By Christopher Campbell and Manasee Dash

Cloud, mobile, social, big data, and the Internet of Things (IoT) are exciting innovations with the potential to transform how bank customers, particularly millennials, engage with financial institutions. Yet high-growth digital business investment creates new risks for banks.

While advancing digital agendas, 77 percent of financial services CEOs believe that digital business is bringing new types and levels of risk—[1] particularly when it comes to cloud adoption. While, the benefits of cloud are enticing, banks are hesitant. Security and data privacy are the key concerns for moving to the cloud.[2]

The Growing Cost of Threats and Compliance
Traditionally, the financial services industry has been considered a model for best security practices. However, that leadership is eroding because financial gain is increasingly the motive for data breaches. The top two risks for banks are cyberattacks on critical infrastructure and regulatory scrutiny.

  • More than half of (55 percent) of financial services firms recently reported ransomware as the top attack threat, followed by phishing (50 percent), which previously held the top spot.[3]
  • Almost a third (32 percent) of financial firms say they’ve lost anywhere from $100,000 to a half-million dollars due to ransomware attacks.[4] And it’s getting worse. The WannaCry ransomware attack on May 12th that affected more than 150 countries and major businesses and organizations, has been labeled as the largest attack in history.

A catastrophic hack as well as repetitive non-compliance can affect both an individual bank and the stability of national and global markets in the digitally interconnected world. Even endpoints running the most up-to-date software, email filters, and other security layers can be attacked—all it takes is for a user to fall for a phishing email or to open a malicious attachment.

Beyond breaches, ensuring regulatory and industry compliance is also a significant challenge for financial firms, given the sensitivity of their information and transactions. In the U.S., financial organizations must ensure data protection and auditing under the Gramm-Leach-Bliley (GLB) and Sarbanes-Oxley (SOX) Acts. Transaction processing must also be PCI-compliant.

Although it would be impossible to stop every cyberattack because criminals are inventive and there are just too many ways to exploit systems, financial services organizations can excel at protecting sensitive customer information and data. They can become expert at detecting security issues faster and recovering from data loss more efficiently.

So how do you do that?
Delivering a robust, compliant security solution when infrastructure and its users are changing constantly is difficult. Archaic rules on firewall security may no longer be applicable as IT teams need to keep pace with supporting a combination of on-premise and cloud environments, mobility, IoT, and escalating governance, risk management and compliance.  Security can no longer be bolted on but must be architected into the IT infrastructure to deliver security anywhere – from the user, the device they’re on, the network they traverse down to the infrastructure where the data resides.

The solution to this problem starts with virtualization, which can abstract the underlying infrastructure from the applications running on top of it, whether that infrastructure is on-premises or in the public cloud. This layer of abstraction gives IT the ability to gain full visibility into the data path, and provides the ideal enforcement point to compartmentalize applications. IT departments can use fine-grained security policies and controls and map them to micro-segmentation, data encryption, and dynamic threat service insertion service to prevent the lateral spread of threats inside the data center.

Additionally, verifying user identity and device posture across all users and endpoints is key for BYOD programs and ATM services. This allows organizations to add an adaptive and conditional layer of security at each transactional level— from the user to the resources they’re accessing—securing corporate data and reducing the cyber-attack surface without impacting the user’s consumer-like experience. This gives IT department visibility and context of the interaction between users, endpoints and critical corporate data.

Delivering security for a changing landscape by providing a ubiquitous software layer across application infrastructure and endpoints is the future. This lets organizations take full advantage of the visibility and context of the interactions between users and applications so they can align their security controls and policies to the applications they are protecting. To learn more about VMware Security visit

About VMware
VMware, a global leader in cloud infrastructure and business mobility, accelerates our customers’ digital transformation journey by enabling enterprises to master a software-defined approach to business and IT. With the VMware Cross-Cloud Architecture™ and digital workspace solutions, organizations are creating exceptional experiences by mobilizing everything; responding faster to opportunities with modern data and apps; and safeguarding customer trust with a defense-in- depth approach to security. VMware, a member of the Dell Technologies family of businesses, has more than 500,000 customers and 75,000 partners worldwide. For more information visit

Christopher Campbell
Director Product Marketing
VMware Inc.
Manasee Dash
Senior Product Line Marketing Manager, Financial Services Industry Marketing
VMware Inc.

[1] 2016 VMware State of the Digital Workspace Report:

[2] Peak 10 Financial Services in IT Study

[3] From the Trenches: SANS 2016 Survey on Security and Risk in the Financial Sector

[4] From the Trenches: SANS 2016 Survey on Security and Risk in the Financial Sector


Cloud, mobile, social, big data, and the Internet of Things (IoT) are exciting innovations with the potential to transform how bank customers, particularly millennials, engage with financial institutions.