Zeta Helps Banks Securely Deliver Digital Services at Scale with Zero-Trust Architecture on AWS

Zeta offers cloud-native, next-generation card issuing and processing solutions for financial institutions globally. Its platform helps banks build digital-first hyper-personalized card programs quickly and at scale, all while ensuring full regulatory compliance.

As banks face the growing impact of cyber threats, Zeta prioritizes the security of its platform by implementing a zero-trust architecture (ZTA) across identity, devices, networks, apps, and data. In a ZTA, no one—whether inside or outside the network—is granted trusted access by default. "Our zero-trust architecture ensures that security remains uncompromised, even as our platform scales," says Ramki Gaddipati, cofounder, APAC CEO, and global CTO at Zeta.

Zeta tailors its ZTA for each bank, depending on the customer’s specific security needs, regulatory environment, and IT infrastructure. To onboard customers as quickly as possible, the company wanted its ZTA to align with compliance frameworks worldwide straight out of the box, plus integrate easily with third-party technologies to make fine-tuning efficient. “Our objective was to deliver the security our customers needed while also helping them achieve value more quickly,” says Shashidhar Soppin, enterprise architect at Zeta.

To ensure global banking compliance, Zeta uses Amazon Web Services (AWS) to build and customize ZTAs for its customers. Each ZTA pillar is constructed using AWS services and then fine-tuned to meet specific customer requirements with Zeta’s proprietary security technology stack, variety of open-source tools, and customized plugins. "With the support of AWS, we've developed a solution that meets the security regulations for digital banking services worldwide," says Shashidhar Soppin.

A core component of the ZTA is AWS Security Hub, which automates security checks and centralizes security alerts, notifying Zeta of any vulnerabilities and threats to the platform’s security posture. The service continuously aggregates and prioritizes alerts for emerging threats or potential issues.

Meanwhile, Amazon GuardDuty is used within the ZTA to protect AWS accounts, workloads, and data with intelligent threat detection. The service combines machine learning and integrated threat intelligence from AWS and leading third parties for protection. Says Atma Ram, architect at Zeta, “This fully managed solution tells us which elements of the platform are at low, medium, or high risk and how to mitigate the threats.”

An essential component of Zeta's ZTA is AWS Identity and Access Management (IAM) and AWS IAM Identity Center, which the Zeta team uses to control access to AWS services and resources. Complementing this, Zeta’s homegrown Cipher tool adds an extra layer of security by enhancing data encryption and access controls, ensuring a robust and comprehensive zero-trust approach.

Throughout the development of its ZTA, Zeta worked closely with AWS security experts. The company also leveraged the AWS Well-Architected framework to ensure its cloud architecture aligned with AWS best practices and recommendations. Using the framework, the Zeta technology team can guarantee its designs are highly scalable, secure, and compliant.

With AWS supporting the security architecture, Zeta meets bank compliance requirements almost entirely out of the box. Using AWS Security Hub, 92–94 percent of customer compliance needs are addressed. Zeta has found that standard AWS security services fulfill 280 of approximately 300 compliance controls for its ZTA, and the technology team only needs to make minor adjustments to satisfy all the controls.

Says Gaddipati, “We achieve compliance 45 percent faster for our zero-trust architecture thanks to the comprehensiveness and flexibility of AWS services. Our innovative approach, incorporating shift-left security, allows us to enhance security with less effort.”