A groundbreaking study on cloud security has been published in Computer Standards & Interfaces, an SCIE-indexed journal. Authored by Daemin Shin, a senior researcher at the Financial Security Institute (FSI), the paper outlines strategies for financial institutions to strengthen cloud security while maintaining efficiency in software development and operations.
Titled “Enhancing Cloud-Native DevSecOps: A Zero Trust Approach for the Financial Sector,” the paper presents a new security framework that integrates DevSecOps—combining software development (Dev), security (Sec), and operations (Ops)—with Zero Trust, a model that continuously verifies users and devices rather than assuming trust in cloud environments.
Cloud-native is an approach to building, deploying, and managing modern applications in cloud computing environments. Its purpose is to enable companies to develop highly scalable, flexible, and resilient applications that can be updated quickly to meet customer demands without disrupting service delivery.
According to an FSI press release on Tuesday, the research has been highly praised for offering practical solutions that help financial institutions minimize security risks while efficiently developing and managing financial software, which increasingly relies on cloud-based systems. Jiyoon Kim, I Wayan Adi Juliawan Pawana, and Ilsun You contributed to the study, with Shin as the first author.
As financial institutions increasingly adopt cloud-based systems and microservices architectures to drive digital transformation, their security measures remain largely rooted in traditional IT environments. This reliance on perimeter-based security inherits critical limitations, expanding the attack surface and heightening the need for more effective cloud security strategies.
“This study provides a foundational framework for financial institutions to evaluate and implement Zero Trust policies and technologies independently to overcome traditional perimeter-based security limitations and achieve advanced automated cybersecurity capabilities,” the researchers noted in the paper.
In a statement, FSI CEO Park Sang-won reaffirmed the organization’s commitment to advancing cybersecurity expertise by supporting research on emerging technologies, including artificial intelligence and cloud security.
Related article: South Korea’s financial security institute leverages AI for fraud detection
On Thursday, South Korea’s Financial Security Institute (FSI) announced proactive measures to enhance the security and reliability of artificial intelligence applications in the financial sector. This initiative not only aims to identify security vulnerabilities, but also to enhance the capacity of institutions to detect fraud.
As AI-driven financial services become more widespread, concerns about security vulnerabilities, data breaches, and biased decision-making are on the rise. In response, the FSI has launched the initiative to assess the security measures of firms designated as innovative service providers by South Korea’s Financial Services Commission, the nation’s top financial regulator. READ MORE
Related article: How AI and ML are transforming cloud security amid rising cyber threats
As businesses increasingly rely on cloud platforms to store critical data and run services, the threat landscape has become more sophisticated. According to Check Point Software Technologies, 61% of organizations experienced a cloud security incident in 2024, with 21% resulting in data breaches. Cybercriminals, equipped with advanced tools, relentlessly probe cloud environments looking for vulnerabilities.
In response, cloud providers are ramping up their security measures, with artificial intelligence (AI) and machine learning (ML) taking the spotlight. These technologies not only improve response times but also revolutionize the detection, prediction, and prevention of cyberattacks. READ MORE
Related article: Seoul strengthens AI security to protect citizens against cyber threats
The capital of South Korea has enhanced its artificial intelligence security system in an effort to protect its residents from cyber threats. On September 4, the Seoul government announced a three-year plan to strengthen its AI-based cybersecurity system to protect the city against cyberattacks. This announcement came three months after the city’s official had an interview with The Readable regarding its AI Security Center.
The city has been training AI using cyberattack databases from city-related organizations to develop more effective security operations systems. Seoul disclosed plans to expand its database collection to include external agencies such as the Korea Internet & Security Agency (KISA), which oversees internet information protection in South Korea, and the Korea Local Information Research and Development Institute (KLID), which develops and operates regional administrative systems and clouds. This expansion aims to enhance accuracy in identifying cyber threats. READ MORE
