Banking security has evolved as one of the most challenging in the IT industry because of the number of users and amount of money at stake.
These dynamics make it equally difficult for developers to build the necessary service-oriented infrastructure without opening massive holes in security. ING Bank N.V. believes it has found a solution to this problem through namespace as-a-service, which allows a container to have a different set of permissions than the system itself.
“Namespace as-a-service means we don’t give a full cluster to our users,” said Thijs Ebbers (pictured, left), cloud native architect at ING Bank. “We only give them CPU, memory and networking. That’s all they need to host the application; everything else we abstract away. In a banking context, where compliance is a big thing, you don’t need to do compliance for an entire Kubernetes clusterized developer.”
Ebbers spoke with theCUBE industry analysts Lisa Martin and Savannah Peterson at KubeCon + CloudNativeCon NA 2022, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. He was joined by Arno Vonk (pictured, right), product owner of container-as-a-service at ING Bank, and they discussed how the company’s approach to security is transforming its systems philosophy. (* Disclosure below.)
Banking on developers
ING’s namespace solution points to an evolving trend in the banking industry. Like nearly every other vertical, developers are playing an increasingly more significant role, and this is driving systems transformation within the financial world.
“We’re really changing as a bank to a tech company,” Vonk said. “We deliver namespace as-a-service and a really secure environment. Developers can only get a namespace; that’s very important.”
ING’s approach underscores the importance of network access, a complicated subject because of the need to balance what’s necessary to run a business with the risk of incurring a damaging breach. Banks and other institutions should consider adopting a stricter standard than “least privilege,” according to Ebbers.
“You hear a lot about least privilege in all of the security talks, but that’s not what you should be aiming for,” Ebbers said. “Zero privilege is what you should be aiming for. Even if you have someone invading your infrastructure, there are no privileges. If you are handling customer data and customer funds, aim for zero-privilege architecture.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the KubeCon + CloudNativeCon NA 2022 event:
(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for KubeCon + CloudNativeCon NA 2022. Sponsors of theCUBE’s event coverage have no editorial control over content on theCUBE or SiliconANGLE.)