A Study on the Application of Zero Trust Security Model in the Financial Sector

Abstract

The changed hybrid work environment such as the expansion of cloud computing technology and the increase in telecommuting due to the coronavirus infection (COVID-19), has brought about new security problems. The traditional perimeter security model has limitations in protecting various devices and environments because it is difficult to clearly distinguish network boundaries. The Zero Trust model, which has been proposed as an alternative security strategy to overcome this, is based on the premise that there is no trust in the assets and actors that are connected components when configuring corporate infrastructure and workflow. The financial sector is actively seeking to introduce the zero trust security model as a means of strengthening security. Demand for responding to advanced cyber-security threats, strengthening security policies, and applicability and necessity of a zero trust security model in the financial sector has expanded. This study proposed the components of a zero trust security model to be applied to the financial world based on financial governance and zero trust principles, components of the maturity model, and the results of expert interviews. The zero trust security model in the financial sector consists of four layers and eight detailed steps: perimeter security layer, authority definition layer, behavior detection layer, and internal control layer. This zero trust security model for the financial sector is expected to provide guidelines for key elements and construction steps to be considered when introducing zero trust in the financial sector.