Using Cisco Controllers to Meet Financial Regulatory Requirements

This blog will explore how financial institutions (FIs) can use different Cisco technologies to help meet regulatory requirements, be they FFIEC, OCC, PCI, or others. Prior blogs in this series enumerated on the regulatory bodies and regulations, as well as how organizations can live in a multi-controller world. This is fundamental to the diverse technology requirements seen across an IT organization’s span of control. This blog will focus on some of the capabilities WITHIN each of these controllers, and how they can help solve the challenges faced within their respective domains. Of note is all of these technologies expose the northbound API which can allow for multi-domain orchestration, and multi-domain orchestration tools that leverage these tools were evaluated in the prior blog.

Across these regulatory audit criteria a number of fundamental constructs remain consistent. These key tones permeate the guidance that Cisco technologies can help with are being able to

• know your environment,
• patch your environment, and
• segment and secure sensitive data in your environment

Specific within some regulations, you will find advanced guidance on evolving technologies, especially with the 2021 update to the FFIEC operations book. These regulations will continue to evolve, and being able to harness the power of the automation systems can save organizations operational costs in meeting them.

Cisco DNA Center

Cisco DNA Center is a powerful network controller and management dashboard that lets you take charge of your network, optimize your Cisco investment, secure your remote workforce, and lower your IT spending. It provides a range of benefits for FIs, including helping them meet regulatory requirements through its extensive automation capabilities. These benefits include:

1. Network Segmentation: One of the key regulatory requirements for FIs is to ensure network segmentation to isolate sensitive data and systems. Cisco DNA Center can help with the provisioning of SDA or other technologies (L3 and L2) consistently across the environment.
2. Visibility and Control: Cisco DNA Center can provide the ability to centralize and filter on events and provide advanced analytics.
3. Compliance Reporting: FIs are required to maintain compliance reports to demonstrate their adherence to regulatory requirements. Cisco DNA Center provides compliance reports that can be easily generated and shared with regulators.
4. Automation and Orchestration: Cisco DNA Center automates network management tasks such as configuration management, device provisioning, and network policy enforcement. Through advanced composite templates, configlets for features can be stitched together across devices and device types so that consistency can be maintained for the diverse features that exist in an enterprise network.
5. Enhanced Security: Through advanced features like integration with Talos and endpoint classification, as well as automated workflows for the provisioning of advanced security resources like encrypted traffic analytics, DNA Center is helping FIs implement the policies to meet their regulatory requirements.

Cisco SD-WAN

Cisco SD-WAN is a cloud-delivered or on-premise managed software-defined wide-area network solution that enables FIs to connect any user to any application. It has integrated capabilities such as multicloud, security, enhanced visibility, and analytics building toward a Secure Access Service Edge (SASE)-enabled architecture. Some capabilities Cisco’s SD-WAN solution can help with include:

1. Network Segmentation: Provisioning secure segmentation and simplifying complex topologies is one of the strengths of the Cisco SD-WAN solution. It can help FIs to declaratively and systematically isolate sensitive data and systems. This is intrinsic to the overlay and naturally can extend the campus to the data center and cloud using standards based segmentation constructs.
2. Secure Connectivity: One of the innovations Cisco SD-WAN brought to market was the marriage of the routing topology with the encryption overlay to reduce the traditional complexity around managing both separately. It uses patented innovations around secure key distribution to facilitate an automated overlay which can secure any workload from any endpoint to any cloud using application aware routing.
3. Compliance Reporting: Cisco SD-WAN is a PCI compliant solution that can be used to help FIs meet their compliance needs. PCI-DSS reports are available and can be shared with regulators.
4. Automation and Orchestration: Cisco SD-WAN automates network management tasks such as configuration management, device provisioning, and network policy enforcement, reducing the risk of errors and inconsistencies that can lead to compliance violations.
5. Enhanced Security: Cisco SD-WAN provides advanced security features such as threat detection and response, application-level security, and access control, which can help FIs meet regulatory requirements around data security.

Cisco Meraki

Cisco Meraki is the world leading cloud-managed networking solution that provides the full stack of enterprise products managed consistently via centralized management of network devices and applications. It provides a range of benefits for FIs, including helping them meet regulatory requirements. Some of the benefits of Cisco Meraki for FIs in this regard include:

1. Cloud Management: With a PCI and GPDR compliant cloud management solution, FIs can safely manage their network infrastructure from a single cloud-based dashboard. The intuitive ability to rapidly provision and maintain large networks to include SD-WAN, switching, wireless, sensors and cameras, and consistently and according to predefined standards, prevents configuration drift and inherent risk. The native API allows easy integration with existing security tools and systems for auditing and validation.
2. Network Segmentation: Cisco Meraki supports intrinsic and simplified SD-WAN at low complexity to make an easy to maintain, secure, and audit environment. It has the ability to do full stack security marrying the wireless SSID to Layer 2 switch segmentation and preserving that through the SD-WAN solution, presenting this all in a single elegant solution.
3. Compliance Reporting: FIs are required to maintain compliance reports to demonstrate their adherence to regulatory requirements. Cisco Meraki provides compliance reports that can be easily generated and shared with regulators.
4. Advanced Security: Cisco Meraki provides advanced security features such as threat detection and response, content filtering, and access control, which can help FIs meet regulatory requirements around data security.

Cisco ACI

Cisco Application Centric Infrastructure (ACI) is a software-defined networking solution that provides centralized automation and policy-driven application profiles for data center networking. It provides a range of benefits for FIs, including helping them meet regulatory requirements. Some of the benefits of Cisco ACI for FIs in this regard include:

1. Network Segmentation: Implicit in ACI is the construct of application based awareness and segmentation into standards based group policy. This enables a framework for macro and micro-segmentation using traditional network based constructs or more advanced application classification. Through using a model driven approach to segmentation it allows FIs to ensure that segmentation constructs are consistent across a class of applications and enforced either in ASIC or via service appliances stitched into the network fabric.
2. Compliance Reporting: As part of Cisco’s reference design for secure data centers ACI offers the ability to report on hardware and software versions as well as security constructs used within the fabric either via native tools, or through created toolkits, or even through third-party audit solutions.
3. Automation and Orchestration: Cisco ACI was built from the top down as a model driven orchestration platform to allow all constructs of the network to be programmed and orchestrated as objects in the model. ACI has implicit automation and orchestration, and exposes all this functionality via API to allow third-party products to seamlessly fit into the solution.
4.  Enhanced Security: Cisco ACI provides advanced security features such as network segmentation, policy-based access control, and threat detection and response, which can help financial institutions meet regulatory requirements around data security.
5. Scalability and Performance: Cisco ACI has line rate performance and exceptional scalability to meet the most demanding environments. Evolutions such as multi-pod and multi-site allow fabrics to not only span geography but increases scalability by allowing mobility between one or more availability zones.

In Conclusion

The FFIEC blog series has been focused around summarizing and evaluating the regulatory environment faced by IT organizations through the lens of how it impacts these organizations, and corresponding technologies to help. In my 15 years serving the financial services space, the regulatory world has only gotten more challenging, but this is due to the real world risk and evolution of industrialization of the threat landscape into viable and profitable business models. The level of technical risk faced by FIs is at an all time high and will continue to evolve so long as FIs are “where the money is.” The regulatory environment does not solve this but is an attempt to ensure some level of control and consistency. To help meet these requirements Cisco has invested billions of dollars into the security and into the security of our platforms.

The extensibility of these platforms into a northbound API allows for the best in class functionality of all these systems from the campus to the WAN, while being able interoperate using standards based protocols and apply a multi-domain policy. This approach promotes flexibility and functionality without compromise, helping organizations unlock the maximum potential of their investments to solve their current and future business problems.

Learn more about Cisco Financial Services

and Cisco’s security resilience.