Rising Internet penetration in India, driven largely by smartphones, has led to a spurt in online banking and e-commerce. Today, more Indians prefer to transfer funds, pay utility bills, buy tickets, and shop online compared to a decade ago. However, increased usage of online and mobile channels along with dependency on third parties has raised cyber threat levels as corroborated by the recent spurt in online frauds. Against the backdrop of rising security concerns, Indian banks have realized the need to protect and secure their customers’ information to establish and maintain trust amongst its customers. As a result, their investment on IT security has gone up.

The security market in India has witnessed a paradigm shift from point products i.e., firewall/VPN, and URL filtering to UTM (Unified Threat Management) appliances which embed firewall, IPS, URL filtering, VPN, virus screening, and anti-spyware. UTM security solutions are ideal for businesses that require simple, affordable, and easy-to-deploy solutions with multiple layers of protection to ward off complex and sophisticated network threats.

Indian banks may find it easier to manage and implement secure connectivity across its network. Since most banks, including the public sector banks, run on core banking platforms, they could restrict Internet usage at their branches by setting up the right IT security policies.

Some of the benefits that Indian banks can derive by deploying UTM appliances include:

  1. Improve network security: Banks can install and maintain a firewall configuration to protect their customers’ data.
  2. Secure customer data: Help transfer private data securely over public network.
  3. Strong access control: Ensure critical data can only be accessed by authorized users.
  4. Better visibility of IT security: Monitor and track all access to network resources and ensure that data security is not compromised.

The VPN module of the UTM appliance helps safely connect the remote branches of public sector banks by using a public network (usually the Internet). This helps keep private data secure over the public network by means of encryption, both at the sender and receiver ends and safeguard against online and mobile frauds. The inbuilt automatic link failover feature shifts network load from an inactive Internet Service Provider (ISP) line to an active ISP and thereby reducing the network administrator’s task to manually shift the lines. UTM’s load balancing feature allows the network administrator to manage Internet downtime by using multiple ISP lines simultaneously for all users and balance the traffic load among available lines. It could significantly reduce cost and administrative burden for a bank’s CIO.

In this context, it is worth mentioning that UTM has gained widespread acceptance as a primary network gateway defense solution for organizations. It has emerged as a one-stop-solution that integrates multiple security functions in one single appliance viz., network firewalling, network intrusion prevention, anti-virus, anti-spam at the gateway entrance, Virtual Private Networking (VPN), content filtering, load balancing, and reporting. Implementing solutions designed to verify devices that can be remotely managed can help banks in securing confidential data. Other checks and balances in place like a One-Time Passcode (OTP) sent to the mobile via an SMS message or an Out-of-Band (OOB) transaction verification, and Knowledge-Based Authentication (KBA) by answering simple questions are employed by banks to check online frauds.

Indian banks have slowly become aware about the overall security management and the extended benefits of a holistic security model – like the UTM – to deal with complicated and sophisticated threats. Their perceptions are also well supported by strong regulatory proposals made by the government and other regulatory bodies. The Reserve Bank of India’s (RBI) stringent guidelines for banks to ensure investment into network security solutions along with strong IT security policies to fight cybercrime and fraud is a welcome move. They must develop a robust security infrastructure by having proper process and technological safeguards in place to protect sensitive information.