How financial services can stay secure in the cloud: A guide

It was only a few years ago that an air of trepidation surrounded the cloud. However, in the present day, there is no question that having got through what Gartner termed a 'phase of disillusionment’, retail financial services firms see the immense value that cloud can bring. What’s more, with the implementation of the second Payment Services Directive (PSD2), the rise of fintech competitors and the emergence of blockchain technologies, many banks are realising that the cloud can be a viable route to future success.

The latest Nutanix ‘Enterprise Cloud Index Report’ for the financial services sector revealed a 21% adoption rate of hybrid cloud among financial services organisations, outpacing the global average of 18.5%. 

This should be welcomed. With the cloud in their hands, financial services organisations have a real chance to transform their industry from where it currently stands. However, as any superhero fan will know: ‘with great power comes great responsibility’. For banks, organisations are aware that the implication of storing their most sensitive data in a technology that they do not yet fully understand could threaten to be detrimental. In our 2019 public cloud survey, respondents exhibited reluctance towards hosting highly sensitive data in the cloud, with customer information (53%) and internal financial data (55%) topping the list of concerns.

The reason for their hesitation? Over half of respondents (56%) confessed that they had doubts about how compliant their cloud set-up was, 47% pointed to the ongoing cybersecurity skills shortage and lack of visibility within the cloud was a worry for 42%. Financial service organisations, now more than ever before, are striving to understand how to fully operate in the cloud and to recognise the potential security challenges cloud computing can present if not properly leveraged and secured.  

However, in today’s ever-evolving cloud landscape, confusion remains. When it comes to deploying the cloud, excessive regulation surrounding data classification and security remains a central and legitimate concern. Many banks struggle to understand what information needs to be retained on the private cloud, what is able to be kept in the public cloud, how different tiers of data need to be secured and who is ultimately responsible for confidential data. This confusion only deepens as regulations and sophisticated online threats continue to proliferate.

In listening to customer concerns, financial service organisations can better understand the importance of providing a way to leverage the cloud without having to worry about how they might allocate security resources across the globe. For example, Barracuda security solutions are engineered for the cloud, offering dynamic scaling, API-based configurations, integration with Azure Active Directory and Azure App Service, meaning that customers can scale the solutions to fit their specific needs and leverage the cloud to protect their customers’ data.   

What to look for in order to stay secure

Full visibility into applications and user awareness of the current threats – such as attacks due to cloud misconfiguration – is of paramount importance. As cloud misconfigurations continue to leave organisations vulnerable, financial services need to find a way to close this attack window on potential cybercriminals. An example of this would be to build secure multi-tier architectures in Azure. Financial services customers are able to keep a level of segregation between tiers in order to ensure optimal security within their cloud management stack. 

When looking for a cloud solution that can keep up with the evolving threatscape, financial services need to consider using a highly scalable security solution that protects applications from targeted and automated attacks, including data breaches, defacement, OWASP Top 10 attacks, and application-layer DDoS.  

If you can invest in a solution that automates security policy compliance in the public cloud, it will give you visibility into your distributed cloud environment, while ensuring your cloud environment is compliant. Such a solution continually scans your infrastructure in order to detect misconfigurations, as well as actively enforcing security best practices, and remediating violations automatically before they even become risks.

Overall, committing to such a solution will stand you in good stead to be able to fully leverage the benefits of the cloud, while maintaining the required security and control. To paraphrase the old adage: take care in the cloud and the pounds will take care of themselves. in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.