Industry Trends

Four Things to Look for When Evaluating a Financial Services Security Vendor

By Brian Forster | August 11, 2016

The need for cybersecurity vendors in the financial services marketplace has amplified as the threats have increased exponentially due to IOT, BYOD, and state-sponsored cyberterrorism, to name just a few factors. 

When looking for proof of the financial sector’s concern with security, we need to look no further than a recent meeting the Treasury Department held to discuss the current threats presented by the cyberthreat landscape.

As a result of the damage that can be done due to data breaches in financial services, many organizations are scrambling to find a suitable partner to protect them from cybercriminals. However, the cybersecurity vendor landscape is robust, and selecting the right one can be a tough decision.

Here are four things today’s companies should look for when evaluating a financial services security vendor:

1. Dynamic Security

As the threat landscape evolves at a breakneck speed, enterprises need to look to secure their systems with more than just a stateful firewall. An effective security vendor will offer financial institutions the ability to upgrade their defense against attacks in real time, without having to make any significant changes to existing hardware. 

Additionally, financial institutions should make sure their vendor can secure both Internet and intranet applications, while also providing the necessary training and support to make sure the staff behind the applications understands the ins and outs of the technology.  Finally, they need to have confidence that the vendor has experience in successfully migrating security policies and devices from their existing infrastructure to the new solution. More cybersecurity solutions fail due to improper conversions than any other reason.

Key takeaway: Today’s dynamic threats require a dynamic security solution.

2. Virtualization and Cloud Security

Like most industries, financial services rely heavily upon cloud computing and virtualization to deliver applications that increase both speed and flexibility. Companies that are employing these tactics (and most are) need to consider a security solution that spans across all workloads, whether they be physical or virtualized infrastructure on premise or in the cloud.

The capabilities shouldn’t stop there, however. Companies should look to work with a provider that offers a single operating system and allows technology teams to control all the security and networking factors from a single “pane of glass.” Organizations that invest in such capabilities will likely realize reduced operating expenses, saved time, and most importantly, more secure applications.

Key takeaway: In order for security to be effective, having a single view into your entire security infrastructure is paramount.   

3. Low Latency Infrastructure

In our modern world, speed is everything. We want all kinds of everyday things, like our news, deliveries, and conversations, to be executed with speed. When it comes to financial services, companies need things to work at this same prompt pace.

Too often, financial services security vendors offer the goods needed, but compromise the performance of the always-critical low-latency environment in the process. When evaluating vendors, financial institutions need to make sure they are looking at solutions that will offer effective data protection and regulatory compliance, while keeping the network speed right where it was before to achieve a competitive advantage.

While a slow network might frustrate everyday computer users, a slow-performing trading platform, like those used by financial institutions, can cost the organization millions of dollars a day.

Key takeaway: Speed does not have to be sacrificed in exchange for security.

4. Certifications

When we look for a restaurant to eat at, we will typically consult an application like Yelp. When buying a car, many of us first turn to something like the Kelley Blue Book. It’s important to do your research on the products being purchased, and financial organizations should take this consumer state of mind to the security vendor selection process as well.

When evaluating a vendor, it’s important to look for independent certifications (NSS Labs, ICSA, etc.) to make sure the organization’s security solutions are tested by reputable sources across the industry, and meet or exceed baseline expectations.

Key takeaway: Don’t overlook the weight that industry certifications carry.

With so many financial security vendors available in today’s market, it’s critical to vet the options. While these aren’t the only factors to consider, we hope they help you throughout the process.

Let’s get a conversation going on Twitter! What do you think are the most important things to consider?