Emerging Cloud Trends in the Financial Sector: Cloud Adoption Soars, Yet Security Concerns Remain

published

header image

Today, financial institutions face two major challenges. First, the large volume of highly sensitive information they process, such as credit card data, Social Security numbers and personal identifiers, is highly attractive bait for attackers. Second, financial organizations in the U.S. are supervised by many agencies, including the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation, and have to follow stringent regulatory requirements to avoid litigation and financial penalties. Meeting these challenges is taxing, especially when customer demands for service availability keep increasing and IT budgets and staff are both limited.

To help financial organizations address these challenges, cloud providers do their best to deliver innovative customer experience and increase IT efficiency. [Researchers from Deutsche Bank]https://(blogs.wsj.com/cio/2016/06/09/big-banks-starting-to-embrace-public-cloud-deutsche-bank-says/) predict that cloud adoption in the banking sector will quickly ramp up substantially, from zero use of an infrastructure-as-a-service (IaaS) model to 30% — all within next three years. Indeed, financial organizations have already been widely using cloud-based email, storage, CRM systems, and application development and testing environments for core business activities. The increasing popularity of the cloud generates lively discussions about cloud benefits tailored specifically for financial organizations and the impact of the cloud on data and system security. The results of Netwrix 2016 Cloud Security Survey indicate the following trends and concerns in cloud adoption within the financial industry:

1. Banks are in no rush to embrace the cloud.

The Netwrix survey found that the security and privacy of data in the cloud remains the leading concern for the majority of financial organizations (85%). Overall, 17% of IT pros said that they are not ready to move their entire IT infrastructure to the cloud due to security concerns. In order to keep sensitive data secure and avoid compliance issues, many banks either have a strict ‘no-cloud’ policy or choose private cloud deployment options, which let banks retain greater customization and control than the public cloud (but require additional investments).

2. Scalability, flexibility and availability are the key cloud advantages.

Despite their security concerns, financial institutions recognize the benefits of the cloud. 67% of them say that scalability is the biggest advantage of the cloud, since it enables them to handle growing business demands in a timely manner and quickly adapt to changes in organization size and market conditions. Other major benefits named by respondents include flexibility in resource utilization (50%) and higher availability of systems for employees and customers (42%), which allow financial entities to become more agile in creating new offerings and to improve operational efficiency.

3. Unauthorized access and account hijacking are the top data security threats.

Most financial organizations (80%) named unauthorized access and account hijacking as the leading security threats associated with the cloud. Threats to sensitive data can hide behind any account, active or expired; no wonder, then, that account management is one of the priorities that PCI DSS, GLBA and other industry standards set for financial institutions. Over 58% of respondents said that the activities of their own employees are of particular concern, since the human factor (e.g., mistakes, negligence and deliberate malicious actions) is often the root cause of security incidents.

4. Visibility is the key measure to minimizing security risks.

In the next few years, banks will likely focus on finding the right balance between seizing the benefits offered by the cloud and achieving adequate levels of security to stay in business. According to the Netwrix Cloud Security Survey, a nearly all (95%) of financial organizations consider visibility into what’s going on in IT environments to be a critical part of security. Achieving this visibility may help them become more open-minded about cloud technology. Having a deep understanding of what’s going on across core systems will help organizations achieve the necessary level of control over their IT infrastructures, identify risks to highly sensitive data, and effectively combat both external and internal threats.


By Michael Fimin, CEO and co-founder of Netwrix, a provider of a visibility platform for user behavior analysis and risk mitigation that empowers financial organizations to root out security gaps across the entire IT infrastructure and slash preparation time for compliance audits.