Low latency and security are both crucial for finance apps. Unfortunately, some of the measures designed to secure applications can negatively impact performance, resulting in a tradeoff that financial companies can’t afford to make. That’s why Azion’s Edge Platform is not only designed to maximize performance, but deliver robust protection for applications deployed at the edge.
Financial companies such as Agibank and Provu have leveraged our platform to improve compliance and observability, strengthen security, and significantly reduce latency in their applications. This blog post will cover the security needs of finance apps, the cost of latency in trading and banking, and some of the key use cases and success stories enabled by our platform.
Security Challenges in Finance Apps
Compliance and Regulation
Although increasing numbers of customers are using mobile applications and websites to access their banking information, apply for loans, execute financial transactions and perform other banking or financial activities, customers are becoming increasingly concerned about cyberattacks that compromise their identity and financial information. This concern is justified given the frequency and scale of hacks at major financial institutions and financial intermediaries. Clients and customers will not trust their sensitive data and payment information to a company that lacks the necessary safeguards to protect their personal data.
To build public and consumer trust, financial companies must adhere to strict compliance and regulatory practices to ensure the security and privacy of their customers’ data. Meeting these regulations requires not only the ability to secure customers’ data, but also visibility to monitor and audit how that data is being accessed.
Creating Zero-Trust Security
With the widespread use of microservices, APIs, and mobile devices, legacy security strategies that focus on keeping attackers out of a secure corporate perimeter are now largely irrelevant. Instead, the zero-trust model of security has arisen to meet the challenges of modern security and provide protection for distributed applications, complex threats, remote workers, and mobile users. Zero trust uses a “never trust, always verify” philosophy of security characterized by strict authentication, narrow permissions, and ongoing monitoring to mitigate security threats from compromised users, workloads, networks, and devices.
Zero trust is a necessity for financial companies to secure an increasingly mobile user base and an array of APIs that are used to integrate data from various systems, meet regulatory compliance requirements, and add multidimensional services to their customers. Mobile users must be able to securely access financial information from a variety of locations or devices, and APIs must be secure to avoid exposing sensitive data to third parties and limit the risk to financial applications if APIs are compromised.
The Cost of Latency
The old adage that time is money proves especially true in the financial industry, where latency requirements are so stringent that they are often measured in microseconds or even nanoseconds. A 2015 article in the Journal of Finance in Data Science noted that, “High frequency trading means to rapidly trade large volumes of securities by using automated financial tools. A millisecond decrease in a trade delay may boost a high-speed firm’s earnings by about 100 million per year.” Since then, new technologies like edge computing and 5G have enabled increasingly low latency, making any delays in processing even more costly.
Not only does latency come at a high cost to financial trading, it also negatively impacts the usefulness of fraud prevention. Traditional fraud prevention programs, which are designed to prevent further damage once fraud has occurred, come at a huge expense to banks and users alike. In fact, a study conducted in October 2020 by LexisNexis Risk Solutions revealed the high costs of fraud, which have risen in the post-Covid world. These costs, which according to the article “include the transaction face value for which firms are held liable, plus fees and interest incurred, fines and legal fees, labor and investigation costs and external recovery expenses,” now result in an average of $3.64 in costs for every dollar lost by financial firms.
To prevent these losses, newer fraud prevention systems leverage real-time analytics and event-driven architecture to detect fraud as it is happening. In doing so, these systems can take appropriate actions, such as notifying police, locking doors, or rejecting ATM transaction requests. By stopping fraud in its tracks, financial institutions can significantly reduce the losses they incur.
Speed vs. Security: An Unnecessary Tradeoff
WAF
Web application firewalls, or WAFs, are necessary to protect applications against OWASP Top 10 threats, such as sensitive data exposure, security misconfiguration, or broken authentication. However, traditional signature-based WAFs can significantly increase the latency of an application. Signature-based WAFs provide protection by blocking requests that contain known attack patterns. Each time a new attack occurs, WAF vendors create a signature based on components of that attack and add it to the WAF. Since new attacks are occurring all the time, WAFs may include thousands of signatures, requiring immense computational resources and added latency to process new requests.
However, this tradeoff is not necessary with newer WAFs like Azion’s Web Application Firewall. Rather than maintaining a database of thousands of signatures, Azion’s WAF uses algorithms that analyze the syntax of attack patterns and condense them into a lean, performant rule set. As a result, our WAF protects not only against previous attacks, but zero-day and emerging threats–all while avoiding the performance and usage issues inherent in signature-based WAFs.
Encryption
For companies that handle credit card and banking information, encryption is a necessary tool for preventing fraud and identity theft. However, as noted in a TechBeacon blog post, encryption protocols can take a toll on application performance. Although the time it takes to perform simple encryption operations is negligible, connecting to a network to perform these operations takes significantly longer. As a result, the post warns readers that developers who want to minimize the performance toll of encryption should first “minimize the number of network connections that your application makes to implement encryption. Those are very expensive, and their use should be avoided if possible and minimized in all other situations.”
By reducing the distance data has to travel, edge computing significantly reduces the number of network hops, resulting in the fewest possible number of connections–and as a result, the lowest possible latency for cryptographic processes.
Containers and VMs
Isolating virtualized resources in containers and VMs prevents data leaks and ensures that security issues with one application or microservice do not affect another. However, doing so comes with a performance cost as applications scale–a necessity for financial institutions that embrace compute-intensive processes like real-time analytics or Blockchain technology. Because containers and VMs require developers to provision resources ahead of time, a choice must be made between overprovisioning and wasting resources or underprovisioning and risking outages and congestion.
To ensure security while enabling high-performance service, Azion secures serverless functions in a multi-tenant environment using the V8 JavaScript Engine. V8 has a sandboxing mechanism that enables a separate JavaScript execution environment to be created for each serverless function. This provides security and isolation for each function while running in a multitenant environment, where resources like disk I/O, memory, and CPU can be shared more efficiently, removing the need to individually allocate them for each microservice. With these built-in security features in the run-time, functions can scale automatically, executing when and where they’re needed with high performance, even during usage spikes and other periods of high demand.
The Future of Finance: Use Cases and Success Stories
Use Cases
Azion’s Edge Platform brings serverless computing to the edge, maximizing the scalability, availability, and cost-efficiency of edge computing. Along with low latency and security, these qualities are indispensable for financial companies, who can use our services to enhance the customer experience and gain a competitive advantage.
In addition, Azion’s Edge Platform can be used to enable new and exciting use cases in the financial industry, including:
- Personalized digital signage and targeted campaigns
- Portable bank branches with remote tellers
- Real-time analytics and fraud detection
- Support for cryptocurrency payments
- Facial recognition and near-field communications
- Effortless payment with smart watches and other IoT
Success Stories
Azion’s benefits for finance apps are demonstrated in our success with customers like Provu, a prominent personal credit fintech, and Agibank, one of the most secure and innovative banks in Brazil.
Using Azion’s Edge Application, Provu was able to improve the performance of its applications and APIs by creating specific request and response rules to cache content and optimize delivery protocols. These changes resulted in an 80% performance improvement in the Northeast region of Brazil, where a high percentage of Provu’s customers are concentrated and latency rates are the highest. In addition, using Network Layer Protection, an Edge Firewall module, to manage IP addresses safely and automatically has enabled Provu to dramatically reduce the management costs for securing its applications.
Agibank’s success story also demonstrates their success with Azion’s products, including Data Stream and Edge Firewall products, which Agibank used to strengthen compliance and observability practices and increase their application’s security and availability. Edge Firewall enabled Agibank to maintain availability by automatically detecting tens of thousands of threats and protect its origin infrastructure by answering 100% of requests on the edge.
To learn more about what Azion can do for your finance app, read the full success stories or contact Sales to discuss your needs with a representative.
