Zeta Helps Banks Securely Deliver Digital Services at Scale with Zero-Trust Architecture on AWS

Zeta offers cloud-native, next-generation card issuing and processing solutions for financial institutions globally. Its platform helps banks build digital-first hyper-personalized card programs quickly and at scale, all while ensuring full regulatory compliance.

As banks face the growing impact of cyber threats, Zeta prioritizes the security of its platform by implementing a zero-trust architecture (ZTA) across identity, devices, networks, apps, and data. In a ZTA, no one—whether inside or outside the network—is granted trusted access by default. "Our zero-trust architecture ensures that security remains uncompromised, even as our platform scales," says Ramki Gaddipati, cofounder, APAC CEO, and global CTO at Zeta.

Zeta tailors its ZTA for each bank, depending on the customer’s specific security needs, regulatory environment, and IT infrastructure. To onboard customers as quickly as possible, the company wanted its ZTA to align with compliance frameworks worldwide straight out of the box, plus integrate easily with third-party technologies to make fine-tuning efficient. “Our objective was to deliver the security our customers needed while also helping them achieve value more quickly,” says Shashidhar Soppin, enterprise architect at Zeta.

To ensure global banking compliance, Zeta uses Amazon Web Services (AWS) to build and customize ZTAs for its customers. Each ZTA pillar is constructed using AWS services and then fine-tuned to meet specific customer requirements with Zeta’s proprietary security technology stack, variety of open-source tools, and customized plugins. "With the support of AWS, we've developed a solution that meets the security regulations for digital banking services worldwide," says Shashidhar Soppin.

A core component of the ZTA is AWS Security Hub, which automates security checks and centralizes security alerts, notifying Zeta of any vulnerabilities and threats to the platform’s security posture. The service continuously aggregates and prioritizes alerts for emerging threats or potential issues.

Meanwhile, Amazon GuardDuty is used within the ZTA to protect AWS accounts, workloads, and data with intelligent threat detection. The service combines machine learning and integrated threat intelligence from AWS and leading third parties for protection. Says Atma Ram, architect at Zeta, “This fully managed solution tells us which elements of the platform are at low, medium, or high risk and how to mitigate the threats.”

An essential component of Zeta's ZTA is AWS Identity and Access Management (IAM) and AWS IAM Identity Center, which the Zeta team uses to control access to AWS services and resources. Complementing this, Zeta’s homegrown Cipher tool adds an extra layer of security by enhancing data encryption and access controls, ensuring a robust and comprehensive zero-trust approach.

Throughout the development of its ZTA, Zeta worked closely with AWS security experts. The company also leveraged the AWS Well-Architected framework to ensure its cloud architecture aligned with AWS best practices and recommendations. Using the framework, the Zeta technology team can guarantee its designs are highly scalable, secure, and compliant.

With AWS supporting the security architecture, Zeta meets bank compliance requirements almost entirely out of the box. Using AWS Security Hub, 92–94 percent of customer compliance needs are addressed. Zeta has found that standard AWS security services fulfill 280 of approximately 300 compliance controls for its ZTA, and the technology team only needs to make minor adjustments to satisfy all the controls.

Says Gaddipati, “We achieve compliance 45 percent faster for our zero-trust architecture thanks to the comprehensiveness and flexibility of AWS services. Our innovative approach, incorporating shift-left security, allows us to enhance security with less effort.”

By using AWS, Zeta ensures banks can deliver their digital services strategies cost-effectively at scale, while meeting their specific security, regulatory, and infrastructure needs. The flexibility of the AWS-based ZTA also means that Zeta can make changes to platform security as threats and compliance regulations evolve.

Gaddipati comments, “Our zero-trust architecture on AWS approaches security ground-up from its fundamentals and provides deep defense without any bolted infrastructure or applications. By implementing rigorous identity verification and continuous monitoring, it not only fortifies defenses but also ensures compliance with the most stringent regulatory requirements, enhancing overall data security and resilience.”

Shashidhar Soppin adds, “Zero trust is more than just a model; it's a mindset. With AWS’s extensive security services and Zeta’s innovative strategies, our zero-trust architecture provides a strategic advantage, helping us continuously validate and protect resources against potential threats.”

Furthermore, customers gain protection without any impact on the scalable performance of the omni-channel platform. They can deliver industry-leading digital banking services that provide highly secure, seamless user experiences. “This approach is helping maintain the crucial trust between banks and consumers that supports development,” states Ram.

To further strengthen its platform’s security posture, Zeta has set out to adopt generative artificial intelligence (generative AI). Through advanced pattern recognition and anomaly detection, generative AI can help Zeta detect and respond to sophisticated cyber threats in real time. As part of its generative AI journey, Zeta is exploring Amazon Bedrock. “Amazon Bedrock and large language models are changing the face of cloud security,” says Shashidhar Soppin. “We’re about to start exploring how this can enhance our proactiveness in addressing threats.”