ACCOPS.

COM

Mitigating Risk in BFSI: A

Guide to Compliant End-User
Computing with Accops

INTRODUCTION

Today, end customers, be they corporate or consumer, expect instantaneous information and
transactions at their fingertips. This expectation mandates Banking and Financial services institutions
to continuously modernize and transform themselves to come up with innovative services and
service delivery models.

Financial services institutions are now using technology-led innovations (“digital first” approach) for competitive
advantage. This has led to an increase in their digital footprint, which provides both challenges as well as opportunities.

Financial institutions are, also among the most targeted organizations by cyber security attacks. A few alarming points to
be taken note of from some recent global cybersecurity reports include -

• Average cost of a breach is USD 4.45 million1

• Amongst all industries, Banking is ranked second highest when it comes to the cost of data breach1
• Customer PII accounted for 47% of data compromised1
• Stolen credentials contributed to 15% of breaches1
• Attacks initiated by malicious insiders had the highest cost of data breach amounting to USD 4.9 million per
breach1
• Average cost of a data breach, due to accidental data loss or lost or stolen device, was USD 4.6 million1
• Breaches that were initiated from stolen or compromised credentials and malicious insiders, took the longest to
resolve1
• A business partner supply chain compromise costs 11.8% more and takes 12.8% longer to identify and contain,
than other breach types1
• Usage of solutions like VPN, VDI, etc for remote access, without MFA, was identified as one of the top cyber
threat trends of 20222
• Using USB removable media as an initial attack vector is getting revamped and poses a great threat to air-gapped
environments2

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 1
ACCOPS.COM

Financial regulators have been mandating strict standards, guidelines, and frameworks to strengthen the cybersecurity
posture for the Banking sector, with penalties for non-compliance being very high.

In summary, financial services institutions are reeling under the pressure of continuous digital transformation to stay
competitive while adhering to strict regulatory requirements and at the same time without succumbing to security
incidents that could tarnish their reputation and trust with customers.

New regulations like the PCI-DSS, DPDP, GDPR, and FEDRAMP implement strict measures to enforce
data privacy and security at organizations. ZTNA is an essential strategy for staying compliant with these
regulations, and to ensure that employees don’t skirt compliance guardrails.

About Accops
Accops is a leading provider of Digital Workspace solutions for the BFSI sector. Our comprehensive suite of products,
including Zero Trust Network Access (ZTNA) Gateway, Application and Desktop Virtualization (VDI), and Identity and Access
Management solutions and Thin Clients, are designed to meet the evolving needs of financial institutions.

We enable secure and seamless access to all modern and legacy applications, virtual desktops, and applications,
empowering your workforce's productivity from any location. Accops transforms traditional work paradigms into dynamic
models with our comprehensive, integrated Digital Workspace suite, eliminating the need for multiple solutions.

Our strength lies in delivering a ZTNA-based remote access solution suite that caters to all types of users, devices, and
access profiles, facilitating borderless enterprises powered by a dynamic risk-based assessment engine. This solution allows
organizations to choose the means and methods to deliver secure application and data access to users working from
anywhere, fundamentally transforming the endpoint security architecture while meeting all compliance requirements.

With a strong presence in over 10 countries, Accops serves over 900 clients, including the leading public and private sector
banks in India. Trusted by over 250,000 banking users and acknowledged by the RBI as the work-from-home solution
provider in India, Accops solutions comply with the latest cybersecurity mandates and adhere to industry-leading security
standards.

Accops in BFSI
Accops is a trusted partner for financial institutions, providing solutions that are used by leading banks, insurance and
financial institutions in the government and private sectors.

Empowering India’s financial institutions with secure and compliant digital processes:

More than 250,000+ end users Top 3 private sector banks use Compliant to Cyber-Security
across Banks our products framework as per RBI

ACCOPS IN BANKS

Accops has been represented in the Gartner Magic Quadrant and Market Guide for DaaS and rated highly as "Customers'
Choice" for DaaS & Access Management solutions by Gartner Peer Insights.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 2
ACCOPS.COM

Accops has been recognised with multiple industry awards, including the NASSCOM SME Inspire Awards in Growth and
Innovation categories (2024), the NASSCOM Emerge 50 Award (2020), and the CRN Channel Excellence Award (2020).
Accops solutions are recommended by the Reserve Bank of India (RBI) for remote work models and have been recognised
by Startup India. Accops is also registered on the Government e-Marketplace (GeM) as a cybersecurity provider under the
preferential market access programme.

Accops Product Portfolio

Accops provides a comprehensive suite of solutions that empower businesses to build complete digital workspaces. Our
integrated platform offers a range of technologies to address today's unique challenges, enabling seamless and secure
access to applications and data from any device, anywhere. Deployable on any infrastructure or public cloud, Accops
delivers a flexible and scalable solution tailored to your specific needs.

• HySecure: A Zero Trust-based Application Access Gateway that ensures secure remote access to private
applications hosted in data centers or the cloud.
• HyWorks: A comprehensive EUC Virtualization platform that enables the delivery of virtual applications and
virtual desktops to any device.
• HyID: A robust Identity and Access Management solution that provides multi-factor authentication and
centralized identity management.
• Accops BioAuth: A biometric authentication solution that adds an additional layer of security with fingerprint and
facial recognition capabilities.
• HyDesk: Thin client hardware devices and a secure Linux-based OS that provide cost-effective and secure
endpoints for accessing virtual desktops and applications, as well as local computing.
• Huddle: An on-premise remote support tool that enables secure remote desktop sharing over private networks,
facilitating efficient troubleshooting without relying on third-party solutions.
• Nano: A tamper-proof, read-only, lightweight operating system designed for high-risk computing scenarios, ideal
for securing access for third-party vendors and contractors using BYOD.
• HyMobile: Endpoint management for security policy management and app management

Accops HyWorks: Application and Desktop Virtualization

Accops HyWorks is an end-user computing virtualization solution providing provisioning, orchestration, brokering, load
balancing, and management of virtual applications and virtual desktops. The solution has the following key features:

• Application Presentation Virtualization & Delivery: Efficiently deliver applications to users regardless of their
physical location.
• Shared Hosted Desktop Delivery: Offer shared hosted desktops with Windows Server OS.
• Virtual Desktop Provisioning & Management: Support various VDI deployment models, including Permanent,
Floating, Persistent, and Non-Persistent VDI.
• User Session Connection Brokering & Load Balancing: Optimize user connections and balance workloads for a
smooth experience.
• User to Virtual Desktop Mapping: Ensure users are directed to the correct virtual desktop environment.
• Intelligent Power Management of Virtual Desktop: Implement intelligent power management to conserve
resources.
• Hypervisor/Cloud Agnostic: Our solution works seamlessly with various hypervisors and cloud platforms.
• RDS Farm Management: Efficiently manage Remote Desktop Services (RDS) farms for high availability.
• Support for Linux VDI: Extend support to Linux-based VDI environments.
• Access via Any Device: Enable access from a wide range of devices, including Windows, Mac, Linux, iOS, and
Android.
• User Experience Management & Self-Service: Enhance user experience and empower users with self-service
capabilities.
• Role-Based Management: Implement role-based access control to ensure the right level of access for each user.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 3
ACCOPS.COM

• Print and Peripheral Management: Manage printing and peripheral device access in the virtual environment.
• Screen Recording: Enable screen recording for various use cases, including compliance and training.
• Shadowing: Facilitate shadowing for troubleshooting and support.
• Geolocation: Implement geolocation features for security and compliance purposes.
• Device Health Check/Control: Ensure the health and security of devices connecting to the digital workspace.
• Detailed Reporting: Generate detailed reports for analysis and compliance.
• Endpoint and Thin Client Management: Manage and maintain endpoints and thin clients for a robust and secure
digital workspace environment.

Accops HySecure – ZTNA Gateway for Private Applications Access

Accops HySecure is a software appliance-based gateway solution to provide access to private applications hosted in an
organization’s premise or private cloud. The solution has the following key features.

Provide remote access to private applications:

• Replace legacy VPN with ZTNA gateway for app access.
• Zero trust-based access from unmanaged devices to apps.
• Anywhere access to the web, RDP, and VDI apps from any browser.
• Access to any client-server, fileserver, or legacy app using the Accops desktop agent.
• Access to native mobile apps using the Accops mobile app.

Internet control and Smart Traffic Tunneling

• Block Internet on BYOD devices, on-demand.
• Whitelist certain websites on the user PC.
• Allow web meeting tools on the end user PC and block the rest of the traffic.
• Route specific FQDN via data center and not all Internet traffic.
• Enable connectivity before Windows logon for seamless domain logon.
• Separate Internet and Internal Traffic in Different Browsers.

Contextual Access & Device Login Control

• Restrict users to use 1 or n devices only.
• Get asset information and device compliance view.
• Block certain apps based on device identity, location, and time of access.
• Check for the domain that is logged in and allow access based on compliance level.
• Lock users to specific browsers without needing to download any agent.
• Monitor or restrict a user to a specific GPS location.

Data copy protection on user Endpoint

• Enable on-demand data copy protection on the user PC.
• Prevent users from downloading or uploading data from specific apps.
• Restrict copy-paste, print screen, screen recording, and screen sharing from all or specific apps.
• Allow application-level controls for data copy protection.
• Restricting printing, file save, and USB devices.
• Work in stealth mode, never stop, always-on protection for devices.
• Watermark on VDI as well as Local PC.

Accops HyID – Identity & Access Management

Accops HyID is an Identity and access management solution providing user directory management, multi-factor
authentication, and Single Sign-on features for modern and legacy applications.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 4
ACCOPS.COM

The solution has the following key features:

• Centralized Authentication & Access Authorization
• Contextual Access Authorization
• Supports various authentication tokens
• SSO for modern as well as legacy applications
• Risk-based, Adaptive Authentication
• Single Sign-on for Seamless Access
• Detailed Audit logs
• Flexible policy framework
• Password Self-service
• Password-less authentication

Accops HyDesk: Thin Client/Thin Laptop Hardware

Accops HyDesk is a thin client and thin laptop range of devices that are optimized for remote and virtual computing.
Following is the device range available.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 5
ACCOPS.COM

Accops Nano: Secure OS for thin clients

• Nano OS: Tamper-proof, encrypted, read-only Linux-based OS
o Can be installed on any USB 3.0 drive
o Can be used to boot any BYOD PC to create a secure OS
• Nano Device
o USB device with Linux-based OS and integrated fingerprint reader
o USB has a built-in fingerprint reader to unlock the secure OS
• Access
o Any Chrome / Firefox / Edge-based web apps
o Access VDI
o Access whitelisted web apps via local Wi-Fi
• User boots up their device with Secure USB after authentication
• User gets a new OS that connects the device to the corporate network securely
• Protection from
o Keyloggers
o Endpoint issues
o Data copy
o Unwanted Internet access

How Accops solutions addresses priorities of the BFSI Sector

The BFSI sector is undergoing a dramatic transformation, driven by evolving customer expectations and rapid technological
advancements. Financial institutions are seeking innovative solutions to adapt and thrive in this dynamic environment, all
while maintaining stringent compliance and cybersecurity standards. Accops has emerged as a trusted partner for
renowned brands navigating this transformation. Here's how Accops addresses the top four priorities of the BFSI sector:

Protection of Adherence to regulatory Accelerate "Digital Improve employee

financial data requirements First" initiatives to stay productivity and support
relevant their hybrid work needs

Consolidate and secure Accops provides Accops secures and Accops provides seamless
sensitive data within the comprehensive controls streamlines remote access and secure access to all
data center with Accops and policies to prevent and end-user computing, applications, boosting
VDI. data leakage and enabling BFSI customers to employee productivity by
unauthorized access. rapidly deploy new digital eliminating device and
Control access with Zero initiatives & better network limitations.
Trust Network Access Meet stringent regulations customer experiences.
(ZTNA), ensuring only with strong security We empower employees
authorized users access features like biometric Our solutions provide with the flexibility to work
critical data. MFA, detailed audit logs, secure access to data and from anywhere, securely
and dashboards. applications from any accessing corporate
Prevent data leakage with location or device, enabling resources and maintaining
granular access policies, flexible work models. productivity across diverse
DLP, threat detection, and work environments.
endpoint security (device Accops enables application
posture checks, modernization initiatives, Features like load balancing
vulnerability assessments, such as migrating legacy and WAN optimization
EDR). applications to the cloud or ensure optimal application
containerizing them. performance and user
experience.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 6
ACCOPS.COM

Use Cases specific to BFSI addressed by Accops

The following sections explore common challenges faced by BFSI organizations and demonstrate how Accops solutions
provide effective and innovative solutions.

1. Biometric MFA for core banking applications

Problem statement:
RBI has mandated that all core financial/payment processing applications and applications that interface with core
payment processing have biometric MFA. OTP-based MFAs can be shared and do not provide definitive evidence of
authentication during the incidence, by investigation of the source of fraud or data breach.

CIO Priorities Problems/Challenges

Security of core banking applications • Ensuring authenticated access to core banking applications
• Typical token-based MFAs lead to OTP/Password sharing, making it
difficult to trace the access to the actual user

Compliance with regulatory requirements • RBI mandates having biometric MFA for core banking applications
• Non-compliance leads to hefty penalties from regulatory bodies

Accops Solution
Accops HyID with its BioAuth module supports biometric MFA using any of the following three ways for Biometric MFA
• Biometric authentication using face
• Biometric authentication using fingerprint
• Biometric authentication using existing FIDO devices with fingerprint authentication.

Accops BioAuth server provides features like self-enrollment or admin-driven enrollment, facial authentication with
continuous user monitoring, liveliness check and multiple face detection, a centralized database, and support for popular
fingerprint readers.

CIO Priorities Accops Solution

Security of core banking applications • Using Accops Bio-Auth, banks can implement biometric-based MFA
for core banking apps.
• Accops Bio-Auth enables fingerprint-based as well as facial-based
authentication
• Audit evidence provides tracking access to applications to the actual
end user
Compliance with regulatory requirements Using Accops Bio-Auth, banks can implement biometric MFA for the core
banking applications and thus be compliant with regulatory requirements

Bank customers who are already using third-party products from vendors like IDEMIA (erstwhile Sarfan Morpho) can
evaluate Accops Biometric MFA as a cost-effective alternative. Accops BioAuth can co-exist with legacy biometric solutions,
and the customers need not do a big-bang migration. Also, the Accops BioAuth server, unlike other competitor solutions,
has no vendor lock-in when it comes to supporting fingerprint readers available in the market. Accops BioAuth server
supports fingerprint readers from Morphos, BioEnable, Mantra, Secugen, Tatwik, and any WinBio-enabled devices
including Windows Hello.

Accops BioAuth also offers ease of deployment and integration options with existing applications as it provides multiple
options for rollout, such as:

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 7
ACCOPS.COM

• Integration using AD, SAML, and LDAP interceptors: Using this approach, Accops BioAuth can intercept
authentication requests generated against commonly used authentication protocols like AD, SAML, LDAP, or
RADIUS, thus prompting for Biometric MFA during the authentication process
• API based integration: Accops can support API-based integration by working with the application vendors to
enable Biometric MFA. This may require code-level changes to the application. Some of the competitor products
support only API-based integration
• Through Accops reverse proxy along with BioAuth: Some applications don’t support any of the above methods,
for such applications, Accops reverse proxy can be used with Biometric MFA. In this scenario, the applications are
accessible only through the Accops reverse proxy gateway. Users will be prompted for biometric MFA when
trying to access the financial application through the reverse proxy gateway.

Benefits realized:

• Compliance with regulatory requirements

• Secure core financial applications using MFA
• Prevent OTP sharing
• Tamper-proof evidence of access for any fraud as biometric authentication logs can be used to track the end user

CIO Priorities Benefits realized using Accops solution

Security of core banking applications • Secure core financial applications using MFA
• Prevents OTP sharing
• Tamper-proof evidence of access for any fraud as biometric
authentication logs can be used to track the end user
Compliance with regulatory requirements Comply with regulatory mandates, hence avoiding any penalties

Accops Products deployed for the use case

• Accops HyID with Accops BioAuth module

• Accops HySecure (when reverse proxy-based access is required)

Reference Customer
Axis bank
Karnataka Bank

2. SWIFT Application isolation

Problem Statement
Regulatory requirements mandate that core banking/payment processing applications be kept on completely isolated
networks. This results in significant overheads for IT and end users which include
• Employee experience hurdles arising from the obligatory use of two separate PCs to access SWIFT and CBS
applications.
• Impeded productivity: Bank staff can handle limited transactions daily.
• Business risks stemming from potential data leakage from user devices as SWIFT/CBS applications are installed
on local PCs.
• Subpar customer feedback attributed to limited treasury-based transaction availability at select branches.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 8
ACCOPS.COM

• Elevated IT infrastructure and management costs.

CIO Priorities Problems/Challenges

Security of core banking application Isolate core banking applications (air gap) from non-core banking application

Seamless access to core and non-core Employees are required to use two separate sets of devices for accessing core
banking applications and non-core applications which impacts user experience and productivity.

Prevent data leakage Core banking applications handle sensitive data that can be leaked if not
protected.

Control cost of IT Isolation of core banking applications requires maintaining separate devices
and adds overheads to IT infrastructure and this leads to increased cost of IT.

Accops Solution
Accops addresses the requirement using a combination of virtual desktop, zero trust access, and thin client solutions.
Instead of a second physical PC, users can be provided with a virtualized desktop, deployed remotely in a secure network,
to access their SWIFT/CBS applications. Accops can deliver the virtual desktop to the same end-user PC that is used for
accessing other non-core financial applications.

Accops solutions to address this requirement include:

• Implementation of application and desktop virtualization complemented by thin clients.
• Deploying a Jump server aligned with RBI compliance specifically for SWIFT access.
• Adoption of a zero-trust-based access model, granting entry solely from approved devices.
• Integration of identity and access management fortified by biometric authentication.
• Incorporation of data leakage prevention features like blocking of screen capture, share, uploads, downloads,
and copy-paste functionalities.
CIO Priorities Accops Solution

Security of core banking application Accops VDI solution allows core banking applications to be secured within a
separate network within the Bank’s data center and can be remotely accessed
by the end users.

Seamless access to core and non-core Accops VDI enables core banking applications to be secured within the data
banking applications center. The application can be virtualized and securely published along with

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 9
ACCOPS.COM

non-core banking applications, allowing users to access core and non-core

banking applications from the same device

Prevent data leakage Accops VDI enables leaving no data footprint on end-user devices.
Using Accops ZTNA gateway, data leakage protection can be enforced in the
following ways -
• Prevent download of data from core banking applications
• Enforce watermark with user details on PC/remote session
• Prevent snipping and screen-sharing tools from running when
accessing core banking applications
• Block USB ports of endpoint devices

Control cost of IT Through VDI, core banking applications can be deployed within separate
networks inside the data center.
Using Accops ZTNA VPN (TLS 1.2 encryption), allows core banking applications
to be securely accessed from Bank locations eliminating the need for
additional physical network infrastructure

Benefits Realized:

• Improved efficiency resulting in a 6x increase in daily transactions completed by employees.

• Enhanced user experience through streamlined access to both SWIFT and CBS applications via a single PC.
• Improved cybersecurity and compliance standards by biometric multi-factor authentication, DLP features, and
centralized IT management.
• Achieve close to 50% reduction in Total Cost of Ownership (TCO) by avoiding overheads in network infrastructure
and by adopting thin client computing.

CIO Priorities Benefits realized using Accops solution

Security of core banking application Core banking applications are isolated from non-core banking applications
using VDI.

Seamless access to core and non-core Employees can use one single device (instead of two devices) to access core
banking applications and non-core applications thus improving user experience and productivity

Control cost of IT IT need not maintain separate devices and physical networks for isolation of
the core banking application, thus significantly reducing the cost of
ownership/operations.

Accops Products deployed for the use case

• Accops HyWorks for delivering virtualized desktops and applications

• Accops HySecure for user and device authentication and for enforcing DLP features
• Accops HyID with Accops BioAuth for enforcing MFA for SWIFT/CBS applications
• Accops HyDesk (as thin clients)

3. MFA for non-core applications and legacy applications

Problem Statement
Banking customers have a large number of applications in their IT landscape. These applications include on-premises
applications like CRM, SaaS applications (like O365), and any other legacy applications. All these applications are potential

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 10
ACCOPS.COM

targets for attackers and these applications must be protected from unauthorized access. Many of these applications don’t
provide native MFA capability and customers are required to use individual application-based MFA, instead of a single MFA
solution, and this hampers user experience and productivity.

CIO Priorities Problems/Challenges

Secure access to applications • Ensuring authenticated and authorized access to internal

applications/non-core applications
• Non-availability of integration capabilities of the existing legacy
applications makes it challenging to secure access to such
applications

Seamless access to internal applications Multiple internal applications require end users to remember different URLs
for employees and login credentials and this impacts user experience and productivity.

Accops Solution
Accops HyID provides comprehensive MFA capabilities, supporting both token-based and biometric-based evidence as
MFA for securing on-premises applications, SaaS applications as well as legacy applications.

Accops can integrate with existing AD-integrated apps (as shown below)

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 11
ACCOPS.COM

Accops can also integrate with non-AD integrated apps using SAML (As shown below).

Accops can support both IDP initiated as well as SP initiated login for SAML applications.

For legacy applications, MFA can be enabled at the Accops access gateway and applications can be restricted only from the
Access gateway (As shown below).

CIO Priorities Accops Solution

Secure access to internal/non-core Accops ZTNA gateway provides comprehensive controls to ensure
applications authenticated and authorized access
Accops MFA can integrate with internal/legacy applications to enforce MFA for
all applications

Seamless access to internal applications Accops ZTNA gateway provides a single launchpad for all published
apps/resources that end users are authorized to access
For AD-integrated and SAML-supported applications, SSO can be enabled
avoiding multiple sign-ins.

Benefits realized
The benefits realized by banking organizations include
• Secure internal and external applications from unauthorized access
• Prevent security breaches due to credential thefts

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 12
ACCOPS.COM

CIO Priorities Benefits realized using Accops solution

Secure access to internal/non-core Access to Internal applications (both modern and legacy) is secured through
applications MFA.

Seamless access to internal applications User experience is improved as all the required applications are available
through a single launchpad.
SSO eliminates the need to remember multiple login credentials

4. MFA for third-party vendors/field agents accessing financial applications published over the
internet
Problem Statement
All banking organizations have internet-facing applications (e.g. FinnOne, LOS) that are accessed by third-party vendor
employees/agents to execute certain processes (like loan processing). The vendor employees/agents usually access these
applications from unmanaged/BYO devices and hence no tools can be deployed on these devices. Also, the majority of
these applications are legacy and there is no native MFA or support for authentication protocols like AD/SAML. Even if
these application vendors have to build MFA, it is a time-consuming project and since these applications are in production,
customers are skeptical about making any changes to these applications. Adding to this, since the attrition levels are high
amongst the field agents, these agents can continue to access Personally Identifiable Information (PII) of high-value end
customers, even after they switch employers as there are no controls on access.
In summary, the challenges faced by Banking customers are
• Credential sharing and misuse with no audit trail of who has accessed the application
• Credential theft and unauthorized access
• Internet-facing apps are susceptible to external attacks
• Financial loss because of customer data leakage
• Forgot password and password reset calls

Also, RBI has mandated Banking organizations to have MFA for all of their internet-facing applications.

CIO Priorities Problems/Challenges

Security of internet-facing applications Most of the internet-facing applications used by banks don’t have native MFA.
Most of these applications are legacy applications that pose challenges in
enforcing MFA using standard protocols.
Vendor agents continue to use credentials even after switching jobs, leading to
data leakage

Compliance with regulatory requirements RBI mandate to enforce MFA for all vendor-facing applications

Accops Solution
Accops solution for the scenario depends upon the application capability, whether it’s a legacy application or modern
application (supporting protocols like AD, SAML, etc.).

For legacy applications, since they do not support any modern authentication protocol (including AD integration), Accops
recommends having its secure access gateway inline during application access, so that field agents’ access to the

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 13
ACCOPS.COM

application happens only over the gateway. At the time of login through the gateway, MFA will be prompted which the
field agents will have to provide for completing the logging into the application.

Figure: Accops Gateway inline to provide MFA for legacy applications

If the application supports modern authentication protocols like SAML or if the application is integrated into Active
Directory, field agents can be provided the option to directly access the applications. At the time of logging into the
applications, Accops MFA will be prompted.

Accops can also enforce additional contextual policy checks at the time of login which can include all or any of the
following depending upon the customer’s requirement
• Check geolocation of the field agent and allow or deny access based on geolocation
• Check device posture like browser type, browser ID, and device OS of the field agent and allow or deny login if
any of these parameters have changed from the previous login.

CIO Priorities Accops Solution

Security of internet-facing applications Accops HyID enforces MFA for internet-facing applications.
All application access is authenticated using 2-factor preventing credential re-
use

Compliance with regulatory requirements Using Accops HyID, internet-facing applications can be secured using 2-FA
hence enabling banks to be compliant with RBI regulations.

Benefits realized
With this solution, Banking customers benefit from the following
• Internet-facing applications are secured using MFA
• Audit evidence of who has accessed the applications
• Data leakage protection when field agents switch jobs to competitors
• Compliance with RBI mandates
• No code change is required for legacy applications, thus enabling faster rollout

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 14
ACCOPS.COM

CIO Priorities Benefits realized using Accops solution

Security of internet-facing applications Internet-facing applications are secured using 2-FA without re-engineering the
applications.
Quick rollout of MFA as compared to building MFA natively within the
applications
Prevents data leakage to competitors, as access of agents can be revoked
when they switch jobs

Compliance with regulatory requirements By enforcing MFA for internet-facing apps, Banks remain compliant with
regulatory requirements.

Accops Products deployed for the use case

• Accops HyID when customer applications support AD, LDAP, or modern authentication protocols like SAML
• Accops HyID with reverse proxy when customer applications are legacy (with no support for any modern
protocols)

5. MFA for admins managing IT infrastructure in Banking organizations

Problem statement
Banking customer infrastructure has employee devices and other infrastructure components like servers, firewalls, VPN
solutions, etc. Usually, these solutions have a common admin username and password that are shared across multiple
administrators. It becomes impossible to track back the administrator login to any particular admin user and credential
misuse can compromise the complete environment.

CIO Priorities Problems/Challenges

Securing internal IT infrastructure Administrators access internal infrastructure (like switches, servers,
laptops/desktops of end users) using common administrator accounts which
poses a challenge in identifying which IT administrator accessed the resource.

Accops Solution
Accops HyID MFA platform can seamlessly integrate with all the infrastructure components of the customers. Integration
of Accops HyID to these applications can be done through SAML, Radius, LDAP, or AD.

For desktops and laptops, that use a local user account, once Accops HyID is configured, the admin user will be prompted
to enter their AD credentials. This allows tracing back the access to the particular admin user.

For infrastructure components like VPN, firewall, routers, etc. that don’t have their own native MFA, Accops HyID can be
integrated using Radius or SAML protocols to enforce MFA when administrators log in to these devices.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 15
ACCOPS.COM

CIO Priorities Accops Solution

Securing internal IT infrastructure Accops HyID, which provides centralized MFA, can seamlessly integrate with
the Bank’s IT infrastructure like switches, firewalls, servers, PCs, etc.
Accops HyID provides audit trails of administrators who access using common
credentials by prompting administrators to provide their AD credentials.

Benefits realized
The benefits the customer realizes are as below
• Access to infrastructure components in the customer environment is secured using MFA
• Administrator account access can be traced back to the respective admin user, thus providing audit evidence.

CIO Priorities Benefits realized using Accops solution

Securing internal IT infrastructure All access to IT infrastructure by admins is authenticated using 2-FA while
providing an audit trail of access.

Accops Products deployed for the use case

• Accops HyID

6. Work-from-home/Hybrid work enablement for branch employees and senior management

Problem statement
With the pandemic, during which work from home was the norm, employees have started expecting flexibility in work
location. Users have started preferring a hybrid work model where they work a couple of days from home and from office
premises for the rest of the week.
In addition to regular employees, senior leadership is also expected to access the Banking network from remote locations
when needed.

Banking customers are required to provide a remote access platform through which the employees and senior leadership
can access the internal network without causing security breaches and while adhering to regulatory requirements.

CIO Priorities Problems/Challenges

End users demand support for hybrid Employees expect hybrid work.
work and this creates a need to keep Senior leaders require access to Bank applications when on the move and from
employees satisfied with the required IT multiple devices including mobile phones.
services Banks need to invest in solutions that can enable and secure when
employees/senior leaders work remotely from the location of their choice.

Accops Solution
Accops has tailor-made solutions to cater to such requirements of Banking customers. Our Digital Workspace platform
comprising of ZTNA Gateway, MFA, and VDI brokering has helped multiple Banking customers set up a secure workspace
for hybrid work requirements.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 16
ACCOPS.COM

Through Accops solution, Banking organizations can set up the following:

• Virtual desktop that provides remote workspaces when users are working from home/preferred location
• MFA when accessing virtual desktops
• Secure access to office PCs from home/preferred location
• Protection against data leakage that can happen through snipping tools and screen sharing
• Block download/copy-paste of any data
• Facial authentication and continuous user monitoring (to prevent shoulder surfing) when working from home.
• Restrict access from only pre-approved devices

CIO Priorities Accops Solution

Support hybrid work demands of end- Accops ZTNA gateway along with VDI provides banks with a remote access
users and keep employees satisfied with platform that enables secure access to Bank resources
IT services

Benefits realized
The benefits realized by Banking organizations from Accops solution include
• Satisfied employees who can manage work-life balance through hybrid work
• Security of sensitive data while embracing hybrid work
• Prevent unauthenticated access

CIO Priorities Benefits realized using Accops solution

Support hybrid work demands of end- • Employees can work from home and able to access the required
users and keep employees satisfied with resources like apps, office PCs, or virtual workspace.
IT services • Senior leaders can access required resources from different devices
like mobile phones when on the go.

Accops Products deployed for the use case

• Accops Digital Workspace Suite (with ZTNA, VDI Brokering, and MFA)

7. Reduce the cost of remote access by minimizing the use of VDI and consolidating multiple-point
solutions
Problem statement
Most Banking customers solely rely on VDI to provide access to internal resources. Virtual desktops require a large
infrastructure, additional management efforts, and associated initial investment.

CIO Priorities Problems/Challenges

Reduce cost of IT While VDIs provide a secured virtual workspace, the IT infrastructure
requirement is large and that leads to a high cost of operations for the secure
access.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 17
ACCOPS.COM

Accops Solution
Accops HySecure ZTNA gateway can act as a single window for Banking customers to provide access to their internal
resources. Accops HySecure avoids the need for a VDI solution where end users work on web-based applications only.

Accops HySecure ZTNA gateway uses its reverse proxy functionality to facilitate access to both internal and SaaS-based
applications. The applications are launched on the local browser available in the device hence avoiding the need for a
virtual desktop for processing. In addition to providing access to web applications and SaaS applications, customers can
also enforce security policies and controls that can include
• Preventing screenshots and screen sharing of the application once launched
• Enforce watermark on the app sessions
• Block download and upload of data
• Mangle URL of internal applications
• Enforce MFA
• Lock endpoint device to kiosk mode preventing the launch of any other application on the local device

CIO Priorities Accops Solution

Reduce cost of IT Accops ZTNA gateway provides a solution to provide secure access for web-
based applications. Banks can use Accops ZTNA gateway for employees who
use only web-based applications, thus avoiding the need for an infrastructure-
heavy VDI solution

Benefits Realized
The key benefits realized by customers are
• Reduced cost of remote access to 1/10th by avoiding infrastructure-heavy VDI
• Eliminate the need for Microsoft user CALs like RDS.
• Provide secure access to applications with strong device control

CIO Priorities Benefits realized using Accops solution

Reduce cost of IT Minimize the use of VDI thus reducing the cost of remote access by more than
50%.

Accops Products deployed for the use case

• Accops HySecure

8. Securing Vendor/External User Access

Problem Statement
Banks and financial institutions collaborate with lots of third-party vendors who may need to be provided with access to
sensitive data or to banks’ networks for performing operational activities, application development, loan servicing, etc. This
has its own benefits for the organization which include scaling up teams quickly, reducing cost, improving efficiency, etc,
but at the same time, this approach also poses a great amount of risk if proper security controls are not in place. Many
financial service institutions issue separate devices/laptops to such third-party employees which adds to the overheads of
management and maintenance. An alternate option is to allow vendors/third parties to use their devices but financial

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 18
ACCOPS.COM

services institutions lack the right solutions to control/secure such third-party devices, and this may compromise the
overall security of the organization’s network.

CIO Priorities Problems/Challenges

Provide seamless access to external • Enabling access to third-party vendors requires either allowing
vendors/third-party consultants to banks’ vendor users to use their own devices which cannot be controlled or
resources provisioning bank-managed devices that bring in overheads of
management and cost.
• Also, delays in enabling access can lead to loss of productivity of
vendors and unwanted expense for the Bank

Data leakage protection When vendors access applications from vendor-owned devices, implementing
data leakage prevention policies on those devices is a challenge using
traditional DLP solutions.

Accops Solution
Accops solutions are tailor-made to address the scenario described above. Accops Digital Workspace product suite with
ZTNA access, VDI brokering, and MFA features helps organizations set up a secure remote access platform. The
comprehensive DLP and endpoint control features ensure that there are no data breaches.

Login Control Host Scan Data Copy Protection Internet Control

• Bind user to device • AV/FW Status • Restrict data copy • Whitelist Internet
• Allow specific • Windows Updates • Block screen access without web
number of devices • OS scrapping tools proxy
• Login based on • Browser • Block screen sharing • On-demand Internet
device health tools control

Using Accops solution, Banking customers can set in place the following:
• A workspace that has the required applications/resources that vendor employees/contractors need. The
workspace could be a virtual desktop (Windows/Linux-based), virtual browser, or a web application published
over Accops gateway.
• Enforce MFA to ensure authenticated access
• Allow vendors to work using their own/their employer-provisioned devices with the following security controls
o Block screenshot and screen sharing of the VDI session when logged from the vendor device
o Device-bound access to the organization network, only from approved devices
o Perform a host scan to assess the posture of the vendor/contractor device before granting access to
ensure compliance with baseline security requirements
o Watermark within the VDI session with the user name, hostname, etc.
o Block copy-paste/download of data from the virtual workspace
o Lock down the vendor device to kiosk mode where the vendor employee is allowed to access only the
VDI when logged in.
o Allow access only from whitelisted IP locations (e.g. approved vendor office premises)

All the policies listed above are on-demand which means these policies get applied only when the vendor logs into the
organization’s network. When the vendor signs out of the network, the policies are not applied and hence the vendors can
use their device for their normal work.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 19
ACCOPS.COM

CIO Priorities Accops Solution

Provide seamless access to external Accops ZTNA gateway with VDI provides a secure virtual workspace for
vendors/third-party consultants into the vendors/third-party users
bank’s network

Data leakage protection Accops on-demand endpoint control policies like screenshot block,
download/upload block, session watermarking, USB block, etc can be enforced
on vendor devices.

Benefits Realized
The benefits realized by Banking organizations include:
• Ability to leverage third-party vendor workforce and scale up delivery capabilities
• Ensure data security
• Ensure authenticated access
• Control third-party devices on demand

CIO Priorities Benefits realized using Accops solution

Provide seamless access to external Reduced lead time for vendor onboarding
vendors/third-party consultants to banks’
resources

Data leakage protection Protect data from leakage even on vendor-owned devices.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 20
ACCOPS.COM

Accops Products deployed for the use case

• Accops Digital Workspace (ZTNA, VDI Brokering, MFA)

9. Accops Virtual IP Solution in Shared Hosted Desktop Environments

Problem statement
In the banking sector, certain applications are designed to function within a single session environment, primarily bounded
by network-level restrictions. These applications rely on capturing users' system IP addresses, posing a significant challenge
in transitioning to Shared Hosted Desktop (SHD) based Virtual Desktop Infrastructure (VDI). Failure to assign individual IP
addresses to users might disrupt application functionality as sessions are not distinguished.

Key Requirements:
• Ability to adapt applications designed for single-session environments to SHD-based VDI in Bank scenarios.
• Individualized IP addresses to differentiate user sessions for seamless application functioning within the VDI
environment.

Accops Solution
Accops uses its VDI broker solution to address this challenge by introducing the Virtual IP (VIP) Module that is explicitly
designed for banking environments. The VIP solution within the Virtual Desktop Infrastructure (VDI) and Shared Hosted
Desktop (SHD) ecosystem facilitates the creation of independent sessions in a shared hosted desktop setting.
How Accops VIP Module Works:
• Exclusive Static IP Assignment: Accops' VIP Module ensures the creation of a distinct virtual interface for each
banking user. This interface is assigned a static IP address, enabling the differentiation of user sessions based on
unique IP addresses.
• Enhanced Communication: With each user having a dedicated static IP, communication with banking
applications occurs as individual requests, bypassing the traditional route through Remote Desktop Services
(RDS) IP addresses.
Benefits for Banking Solutions:
• Seamless Transition: Smooth migration of applications designed for single-session environments to SHD-based
VDI within banking infrastructures.
• Distinct User Sessions: Allocation of individual static IP addresses ensures separate and distinguishable user
sessions, maintaining application functionality and security.

This Accops VIP solution within the Shared Hosted Desktop (SHD) and Virtual Desktop Infrastructure (VDI) environment is
tailored to meet the unique demands of the banking sector, ensuring both application compatibility and session
differentiation for an optimized user experience.

Accops Products deployed for the use case

• Accops HyWorks
• Accops HySecure (Optional)

10. Provide secure access of applications to remote branches over low bandwidth network
Problem statement
Accessing high-bandwidth applications like Microsoft Dynamics CRM within banking environments, particularly from
remote branches with limited bandwidth ranging from 96 kbps to 1 Mbps, poses significant hurdles. These applications
require a minimum bandwidth of 400 kbps for optimal performance. However, due to these bandwidth constraints, the
CRM functions slowly or may not function at all in these settings. Consequently, there's a notable decline in CRM adoption
rates and a decrease in user productivity within banking operations.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 21
ACCOPS.COM

Accops Solution
Accops VDI broker can virtualize client-server applications like CRM and present them to users. By virtualizing the client
component of the application, the client application can be brought to proximity of the server or the client traffic can be
routed through a high-speed network. Using remote display protocol, the client application can be accessed over networks
with bandwidth as low as 64 kbps.

Benefits Realized

• Enhanced CRM/Server application performance: Substantial improvement in Microsoft Dynamics CRM

performance, leading to increased adoption rates among banking staff.
• Boosted branch user productivity: Despite low network bandwidth at remote branches, employees experience
significantly improved performance accessing CRM applications, enhancing overall productivity within banking
operations.

Accops Products deployed for the use case

• Accops Digital Workspace

11. Meeting sustainability goals

Problem Statement
While governance and social responsibility in Banking have been around for a few years, environmental commitment is a
fairly recent entrant that has quickly gained traction worldwide. Sustainable finance has gained significant momentum
across the globe including India, as public recognition of the need for sustainable development has grown. Sustainable
finance involves strategic planning and execution of banking operations and business activities while taking into
consideration the environmental, social, and governance (ESG) impact.

A survey3 conducted by RBI in Jan 2022 to assess the status of climate risk and sustainable finance in leading commercial
banks identified that only very few Banking institutions have sustainability-specific KPIs in their performance evaluation.

There is increasing demand from both political as well as regulatory bodies to have concrete indicators to demonstrate
performance on sustainable finance. So, being proactive regarding sustainability and carbon footprints in addition to
simply doing the right thing, are good business practices that could help Banking customers get ready to lead towards the
future, lead industry peers, get good press & look good to clients, get regulatory brownie points, and be a favored supplier
in client’s supply chain.

Accops Solution
Accops’ contribution towards meeting the sustainability objectives of financial services institutions is delivered by helping
these organizations reduce the overall carbon footprint (Green House Gas emission) when they conduct operations. All
businesses emit Green House Gases (GHG) in the course of their operations.

Following are ways in which Accops products, by providing a secure remote access platform, lead to a reduction in the
overall carbon footprint of Banking organizations. Using Accops solutions, Banking organizations can do the following:

• Employees can be provided flexibility to work from the location of their choice thus reducing
• need of infrastructure for people working in the office building, including (but not limited to) load on office
space allocation, load on air-conditioning systems, need for fresh water, water in the facilities, water cooling, etc
• Banks can reduce manpower efforts. Even with constant business, one can save space and time. It takes 1
support person for every 1000 virtual desktops with Thin Clients, whereas it takes 1
• support person for every 200 PCs.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 22
ACCOPS.COM

• Accops reduces electrical consumption by up to 90% across 5-7 years. Accops thin clients have 1/3rd the
manufacturing emissions as compared to even a low-end laptop. Thin clients also have a longer BAU life span of
7-10 years thus, further reducing carbon footprint in comparison to PCs.
• Old laptops and PCs (even 10+ years old) can be repurposed using the Accops Nano OS along with VDI/DaaS. This
makes the end user landscape simpler to manage, more secure, less resource-intensive, and can keep the device
in use until the point of hardware failure. This ensures a single OS across thin clients and repurposed PCs/laptops.
The usage of Accops Nano OS extends the life of laptops/PCs.

Benefits realized

• Provides a strategic competitive advantage for business growth. Creates an architecture for security by design.
Brings simplicity and reduces security risk and threat landscape.
• Introduces operational efficiencies.
• Reduces direct costs of provisioning and maintaining office spaces and eliminates lead times for
• such.
• Improves productivity (up to 90% reported by our clients)
• Reduces electrical consumption by ~ 85%.

Accops Products deployed for the use case

• Accops Digital Workspace (ZTNA, VDI brokering, and MFA)

Conclusion
Accops considers itself to be privileged to partner with and be considered the preferred choice, for enabling and securing
remote access for Banking organizations working on cutting-edge technology to deliver next-generation banking and
financial services. Accops is committed to delivering world-class solutions focused on workspace delivery needs to cater to
future work models and at the same time ensuring IT has full control when catering to such requirements.

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 23
ACCOPS.COM

1 https://www.ibm.com/reports/data-breach
2 https://www2.deloitte.com/us/en/pages/risk/articles/cybersecurity-threat-trends-report-2023.html
3 https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=1215

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise
mobility for business users while keeping governance with the organization.

Want to learn how Accops can help you secure critical applications and ensure compliance without escalating costs? Contact us at
[email protected]

© Copyright Accops Systems 2024. All rights reserved. USE CASES - BFSI 24