Business
Cloud solutions for the finance sector: Safe or not?
The right amount of care and attention at this stage of the financial industry’s digital transformation means there should be no need to avoid the use of cloud services.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
With the popularity of cloud hosting and software as a service continuing to rise, those involved in high-security industries must ask ourselves “is cloud hosting a safe platform for our services”?
Certainly, there are a number of security concerns that financial services providers need to think about when adopting new technology or practices. Accurate and effective risk assessment is all that stands between your company and catastrophic failure.
Let’s take a look at some of the risks cloud-hosted services hold for the financial sector, and what we can do to mitigate those risks.
Types of cloud hosting
There are three main types of cloud hosting – public cloud, private cloud, and hybrid/multi-cloud. Public cloud services are hosted on shared servers in data centers, with the hardware often owned by a big third-party provider like Amazon, Google, or Microsoft.
While these providers are generally very secure, their size and importance in the global digital framework makes them targets of state and non-state bad actors. Additionally, many hackers try to use these services to launch attacks.
Private cloud hosting can mean the servers are based on-prem at your company, or it can mean you have sole control over the servers at the server farm they’re based in. Either way, your organization has sole responsibility for managing security, updates, patches, and anything else to do with your private cloud servers. A more expensive option, and only more secure if you have the right staff to keep it so.
Some cloud service providers will offer you private cloud hosting on their servers. It’s vital to know whether their private cloud is hosted on their premises, or if it’s in a third-party data center. The regulations surrounding some industries, including the financial sector, may require that you host some services on-prem.
You should be able to find out how the staff with physical access to the servers are vetted, no matter who owns the data center or the servers. Look out for in a cloud supplier include the availability of financial, compliance, and security audits. There’s no need to risk your company’s future with a provider who can’t help you meet your customer’s security or compliance expectations.
A multi-cloud or hybrid cloud solution can help resolve some of these issues, by hosting data and services that need to be more secure on on-premise, private servers. Less sensitive applications and data can be hosted with the service provider, or with a carefully chosen third-party data center.
What is it about cloud hosting that’s risky?
There are risks at every level of a cloud-hosted digital service, from customer log security to problems with shared RAM on public cloud servers. Anywhere that data shares connections or equipment with other services or customers is a potential source of trouble. Some of these risks would be the same for any online service, but others are specific to cloud architecture.
People-based risks
From lax customer password choice through to nefarious activity by server farm employees, the world of internet-based services is fraught with security risks. Things to watch out for are providers who lease their server space through a third party, and providers that have already suffered a data breach or other serious attack (especially if they haven’t remedied the cause).
Check up on staff screening procedures, security auditing, and regulatory compliance with every company that comes into contact with your data before it reaches your customers. Provide the right training and resources to protect your employees and customers.
Hardware-based risks
There are several types of attacks that make use of shared hardware by traversing the container boundaries between different processes on the same server. While these attacks are rare and difficult to carry out successfully, the potential rewards could make your services a particularly attractive target. A private cloud can mitigate some of these issues, but the private cloud brings with it a lot of other requirements, both financial and legal.
Software-based risks
You need to make sure your SaaS and infrastructure as a service (IaaS) providers can prove their financial, compliance, and security capabilities. Try to keep an eye out for well-established providers with a proven track record supporting the financial services industry. Pick a provider that has a bug bounty program if possible, and make sure they follow up those bugs with a patch quickly and effectively.
Compliance issues
Compliance issues are the bane of the modern digital world. Your company will need expert legal and technical advice on any new technology you want to adopt, at least if you want to avoid fines and other compliance-related setbacks.
Different countries have different rules covering the data protection and security measures you need to take when planning the deployment of new cloud services.
IIF: Cloud Computing in the Financial Sector Part 2: Barriers to Adoption
If you find a cloud services provider who is well-versed in the laws and compliance regulations that apply to your business, you’ll find keeping in line with these rules becomes easy. In fact, a good provider with the right experience will be able to warn you if anything your company is doing could put you at risk.
Summary: Are cloud-hosted services worth the risk?
At the end of the day, this is for you and your board to decide. First, look at some of the advantages that cloud-based services can bring to the financial sector. Many functions, such as sales and marketing, optimization of the customer journey, resource planning and communications, and more can be achieved without needing particularly high security.
With the right hybrid cloud set up, it’s possible to offer customers the digital services they have come to expect from big corporations, without compromising their security. Digital transformation is here to stay, and customer expectations are only due to increase.
The right amount of care and attention at this stage of the financial industry’s digital transformation means there should be no need to avoid the use of cloud services.
Editor’s Note: This guest post was written by Jerry Chua. With over 20 years of managerial experience in the IT industry, Jerry currently serves as the Marketing Director of Azeus Convene. Used by governments and Fortune 500 companies in over 90 countries, Convene is a powerful productivity tool designed to streamline and digitize collaboration.
Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- Microsoft’s Project xCloud expands its streaming test to over 50 titles
- Own an Amazon Cloud Cam? Amazon workers might be watching your home footage
- Head in the clouds: Why so many businesses are migrating
- Sony and Microsoft are joining forces to work on cloud gaming services