What makes SASE a key asset for banks in Hong Kong

Banks can no longer rest on their laurels or afford lacklustre cybersecurity policies.

The financial fortress of Hong Kong today is up against one of the most pressing threats in this digital landscape – cyberattacks and financial crimes.

As an international financial hub that serves the wider Asia-Pacific region and beyond, Hong Kong’s financial architecture is connected to the global financial system. This could only mean that any external threat to its stability will bring about ripple effects to the international monetary markets at large.

Furthermore, in serving as a key fundraising and capital markets hub for the whole of Asia, one of the largest US dollar clearing hubs, the fourth-largest foreign exchange hub, and the largest global offshore renminbi centre, have all further cemented Hong Kong’s pivotal function in the worldwide economy and larger society outside of its own.

Since it’s now established that cyber resilience for the Hong Kong banking sector has an elevated importance more so than ever, banks can no longer rest on their laurels or afford lacklustre cybersecurity policies. Malicious attacks are not only on the rise but are becoming sophisticated in tactics engaged by the bad actors and the nature of the crime. The increased use of generative artificial intelligence has also introduced additional cyber and data security risks such as data leakage and model inference attack.

To keep these risks and threats at bay, deploying a revolutionary solution that converges network and security services for a robust, secure, and agile infrastructure is the optimum consideration for financial institutions. The answer lies in the Secure Access Service Edge (SASE), a transformative framework and reference architecture that can support banks with simplifying their network complexity, optimising use of their digital assets, whilst improving their cybersecurity posture.

A SASE implementation also involves the adoption of a Zero Trust Architecture with streamlined technology and consistent user policies. With centrally managed security policies for the entire network, this helps not only to simplify enforcement and configurations but also maintain a standardised security posture for banking institutions.

Multi-pronged goals with SASE 
With SASE, banks can be assured of a centralised protection across a distributed workforce and have the power over employees’ authorised access of applications or data from anywhere (office, home, or remote) on any device, enabling flexible hybrid ways of working whilst maintaining security control aligned to the bank’s business needs and user requirements.

It supports flexible and rapid scalability required for growth in line with the bank’s expanded footprint – particularly relevant in the face of stiff competition where today’s traditional, physical banks are up against the new wave of digital banks; it was reported in a survey that over 97% of Hong Kongers trust digital banks’ security measures, and that digital bank account holders are willing to open more accounts with other digital banks.

Additionally, SASE’s cloud-native approach enables the delivery of its networking and security elements via unified managed cloud services, thereby streamlining and bolstering the bank’s cloud security, significantly enhancing its security posture. As network performance within the bank is also key to lower latency of data transmission and enhance overall employee as well as customer experience, the SASE framework helps to optimise network traffic flow and improve network visibility.

Government-passed bills now in place
In recent months, two crucial bills were launched and passed by the Hong Kong government as part of the battle cry (going into the war field) against these underground criminals, which has taken on a proactive and defensive approach.

The first bill is known as the “Protection of Critical Infrastructures (Computer Systems) Bill,” a legislation that was approved in March this year to bolster the security posture of critical computer systems within two categories of critical infrastructure – in which Category 1 consists of the banking sector and financial institutions along with other essential service providers like telecommunication services and energy.

Preventing service disruptions and addressing the increased risk exposure to global attacks is a key agenda of this bill, which designates three key obligations or requirements to be fulfilled by the organisations’ respective CIOs. With this bill, it is expected that stricter cybersecurity requirements will be imposed as well as enforcement mechanisms to govern policies, processes, and the overall systems architecture in place.

The second latest bill is called the “Banking (Amendment) Bill 2025,” aimed at countering financial crimes under the supervision of the Hong Kong Monetary Authority (HKMA). The government said this initiative calls for a new voluntary information-sharing mechanism amongst authorised institutions to fortify public protection against fraud and money laundering activities and assist efficient intelligence gathering – all part of identifying and mitigating illicit operations and any prohibited cash flow. 
The end goal is about preserving Hong Kong’s integrity, resilience, and stability as an international financial hub, whilst preventing its banking system from criminal exploitation.

Both bills are new counter measures in addition to HKMA’s ‘Cybersecurity Fortification Initiative (CFI)’ programme introduced back in 2016 to improve local banks’ cybersecurity and their cyber risk management. Given all these regulatory oversight with extended scopes being rolled out by the government, questions may arise as to why efforts are continuously stepped up and implemented for the financial and banking sector, which has taken prominence in cyber governance and the fight against cybercrimes.

Conclusion
As every financial institution is unique with its own needs based on their existing systems, policies and culture, adopting SASE is no cookie-cutter approach but more of a customised strategy. SASE is a broad, multi-faceted architecture.

It takes well-established and well-known security concepts and restructures them into a unified cloud and Software-as-a-Service (SaaS) centric framework. This restructuring brings with it new complexities ranging from infrastructure design, build phase implementation plan, to run phase operation management.

Engaging experienced solutions providers and market-leading partners can help banks derive the most from their SASE investment, ensuring customers receive the most optimum outcome when adopting the solution to mitigate security risks, minimise complexity, and improve application performance.

After all, SASE does not only address the institution’s security requirements at scale but allows it to adopt a secure and robust digital infrastructure that is resilient and future-proof against service disruptions and preventative towards exposure to global attacks – which will perfectly be in support of the “Protection of Critical Infrastructures (Computer Systems) Bill” agenda that is a mission priority by the government.