new normal, firms are going to have to rely on new service models to provide the required security and compliance services. Cyber threats are NOT going away! They are actually getting worse, and so services like ADT home security, Comcast, and AT&T are going to need to expand to cover cybersecurity services for work-from-home environments.
What are the pros and cons of having a security department at your company versus using a comprehensive cybersecurity software like Entreda?
Sid: Traditional security departments were set up to monitor and remediate cybersecurity incidents with employees working within the corporate perimeter. Entreda has traditionally focused on providing cybersecurity and compliance software for those workers who are “outside the traditional corporate perimeter.” With COVID-19, everyone is working from home, which is outside the corporate perimeter. Entreda has therefore seen an expansion in its serviceable market (SAM).
Entreda has seen demand for its remote work-related products skyrocket, with requests for VPN and secure remote desktop services increasing 300 percent in the first quarter of 2020 over the same period last year. Approximately 90 percent of the uptick has happened in the last two weeks. How were you able to keep the huge traffic growth under control?
Sid: In response to the uptick in demand for services like RDP and VPNs, we are expanding our cloud capacity to handle the new workload. We are also investing heavily in more dynamic scaling technologies, as well as security/privacy capabilities. We leverage AWS technology and infrastructure to enable this, and we have been extremely happy with their service and response.
Can you give more details on what exactly you mean by “secure remote desktop access to connect to office desktops or servers?” What layers or tiers do you have?
Sid: As a result of employees working from home, many users still need to access office desktops or servers to retrieve files or access legacy (noncloud) applications. To do this in a secure and compliant manner, organizations need tools such as remote desktop. Entreda provides enterprise-grade Remote Desktop software that works with our own VPN to ensure that data-in-motion is always secure. We also offer compliance reporting for Remote Desktop sessions to prove that users are securely accessing files or applications from their homes. This is a compliance best practice!
Mobile device security is of vital importance nowadays. Do you follow specific guidelines? What is meant by “minimum enterprise-grade security standard”?
Sid: There are a number of mobile device security tools on the market. Not all are truly enterprise-grade. There are a lot of consumer repackaged tools being provided to enterprise users that are cost-effective or free but do not meet the standards required by enterprise IT managers. For example, end-to-end security workflows for data in motion and at rest, multifactor authentication, and enhanced user analytics and compliance reporting are common examples of enterprise-grade features.
Why should CTOs switch their existing VPN implementation to your product?
Sid: Entreda’s VPN implementation is an overlay for corporate VPN solutions. We do not replace traditional VPNs but rather we augment their existing solutions to cover the BYOD (bring your own device) use case. Accessing third-party cloud applications from a home computer is a good example of a use case that traditional enterprise VPNs do not provide for. How do you ensure that employees can access a mission-critical cloud application from a home laptop? This is where our VPN solution is handy.