Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

To overcome compliance challenges, financial institutions must look beyond ZTNA

By Denny LeCompte
Cybersecurity image

Image via Unsplash

October 19, 2023

Corporate compliance functions at today’s leading financial institutions are dealing with a massive sea change. The embrace of new technologies and the roll out of a seemingly endless stream of new digital services are making it difficult for compliance teams to adjust their policies and procedures accordingly. The burden of this change is compounded by growing regulatory complexity around these new digital services, as well as mounting data privacy concerns, heightened cybersecurity risks and ever-higher customer expectations.

Today, cybersecurity finds itself at the center of overall compliance enforcement and adherence. This is universally true for today’s most relevant and wide-reaching regulations being applied to the financial sector like the Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLBA), or the New York Department of Financial Services (NYDFS). From a cybersecurity standpoint, these regulations and agencies are concerned with protecting and restricting access to personal identifiable information (PII), corporate financials and other sensitive data maintained by financial institutions. Cybersecurity represents a means to an end as far as these regulations are concerned — it is ultimately how banks, financial services companies, insurance carriers, etc. protect their data and remain compliant.

Of course, the meat of what cybersecurity actually does here, and the specific technologies that are leveraged to meet these compliance requirements, are much more complex than that. 

Controlling access & the emergence of Zero Trust

When it comes to controlling access to data, financial institutions have long relied on Network Access Control (NAC) — a tried and true technology that manages the configuration and enforcement of authentication, access control, risk mitigation, and compliance enforcement policies across the corporate network. This mature toolset has stood the test of time, but in recent years has faced growing scrutiny for its lack of flexibility in the wake of remote and hybrid work policies, the proliferation of new device types (think personal devices and IoT), the rapid adoption of enterprise cloud applications — all of which have extended the network outward and simultaneously increased every company’s threat surface. 

With the COVID-19 pandemic, it seemed that the reliance on the physical corporate network was coming into question. This trend, along with those aforementioned, would help accelerate the popularization of a new, more stringent approach to security: zero trust. Zero trust promised financial institutions relief from their security compliance concerns. The concept’s “never trust, always verify” mantra represented a sort of security holy grail — where no unauthorized individual could gain access to data on a network or application in use across an organization.

Zero Trust Network Access (ZTNA) emerged as a potential solution to help address the flexibility issues of NAC across the new, perimeter-less network and sure up newly emerging compliance loose ends. In time, however, ZTNA would prove to be not much more than an overpopularized stopgap that sent many down hair-pulling implementation rabbit holes and eroded trust in the very concept of zero trust.

What ZTNA promised vs what it delivered

What many organizations — financial institutions included — failed to ask themselves was: will the status quo today remain the status quo a year from now? 

There had been an overnight shift to remote work at the beginning of the pandemic, and many companies were woefully unprepared from an IT security perspective. The panic over how to control access for remote employees to corporate resources was warranted, and ZTNA hit the scene at precisely the right time. The technology promised to be a compliance silver bullet AND help lift companies into the modern age of security and employ a zero trust strategy.

The answer to the above question, however, was ultimately: no, it would not be. The remote work policies were shortest lived for financial institutions, as their bottom-line-driven bosses feared productivity dips and revenue losses that could bring long-term turmoil to the markets. Their investments in ZTNA already made, they had no choice but to trudge ahead. What banks and financial services companies would come to realize is that ZTNA was not a replacement for NAC, and that it still had some growing up to do to deliver true, widescale zero trust access control and security. 

ZTNA implementation has proven to be overly complex. The need to redesign your network architecture should’ve been a non-starter, but much of that reality was hidden behind promises of flexibility and seamless user experiences. There also is no coverage for physical networks with ZTNA. A bank’s wired and wireless networks surely weren’t (and aren’t) going away entirely, which means it wasn’t a question of ZTNA or NAC, but do you want to invest in something ON TOP of NAC? If large-scale remote work was here to stay forever, then yes, perhaps that’s a wise investment. But that wasn’t what happened.

A unified approach to Zero Trust

Amendments to portions of GLBA, SOX and other federal and state regulations are like death and taxes. They’re going to happen — and rarely do these regulations get smaller in size. Financial institutions will continue to be asked to meet more and more compliance requirements to safeguard the critical information they process and maintain.

Zero trust is the real deal. If applied correctly, it can be the difference between a cybercriminal breaching your defenses, stealing your data, holding it ransom or giving it out to the world, ultimately ending with your company paying a huge regulatory fine — or none of that happening. 

A calculated approach to implementing zero trust means thinking beyond just NAC or ZTNA. Instead, banks and other financial institutions should consider lightweight, flexible cloud-native tools that can unify access control across their entire IT environment — encompassing both their networks and applications, as well as all the devices that are used to connect to them — no matter the location of those devices.

Doing so can help these institutions future-proof themselves for any forthcoming changes to these regulations and ensure they’re always maintaining the utmost compliance despite shifts made across their workforce or updates to their IT policies.

KEYWORDS: compliance financial service security personal identifiable information regulatory compliance zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Denny LeCompte is CEO at Portnox.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • small business cyber

    Small and Medium-sized Financial Institutions: The Security Challenges They Face Each Day

    See More
  • Jordan Avnaim podcast news header

    CISO strategies: Modern challenges and how to overcome them

    See More
  • Business credit card behind lock

    Protecting financial institutions in the era of AI-driven threats

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing