Uncategorized

Finance sector looking further to the cloud – but beware security risks

(c)iStock.com/BlackJack3D

More proof arrives that financial organisations are becoming more comfortable with cloud technologies: according to the latest industry outlook from Skyhigh Networks, the average financial services company uses more than 1,000 cloud services, with collaboration tools the most popular type of application used. But is it a good thing?

The report, which focuses on real life data from 3.7 million employees at banks, insurance companies and credit card firms among others, found the average employee uses 31 separate cloud apps. On average, this comprises eight collaboration services, five file sharing services, three social media services, and three content services. Those with a keen eye for numbers will note those figures do not add up to 31, so it’s worth pointing out that among the others, four apps used on average are from – usually unwanted – marketing analytics and advertising services.

The risk does not end there, however. According to the report 15.5% of financial services have at least one compromised credential, more than any other industry, while 88% of those analysed showed behaviour indicative of an insider threat during the last quarter. The number across all industries which have one compromised credential or more is at 11.2%, while the report also found 94.3% of financial services companies have exposure to compromised credentials – again higher than the overall average of 91.7% from all industries.

Going with current trends, Microsoft Office 365 remains the most popular enterprise cloud app in financial services, followed by Concur and Salesforce, while on the consumer side Facebook rules the roost, followed by Twitter then LinkedIn. Yet the overall consensus from Skyhigh is that of risk rather than reward.

“While financial services companies take special care in assessing the security controls of cloud services, employees can also introduce cloud services into the workplace, creating “shadow IT”, the report warns. “As sensitive data moves to the cloud, these companies must also meet strict regulatory requirements.”

Other recent research has been mixed on the topic. In March, the Cloud Security Alliance described how financial firms were accessing cloud services more readily albeit with roadblocks still to conquer, yet in July a report from CipherCloud revealed how 100% of respondents in the finance space said they put certain personally identifiable information in the cloud.