We provide a one-stop solution for the BFSI’s DaaS, identity, and access control using Multi-factor Authentication (MFA) and ZTAN-based Secure Remote Access. In other words, competitive TOC and better ROI make us one of the best solutions in the market. To Understand how cybersecurity has become a key priority for enterprises and its latest trends, Nidhi Shail Kujur of Elets News Network (ENN) interacted with Vijender Yadav, CEO, CTO & Co-founder, Accops.
Q1. Cyber security has become a key priority for enterprises today. What are the new security trends that will help in reshaping the industry?
Ans: The traditional computing models and paradigms have gone for a toss because of the pandemic. Earlier, an organization’s assets – intangible and tangible — were found either on premises or in the cloud. In other words, it was spread in a few finite places that you can secure. But now, that is not the case. The new environment is a hybrid and multi-cloud environment accessed by a wide range of devices, applications, and users residing anywhere under the blue sky.
On the other hand, the demand and range of applications have simply skyrocketed. Fueled by an urgent need to digitize each business process, digital transformation has become a critical business survival tool.
These changes have junked the old ideas and modus operandi of cyber security. The need of the hour is a distributed security architecture that empowers the distributed organization to rapidly deploy, and seamlessly extend security where it is most needed.
So, when you want adaptive security, the people making the buying and deployment decisions need to be tech-savvy enough to understand and act on the changing need of the day.
So now you need to provide security anywhere, anytime, as I said. While planning and deploying security, the cyber-security in charge now has two major challenges – identifying if a user is a machine or a human being.
A hybrid workspace and many kinds of applications residing in a multi-cloud environment led to an identity-first cyber-security approach. Identity is a key lateral movement technique across air-gap networks. And this will lead to a rise in multi-factor authentication.
The explosion of API-driven services, ushers in an era of inter-operable hyperconnectivity. Hackers are using AI, ML, and other technologies to launch increasingly sophisticated attacks. While machine identity tools are still emerging, each service needs to be properly authenticated and monitored for obvious security reasons.
In all these changes, Data is the key to everything. Whether it is at rest or in motion, we need to find ways to securely process and share data, even in untrusted environments.
And to top all these changes, there is work – work from anywhere. Last, but not least, to meet all the challenges that I have stated above, you cannot have a plethora of security solutions, which are not compatible with each other. Most organizations cannot afford multiple vendors providing them security at each step.
The need of the hour is a one-stop solution that can hide the complexity of their network and simply provide cybersecurity to their users. In other words, cybersecurity will become a productivity enhancer and not an enigma.
Q2. How does Accops DaaS enable organizations to provide their end-users with secure office PCs on the cloud without any Capex?
Ans: Until some time ago, the most prevalent approach in the industry was that of Virtual Desktop Infrastructure (VDI). As the name says, VDI deals with desktop virtualization. Now VDI is a resource-heavy technology that requires an upfront expenditure – Capex. The hardware infrastructure must be either deployed on-premises or in the data center. In terms of software, an OS-specific hypervisor is needed to complete the loop. Traditional VDI setups were complex and resource-hungry and were difficult to scale up or down as per the business needs.
Desktop-as-a-Service (DaaS) refers to a form of virtual computing that provides remote workers with a digital workspace. A DaaS provider streams virtual desktops over a network to a user’s endpoint devices, where the end-users may access them through client software or a web browser.
In comparison to VDI, DaaS is a simple setup based on multi-tenant architecture. Organizations can purchase services through a subscription model. DaaS provides all the advantages of VDI, including remote worker support, improved security, and ease of desktop management and all at no upfront cost.
In trying times like pandemics and times of disaster, DaaS will ensure business continuity at a click. The users will have a fully provisioned corporate desktop environment, remotely, on a device of choice.
In BFSI, apart from cybersecurity, regulatory compliance plays a major role. With DaaS, while the desktops are centrally provisioned, the data storage and processing can be tightly governed to meet the stringent regulatory standards.
Now coming to Accops, we offer DaaS with Multifactor Authentication (MFA) and Secure Remote Access. So how would a BFSI organization benefit by choosing us?
Cyber security typically has many loopholes to plug. If every loophole entails a separate solution. Just think of the number of vendors and the number of solutions involved to protect an organization. While an organization might have the means to procure and maintain a plethora of vendors and their respective solutions, just think of the end user’s experience. Each member of the organization is left grappling with the security and networking complexities.
Enter Accops, we provide a one-stop solution for the BFSI’s DaaS, identity, and access control using Multi-factor Authentication (MFA) and ZTAN-based Secure Remote Access. In other words, competitive TOC and better ROI make us one of the best solutions in the market.
3. How does Accops’ DaaS-based remote access augments the BFSI Operations of organizations?
Ans: You will notice that there are certain common pain points and challenges for organizations operating in the BFSI space. Let us understand how Accops DaaS can help tackle them.
“Time to market” is a very important business metric that is critical to all BFSI organizations irrespective of whether you are a bank, insurer, or any other NBFC and especially with competition from today’s internet-only and “born in the cloud” Fintech companies that are giving these well-established players a run for their money. The ability and flexibility for a BFSI organization to quickly rollout workspaces and productivity applications for its core employees and contract staff go a long way in slashing one’s “time to market”. The BFSI segment is a “glocal” vertical – connected globally and serving locally. Robust operational agility is the key to success.
Traditional modes of relying on thick PCs and on-premises VDI have proven to be a drag and it does not allow the IT infrastructure to cope with business demands. Even for that matter just using VDI or VPN platform may also not be good enough as you will have to look at multiple other solutions to provide security to the environment. This is where Accops’ DaaS can help you with rapid deployment and redeployment as per your changing market, business, and regulatory compliance needs.
What you get, with a click of a button, is a completely secure and remote access platform that is provisioned from the word go. You can have a complete workspace with built-in security controls and with all the applications that are required, available for your staff. Accops’ DaaS has built-in zero trust access that takes care of your point-to-site VPN, MFA, virtualization of workspace, and data security.
Confirmation of regulatory compliance and data security is another key aspect of all businesses in the BFSI space. Here, Accops’ DaaS comes with built-in security controls rather than a bolt-on approach. An add-on approach typically requires integrating multiple third-party products as an afterthought. The Accops’ solution puts in place a complete zero trust access management (ZTNA) capability for your applications and virtual workspaces where every access request must pass through multiple checks that you configure and re-configure as per changing business requirements. Accops’ DaaS also has strong MFA capabilities that support biometric evidence of log in. Currently, biometric MFA is being mandated by many regulatory bodies. Lastly, once onboarded to Accops’ DaaS, ensure zero data leakage (DLP) through multiple controls like restricting data access only within the digital workspace, preventing usage of screen sharing or snipping tools, watermarking user sessions, blocking USBs, and so on.
Another key characteristic of these BFSI organizations is wide distribution and deep penetration of their operations. While there is a huge business opportunity to tap into, imagine how the IT infrastructure would be managing the logistics and ongoing management in such distributed environments. Here again, DaaS comes to help by making the infrastructure agnostic to all these aspects.
IT can centralize data and applications and simplify the management and maintenance. Also carrying the heavy baggage of thick PCs or laptops is not a good idea as these are more prone to failures, require technical skillsets to repair or replace, and are also not logistic friendly. So, the solution here is to utilize thin clients and access all your resources over the VDI with minimal, to no footprints on the local device. Accops provides thin clients of various form factors that support Linux and Windows-based operating systems. So, these devices have a longer life and are easy to maintain. You just swap the device in the event of failure, which can be done by anyone within the branch or office.
Another challenge to be addressed because of this deep penetration of their operations is that you will find employees working from tier 3 cities and other rural areas where access to high-speed internet will be a challenge. Accops uses a specific protocol tailor-built to work over such low bandwidth networks. So even these users who work from such remote and rural locations can access all the resources provisioned centrally without compromising on their user experience.
Now moving on to the employees themselves, if you look at the workforce in all BFSI organizations, you will observe that it is a mix of employees working from the office and then a field force who is out there interacting with customers. These organizations rely on the field force for critical business development activities and for delivering services at the customer’s doorsteps.
The mobile workforce needs to be provided with the flexibility to access customer-specific data on the go without compromising the security of data – this is also providing many organizations a competitive edge as they can work closer to the customer. There could be scenarios where a particular employee on the field is required to use a second device as his primary device might have died, and this second device is immediately available. Again, Accops can help here. With our solution, you can access your workspace either from Windows, Mac, or Linux-based operating systems giving your employee the flexibility to grab any device immediately available to access his or her workspace without having to wait to get hold of a managed device.
As IT admins of a BFSI organization, with Accops, you still don’t lose control of the user device which is currently an unmanaged device. There are security policies that can be enforced with the click of a button even for these unmanaged devices.
4. How does Accops help BFSI organizations accelerate their digital transformation journey?
Ans: “Going digital” has been a favorite topic over the past few years. But what the pandemic has done is – those digital transformation projects that were there in a 3 to 5 years roadmap have now already been implemented in the majority of the BFSI organizations or, are getting implemented currently.
The BFSI sector, despite a huge reliance on technology, due to its risk-averse mindset, was not the front runner in going digital. But as I just mentioned, because of the unprecedented challenges that were posed by the pandemic and with cut-throat competition from internet-only companies that have emerged, everybody acknowledges that “Digital transformation” is no longer a choice, but rather a necessity if an organization must survive.
Let’s start with the cloud. Cloud Adoption is on the rise in the BFSI sector unlike any time in the recent past. BFSI is one sector where there is a huge consumption of IT infrastructure which the traditional on-premises-based models are unable to serve.
A hybrid cloud is a way forward for BFSI and these organizations have very clearly identified use cases that can be onboarded to the cloud and can remain there going forward. VDI is one such use case that calls for a hybrid deployment. With Accops, we give the ability to manage digital workspace over the hybrid cloud and multi-cloud environment. So basically, all provisioning, de-provisioning, and application of policies can be controlled centrally across digital workspace environments. This makes life simple for IT as they do not need to get skilled in multiple VDI technologies and associated management procedures.
With sentiments improving for cloud adoption, SaaS-based applications have also made inroads in these BFSI organizations. The employees now access 3 to 5 SaaS-based applications while accomplishing their day-to-day tasks. Accops has a solution for securing SaaS applications. Accops help secure access to these SaaS applications using contextual multiple-factor authentication capabilities and at the same time help deliver single sign-on capabilities for the end-users.
With the footprint of cloud and SaaS-based applications increasing, naturally, the time the employees’ exposure to the internet is also on the rise. This leaves, employees more prone to phishing, pharming, and scamming attacks. Internet isolation is one key use case that has gained prominence. Again, Accops helps organizations isolate internet access from local network through VDI-based solutions. So, users always access the internet from a virtual workspace and not directly from their local PC within the corporate or branch office. this prevents breaches that bring down the operations in their respective locations.
The BFSI sector has never shied away from innovating when it comes to delivering customer experiences. Workforce mobility is a key competitive advantage allowing employees to respond quickly to new opportunities and improve productivity too.
Accops enables BFSI organizations to deliver applications and workspace to their employees on the move giving them the flexibility to choose their devices. The IT does not need to compromise on security. Our strong endpoint control capabilities lend you the ability to restrict access only from trusted devices. It also controls what the user is allowed and what is out of bounds on the devices they use to access the resources provisioned to them.
Transitioning to hybrid work is also a journey that BFSI organizations have started embracing. Re-iterating what we already spoke about, a holistic remote access platform that is quick to deploy and manage is the need of the hour. Accops’ DaaS is one such platform that these organizations can look up to while setting up the hybrid work model.
5. Briefly tell us about Accops Zero trust security architecture. How does it enable users to securely access applications and data from anywhere using any device?
Ans: Zero Trust Network Access (ZTNA) is a term that got coined recently. Accops already had many of the capabilities, which are now classified as ZTNA.
So, the message I want to pass on here is that Accops’ approach to implementing Zero Trust is tried and tested. We are veterans, seasoned over years of experience. Our numerous BFSI customers’ feedback have helped us strengthen ourselves.
The basic premise on which any zero-trust product is built is, by default, you do not trust anything – neither the device, the user, or his credentials. The user or device must earn the trust by providing multiple pieces of evidence. This contrasts with the traditional approaches of access management, where providing an Active Directory credential or VPN credential will provide unbridled access. Once you are in the network there are no restrictions to move laterally within it.
With Accops Zero Trust, all the access to your network will be channeled through a gateway. At the heart of the gateway is a contextual policy engine that checks for different contexts of the access request like the username, role of the user, and resources that the user is entitled to access to start with. Then subsequently it goes ahead and checks things like the security posture of the device which can include whether the device has an anti-virus that is enabled and updated, whether the device has the latest OS patches installed, and whether the device falls in the trusted device list category and so on.
Once these checks are fulfilled, the gateway can be configured to prompt the user for step-up authentication using MFA. In the market, you will have products that deliver token-based MFAs like SMS, email, mobile token, hardware token, etc. But here is where our product stands out. Accops, using our BioAuth server, can support biometric evidence as well. This evidence can include a person’s face or fingerprint.
With facial authentication, we have certain advanced capabilities like continuous user monitoring which means you can monitor whether the user is present in front of the system and logs out of a session or even detect a second face and log out of the user’s session to prevent data theft activities like shoulder surfing.
So once an access request is granted, then the user is still allowed to access only the entitled resources rather than accessing all the resources within the network.
Our solution doesn’t stop at sanitizing and granting access. Once the user’s session starts, we have strong endpoint control capabilities that can be enforced on the user’s machine. These endpoint controls include simple features to start with like controlling the user’s clipboard or blocking USB access to advanced features like preventing usage of screen-sharing tools or snipping tools, preventing internet on the user machine, and allowing only Accops traffic, or even locking down the user machine to kiosk mode where the only application that the user can access is the Accops client and no local resource or functionalities of the device can be used.
As you can realize, our approach to zero trust is robust and BFSI organizations will be fully equipped to safeguard themselves from modern-day network risks that can arise from compromised devices or users.