On June 30th, the new EU guidelines regarding cybersecurity for banks came into force. Now it is clearer how various financial services are to manage internal and external risks linked to IT and security. Segmentation using data diodes is an essential measure to mitigate security risks.
The goal – to reduce risks
The new guidelines from the European Banking Authority, EBA, are the European standard for managing security and IT risks. It describes how banks, fund managers and providers of payment services operating within the EU are to manage internal and external risks linked to IT and security. Hopefully, this will reduce the likelihood of attacks, data leaks, disruptions and intrusions.
Among other things, the guidelines point out which security measures have to be developed and implemented to mitigate IT and security risks that expose financial institutions.
It is essential to understand that the guidelines have legal status and that the operators covered, therefore, are obliged to justify any deviations from its application.
Who is affected by the new guidelines?
The guidelines address the management of internal and external risks within IT and information security, referred to as ICT risks, as well as operational risk management in financial institutions, referred to as payment service providers, credit institutions and securities companies.
Which information security requirements do the new guidelines set?
The guidelines contain a lot of information, but a central requirement regards classification; stating that financial institutions must make a risk assessment and classification of business functions, support processes and information assets, judged on how critical these are.
Another vital requirement is information security measures: the guidelines state that security measures have to be developed and implemented to mitigate IT and security risks that financial institutions face.
Data diodes improves cybersecurity for banks
An excellent method for mitigating security risks and protecting critical information and critical systems is network segmentation through a combination of physical and logical separation. Physical separation means that safety zones are defined and distributed on different physical hardware. Logical separation means that different zones or network traffic are allowed to coexist on the same hardware or in the same network cable, which makes it less apparent – and thus leads to lower confidence in the strength of the separation mechanism than that of physical separation.
Network segmentation in situations where one-way communication is imperative, i e where information must only go in ONE direction, can be solved effectively with data diodes.
Network segmentation is a task powerfully solved with data diodes.
The most important thing about a data diode is that information only can pass unilaterally. In Advenica’s SecuriCDS Data Diode, the separation and diode function is based on an optical transmitter and receiver. The design guarantees that no data whatsoever passes in the opposite direction. With certified solutions such as Advenica’s SecuriCDS Data Diode, which meets military standards, achieves both function and security.
Read more about network segmentation here.
Read more about Advenica’s data diodes here.
We also have solutions for network segmentation for situations where a two-way information flow is necessary . Here, data is effectively filtered, and each transfer ensures that the organisation’s information policy is followed.
Need help reducing security risks? Get in touch with us at Advenica.