Enterprises are embracing mobile and cloud technology benefits in order to foster company-wide digital transformation. But with this movement comes a new set of issues: how do you cost-effectively push core business processes and applications to a mobile and remote workforce without compromising security?
CIOs at banking, financial services, and insurance (BFSI) companies increasingly manage large projects that extend primary business functions such as core banking systems (CBS) and insurance policy admin systems (PAS) to mobile workers through app extensions. The “APPification” of these core banking functions aims to provide field employees with a simple, speedy, and secure method of helping customers make decisions and engage in services remotely.
But do they? Already-taxed dev teams must now create, manage, and maintain multiple systems instead of just one. Is the APPification of core services helping or hindering business objectives?
Most banks and insurers have employees in the field selling retail products such as loans, credit cards, and insurance policies to new customers, or assisting current customers with new product options or opportunities. To provide and collect the best information for quotes, policies, coverage details, terms and conditions, and other data, field staff need access to core banking and insurance systems.
Establishing and maintaining secure remote connections to core business applications is a major headache for enterprise security teams: remote connections not only require extra security infrastructure, but also that employees follow the security policies. Virtual private networks (VPNs) are one option. But VPNs require user traffic to cross a stack of appliances such as load balancers, DDoS, firewalls, and VPN concentrators—each adding latency to the transaction. Field reps, seeking faster connectivity speed, could “go rogue,” and bypass VPN controls, which could open the corporate network to bad actors.
One solution to the remote access challenge is creating mobile apps for loan origination and policy quote engines, packaging them inside a mobile device manager (MDM) container, and using real-time webservices or APIs that connect to core systems. But “APPification” creates new headaches for IT leads.
While appification may solve immediate end-user access problems, using mobile apps to extend existing CBS or PAS services can lead to complications:
So the key question is not “how do we build better mobile apps?” Instead, IT leads must ask “Are mobile apps worth the effort?” and “Is there a better way to give field staff secure access to core business processes?” The answer to both is “yes.”
Ubiquitous mobile broadband access, increasing cellular speeds over LTE (now moving to 5G), and public Wi-Fi hotspots facilitate remote work from anywhere (like customers’ homes, hotels, or coffee shops). Allowing employees access to CBS and PAS applications from the field with the same ease as access from HQ or a branch office means there is no need for mobile-app extensions.
However, legacy connectivity models can impede progress. VPNs—intended to secure workers—can introduce lag: More employees contend for limited bandwidth to connect to the corporate data center while data is backhauled via bottlenecked security gateways. Worse, hardware security costs can skyrocket with the need to scale up remote access. The “castle-and-moat” security model isn’t built for the way enterprise business networks are evolving, with thousands of remote workers trying to access applications that are increasingly moving from private data centers into public clouds.
Inline, cloud-based security services can connect users to applications seamlessly and with all security controls in place and inline. A zero trust architecture typically employs a cloud-security model to support fundamental principles of default-deny posture and follow-the-user policy controls. In this way, zero trust extends security protection to mobile devices so that field staff can access core applications with the same level of security controls as HQ-based workers.
Gartner says that by 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPNs) in favor of zero trust architectures.
A zero trust architecture cloud service allows:
Zero trust services also provide cost avoidance for enterprises:
With a zero trust architecture, enterprises with large numbers of remote employees using core business applications can optimize that access with better security and performance. They leverage the power of digital transformation by using the internet to access applications both in data centers and in the cloud, without exposing corporate network information to bad actors looking for breach opportunities.
Zero trust architectures create:
Zero trust architectures provide secure connections between remote field employees and the applications they need, removing the need for costly security stacks protecting core business apps, VPNs, or any efforts to “APPify” crucial business processes.