In an exclusive interaction with Adlin Pertishya Jebaraj, correspondent of Finance Outlook Magazine, Vijender Yadav, Co-Founder, Managing Director and CEO of Accops, shares about cyber safety in financial firms and how the most popular financial institutions are adopting the platform approach to Zero Trust, which gives a combined solution to provide a common control plane across various environments. Vijender Yadav is a pioneering product developer and security innovator with over 20 years of experience in enterprise mobility, virtualisation, and secure remote access solutions. His deep technical expertise with a sharp product vision to shape the future of secure digital workspaces at Accops.
How do you see the RBI’s rules on cyber safety and the DPDP Act making changes in the BFSI in India, and how does it work with the law?
The cyber security guidelines issued by the RBI, and the DPDP Act are not a comprehensive independent regulation; these are two parts of a whole legal framework on digital finance in India. The instructions of the RBI are prescriptive and based on the security posture and operational resilience. They require certain technical and procedural requirements, including multi-factor authentication, an effective incident response strategy, and a proactive threat intelligence strategy.
Instead, the DPDP Act was founded on the principle of data principal empowerment. That change of thought is a philosophical one that places financial institutions in a position of becoming true custodians of customer data. It predetermines the possibility of processing data in terms of explicit consent, data minimisation and the right of persons to access and delete their information.
These two laws are symbiotic. The rules of the RBI are the how, namely the technical means of security, and the DPDP Act is the why, which is the moral and legal need to protect personal information. To give an example, the RBI needs a bank to possess good access controls (a security measure), whereas the DPDP Act specifies that access must be on a limited, agreed purpose (a privacy principle). Collectively, they compel BFSI companies to integrate security and privacy into the core of their business and go beyond mere compliance to actual digital trust.
Also Read: Market Closing Commentary: Sensex & Nifty Extend Rally
What are the challenges that BFSI firms have when they start using Zero Trust with old systems and ways of working?
The main issue is that there is the conflict between a trust-all legacy culture and a never-trust, always-check Zero Trust model. Most Indian BFSI companies continue to use core banking and on-premise infrastructure, designed with a perimeter security mentality that believes something within the network is secure. The most common technical problems are hardcoded credentials, in which the old applications frequently hardcode user IDs and passwords, which is the opposite of the principle of least privilege of Zero Trust. Another point of concern is protocol constraints because the current protocols could be outdated and fail to offer more recent authentication practices such as biometric MFA, risk-based adaptive access, and so on, requiring constant validation. Micro-segmentation is also missing, as many legacy networks are structured as a flat topology, which would not permit any form of containment of a breach, and therefore would see a single compromised system spread horizontally across the entire network in the future.
The cultural issue is no less important. It involves a shift of mindset of a network-based security model to identity-based security model. It will imply the re-engineering of workflow and re-training employees accustomed to more relaxed approach to access. It is a marathon, not a sprint and it must be approached in a progressive, practical way with the aim of ensuring the assets that are most important are locked down initially.
How are financial institutions making Zero Trust work with cloud use, online banking, and API setups without breaking the rules?
Some of the most popular financial institutions are adopting the platform approach to Zero Trust and are combining solutions that provide a common control plane across various environments. Their formula is working as follows: in multi-cloud and hybrid cloud setups, they are deploying micro-segmentation and Software-Defined Perimeters (SDPs). This forms small and isolated security zones per workload, where a threat in one location cannot propagate to other locations. Security tools that are cloud-native offer policy enforcement and real-time visibility which is essential in compliance. Online banking is based on treating each user interaction as a new access request. They apply context-sensitive access control and ensure that besides the credentials, they also verify the posture of the device used by the user, his/her location, and patterns of behaviour in real-time.
This is a dynamically authenticated process that is more secure and does not compromise the user experience. The next layer of security is the API, and they are implementing API gateways that stand in front of their APIs to apply the principles of Zero Trust. The following gateways make sure that all API calls are authenticated, could only be performed with minimal authority, and extra attention is paid to suspicious activity. It helps financial institutions to be innovative and integrate with fintech partners safely because all data exchange is regulated by stringent policies that are re-verified continuously.
Also Read: SriLankan Airlines & Axis Bank India Forge Strategic Partnership
How do you think the rules that need more cyber safety spending will change how banks and NBFCs do business in monetary terms now and later?
Higher cyber safety expenditures are a strategic investment, and not a sunk cost. It is expected to raise operational expenses of most of the financial institutions, particularly in the small firms which have in the past not heavily invested in security. Such expenditures will, in the long-run, result in a large payoff: the reduction of the breach cost, as the financial and reputational harm of a cyberattack amounts to a substantial sum of money, and a well-built Zero Trust architecture can cut the financial and reputational losses of breaches and cybercrimes short.
It also gives competitive edge since customers are becoming more conscious of data privacy and banks and NBFCs that exhibit a good commitment to security would gain more trust and customer loyalty, resulting in increased retention and market share. It is also more efficient in its operations, as the modern security platforms automate a variety of tasks that would previously have been performed by hand, releasing valuable IT resources, and lessening the friction that comes with the implementation of older security models. Finally, proactive security expenditure transforms the financial services sector into a crisis-driven approach to security, which is more proactive and aims at resiliency, stability in financial performance and profitability in the long-term.
How do you keep the rules in mind but still move fast when you start using Zero Trust plans?
It is all about automating compliance and integrating security into the development lifecycle. The traditional security is a gate, which slows down the business, and modern Zero Trust is a guardrail, which enables the business to move at high speed and remain on the track. This is fulfilled through the implementation of a staged plan- instead of attempting to protect everything immediately, financial institutions need to begin by securing their most valuable assets (e.g., customer data, core banking applications) and deploying Zero Trust policies there first and build momentum around this sound start.
It is also policy-as-code, in which Zero Trust policy is written in code so that it can be deployed and managed automatically, being both consistent and audit-able and not a bottleneck to new projects. The other key factor is constant monitoring, where AI and machine learning are utilized to track all of user and device interactions in real-time to be able to be faster to detect and respond to threats and also in place of slow, periodically conducted audits with a constant state of alertness. Having security as part of the business DNA allows financial institutions to be more innovative knowing that compliance is a continuous, automatic process and not a manual and time-consuming process.
Also Read: Why Credit Lines are Becoming More Relevant in 2025
How do you see the mix of rule-following, cyber safety, and new money tech changes in the next 3-5 years?
Within 3-5 years, three major shifts will be characteristic of the future of finance in India all of which will be shaped by security. It is a future that views security as the basis of innovation and not an obstacle. A significant change will be the possibility to comply with Zero Trust, where banks and NBFCs will need to implement a Zero Trust architecture to respond to changing regulations. This solution is based on Identity and Access Management and Zero Trust Network Access, which offers the access control granularity and unalterable audit logs needed to satisfy the requirements of RBI and DPDP Act compliance. Isolating data to ensure security is another trend that will be on the agenda; to counter the threat of uncontrolled endpoint gadgets, banks will rely more on virtualization and VDI.
This approach makes sure that all confidential data is kept concentrated and isolated in the data center or secured cloud environment, and that employees and vendors have only a secure and virtualised desktop - radically minimising the attack surface, eliminating the leakage of data to local devices, and ensuring that data residency rules are observed. Lastly, it will be necessary to ensure collaboration towards innovation since fintech depends on a smooth working relationship with third-party vendors and partners.
The future demands security platforms that will be able to extend these robust Zero Trust controls to these external parties, granting them secure and least-privileged access to a particular API and application without ever being on the internal network. This helps financial institutions to innovate safely and develop digital trust in their whole ecosystem. The most prosperous companies in the future will be those that unite their business strategy with their security strategy and work with the help of platforms that allow them to navigate through the intricate regulations and innovate safely.
