Networking

The perimeter security model that banks have relied on for decades — firewall the data centre, trust everything inside — does not work in the cloud. When your trading systems run on GCP, your OMS in a Kubernetes pod needs to authenticate to a market data API without relying on a network boundary. We have implemented zero-trust networking on GCP for tier-one banks and fintechs. The principles are straightforward: no implicit trust based on network location, every access request authenticated and authorised, and least-privilege access enforced at every layer. ...

The perimeter is dead. Banking networks used to be castle-and-moat: a hardened perimeter with everything inside trusted. Once you were inside the network, you could access anything. This model fails because modern banking infrastructure spans cloud providers, data centres, and SaaS platforms. There is no single perimeter to defend. Zero trust replaces the perimeter with identity. Every request is authenticated, authorised, and encrypted — regardless of where it originates. For banking, zero trust is not just a security improvement. It is a regulatory requirement. The OCC, FFIEC, and European Banking Authority all recommend or mandate zero trust principles for critical banking infrastructure. ...