Bubbles were first adopted by some of the most popular sports leagues at the height of the pandemic to protect players and to enable them to continue participating in tournaments.

The concept has proven effective and allowed fans to enjoy the games, at least via broadcasts for the most part. More importantly, it has kept players from contracting Covid-19 and ensured that the sports industry survives and thrives despite the pandemic.

In some parts of the world, leading entities in the financial services industry are leveraging this concept, to not only protect staff but also to ensure that payment networks and critical operations segments are secured against external threats.

The sports industry doesn’t take breaks, and neither do hackers

Sports is a multi-billion-dollar industry. Take North America’s National Basketball Association (NBA), for example, where the average value of each team is about $2.2 billion and top-tier teams are valued between $4.5 billion and $5 billion each. At the National Hockey League (NHL), the story is similar, with the value of each of the top eight teams being pegged above $1 billion.

Both – the NBA and the NHL – followed the sports bubble concept and saw their net worth rise in 2021. In Asia Pacific and Africa, one of the most popular sports is cricket, and most of the tournaments played in the past two years followed sporting bubbles. As a result, players and the sport continued to thrive despite the pandemic.

On the opposite side of the spectrum, hackers too saw incredible growth over the past 18 months. Cybercrime rose at alarming rates, prompting Interpol to call for immediate action.

While sports leagues can get away with establishing physical bubbles to protect their players and the game, bankers need more stern measures. Establishing a quarantine protocol and a bubble is only the first step.

With remote working becoming standard and a shift to hybrid work becoming the norm across the world, the use of bubbles in financial services, posed one significant technology challenge: How do you manage the segmentation of users, devices, locations, and functions/workflows in this complex new world?

Cisco’s customers, fortunately, learned this wasn’t hard – and if systems were set up right, it could all be done automatically. I wrote about the concept of this in a recent blogpost but this use case, of course, is different.

Policy follows the user: Using policies to lock users and functions to specific “bubbles”

In the financial services industry, regulatory requirements as well as best practices dictate that closed environments are most secure. It’s why banks never store certain critical datasets on the cloud and shred forms with personal information once it has been digitized.

As a result, to protect against cybercrime and bolster security, some institutions are setting up bubbles in certain pockets of the world which serve as hubs managing critical transactions. A payments service, treasury operations, and so on are some examples.

Each organization has its own protocol with regards to employees entering and remaining within the bubble. From a technology perspective, however, the idea is to make it impossible for any user to access those processes unless they’re physically inside the hub. As a result, this offers a definite layer of security from cyberattack.

Since this is in direct conflict with today’s trend of organizations enabling hybrid work and allowing users to work from anywhere, on any network, using any device, treating certain functions/workflows differently meant establishing unique segregated environments for each bubble. That was the first step.

The next step is to use an intelligent AAA engine such as Cisco ISE which identifies users, devices, locations they are accessing from and enables policy-based, automated network enforcement to allow secure access and monitor across all network domains. Instead of defining a policy separately for LAN, wireless LAN, WAN, and even remote access VPN (RA-VPN), Cisco ISE makes it possible to define a policy only once and apply it to all of these domains consistently.

Cisco ISE also serves as the centerpiece in zero-trust security for the workplace because of its ability to provide consistent policy for the users. Also, when customers deploy Secure Network Analytics (formerly Stealthwatch) along with ISE, it makes it possible to view the traffic across entire wired, wireless, and RA-VPN network to gain deep visibility into traffic flow and take corrective actions as needed.

In the case of our client, the financial institution, ISE helped modernize segregated environments by allowing for the use of a single or common directory service to authenticate users for consistent identification across networks, making it possible to apply policies consistently.

What’s unique about ISE is that while it ensures that users can work flexibly from anywhere, specific functions/workflows can be locked to specific users, devices, ports, and locations concretely to provide an incredible level of security that wasn’t previously possible.

With all the technology in place, the organization is able to obtain deep insights into each users’ behavior, application performance in every environment and at every instance, and keep track of threats across all kinds of networks, making sure that only those meant to be in the bubble are actually in the bubble and that functions/workflows meant to be protected by the bubble are only accessed by users and devices in the bubble.

At the end of the day, Cisco’s network and ISE solution are integrated together and policies can be deployed with a click. Once defined, users, devices, ports, and even locations can be added, removed, and managed while in any network, seamlessly and automatically. That’s the beauty of havinXg modernized network infrastructure.

While putting bankers in bubbles needed planning, it helped that the concept had been validated by the work being done in sporting bubbles across the world.

In the coming months, even after the pandemic, these bubbles will remain – at least from a technology point of view – given the security they offer to key functions/workflows. In fact, the concept of ‘bubbles’ is one that can be applied to ‘hot-desking’, allowing users to work from an office close to where they live, and a myriad other use cases as organizations prepare for hybrid work.