{"id":43348,"date":"2025-09-12T15:51:05","date_gmt":"2025-09-12T07:51:05","guid":{"rendered":"https:\/\/www.asuscloud.com\/?p=43348"},"modified":"2025-09-12T16:18:47","modified_gmt":"2025-09-12T08:18:47","slug":"%e5%be%9e%e9%98%b2%e7%a6%a6%e5%88%b0%e9%a9%97%e8%ad%89%ef%bc%8c%e7%9c%8b%e9%87%91%e8%9e%8d%e6%a5%ad%e5%a6%82%e4%bd%95%e5%9b%9e%e6%87%89%e8%b3%87%e5%ae%89%e6%96%b0%e9%a2%a8%e9%9a%aa%ef%bc%8c%e5%8a%a0","status":"publish","type":"post","link":"https:\/\/www.asuscloud.com\/en\/20250912\/43348\/","title":{"rendered":"How the financial industry is accelerating the implementation of Zero Trust?"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In today\u2019s era of rapidly developing digital finance, incidents such as data breaches, ransomware attacks, and account takeovers are occurring with alarming frequency, posing unprecedented cybersecurity challenges for the financial sector. Faced with cross-border compliance issues and increasingly diverse threats, the traditional 'perimeter-based defense' model is no longer sufficient. Following the release of the Zero Trust Implementation Guidelines by the Financial Supervisory Commission (FSC) last year, this year the FSC has gone further by promoting the Financial Cloud Security Monitoring Standards, establishing new security benchmarks for the industry. According to iThome, cybersecurity investment in the financial sector grew by 11.2% in 2024 compared to the previous year, with nearly 40% of institutions beginning to invest in Zero Trust identity and device authentication. Zero Trust is rapidly becoming a core strategy for financial institutions worldwide to strengthen cybersecurity.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Why does the financial industry need to adopt a Zero Trust architecture\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\"The cybersecurity risks currently facing the financial industry can largely be divided into two dimensions. First, with the widespread adoption of digital office and remote collaboration models, along with the industry\u2019s increasingly close interactions with multiple vendors and partners, the frequency of external collaboration and data exchange has surged. As a result, enterprise boundaries have become increasingly blurred, making it far more difficult to securely manage external members and devices.<\/span>\n\nSecondly, the vulnerabilities within internal environments cannot be overlooked. Once a gap emerges in the enterprise\u2019s cybersecurity defenses, attackers may infiltrate the intranet. Traditional internal networks often lack strict verification and monitoring, creating an issue of 'over-trusting' authorized members and devices. This makes the internal environment the weakest link in the security defense chain.<\/span>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Reassess cybersecurity policies with a zero-trust mindset<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In light of the aforementioned risks and challenges, enterprises should re-examine their internal cybersecurity policies and architectural processes with a zero-trust mindset, focusing on the following three areas:<\/span><\/p>

  1. Outside-in: Reduce the attack surface and increase defense depth.<\/span><\/li>
  2. Inside-out: Expand the protection surface while limiting the impact of potential damage.<\/span><\/li>
  3. Enhanced visibility: Continuous monitoring and verification.<\/span><\/li><\/ol>

    According to the Zero Trust Maturity Model published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Zero Trust capabilities consist of five pillars: identity, devices, network, applications, and data. Enterprises should gradually implement the core principles of Zero Trust across these domains, including never trust by default, continuous verification, and least-privilege access, evolving from manual configurations to full automation, and shifting from passive security policies to proactive governance. The recommended assessment approach is as follows:<\/span><\/p>