Cloud services are transforming business operations for financial institutions, providing a modern IT infrastructure while mitigating cyber risk. Referred to by IBM as “one of the most important shifts in the history of enterprise computing,” adoption of the public cloud is growing as organizations become more familiar with the advantages provided by the technology.
Despite the rapid adoption of the public cloud, there is confusion surrounding this technology and concerns with security. The cloud is nothing more than a delivery model, no different than an onsite server or virtualized environment on the premises. The public cloud is an IT model in which on-demand computing services and infrastructure are managed by a third party and shared with multiple organizations using the Internet.
Let’s explore common questions about the cloud and discover how the technology benefits financial institutions:
How secure is the cloud?
Public cloud providers have many incentives, including customer satisfaction and reputation, to invest in the technology needed to create secure and compliant environments. According to Gartner, “there have been very few security breaches in the public cloud — most breaches continue to involve on-premises data center environments.”
Due to the complexity of cloud-related architecture, there are situations where configuration issues arise. If prioritizing a move to the cloud, banks should consider partnering with a trusted cloud services provider to leverage their knowledge, experience and security expertise.
What are the security risks of public cloud computing?
With a cloud migration, it is important for an institution to rethink its security policies around accessing information. For example, if a bank migrated its on-site email to cloud-hosted email, it should update user and password policies to reflect this migration. Does the existing policy assume users will be in the office or connected to a virtual private network?
With a cloud-based system, users can log in remotely using any device, so organizations must establish stronger security protections, such as multi-factor authentication (MFA). MFA requires multiple credentials to verify a user’s identity, and this control blocks more than 99% of account compromise attacks, according to Microsoft.
What is a virtual desktop infrastructure environment?
Virtual desktop infrastructure (VDI) uses software to create desktop instances on a server or in a cloud environment. Each user has a designated virtual desktop, and when the individual accesses their virtual desktop, they can open all the files and applications meant for them. The end user accesses their files by simply launching an application or going to a specific site in a web browser.
As the pandemic drove institutions to embrace remote or hybrid workforces, many organizations moved data to the cloud to increase accessibility for those working outside the office. When users access resources with laptops on home networks, which may or may not have adequate security controls, some employees might download critical corporate data and create security concerns if the device is stolen or compromised.
One significant security benefit of VDI is the ability to centralize the management of desktops. Banks can easily patch virtual desktops because they do not require users to manually restart their machines or remote users to connect to the network. By streamlining patching, the bank can address vulnerabilities quickly and leave less opportunity for exploitation.
Should banks include the cloud in their cybersecurity monitoring?
Many organizations secure their perimeter and critical servers while monitoring for threats, but it’s important for banks to monitor the cloud environment. Institutions should think about how users access the cloud and how they plan to detect unusual or suspicious behavior. MFA offers an extra layer of protection, and institutions can further enhance controls by setting up conditional or temporary cloud access.
It’s not enough to deploy firewalls and intrusion prevention systems; financial institutions must go above and beyond typical security measures to keep their systems safe and should consider partnering with a trusted managed services provider for cybersecurity solutions.
What are the regulatory considerations of moving to the cloud?
As regulations involving public cloud usage evolve, banks must stay abreast of current and future requirements. Banks should consider leveraging the compliance expertise of their cloud services provider to ensure they are prepared for changes on the horizon, as well as upcoming audits and exams.
It is also important for institutions to remember that they cannot outsource responsibility. Even when partnering with a trusted provider, an institution is responsible for the overall health and security of its infrastructure.
How does a bank develop a cloud migration strategy?
Some financial institutions believe a cloud migration must be an “all or none” event, meaning that everything occurring on-premises must be moved to the cloud all at once. While that could be the case for some banks, it is common for institutions to deploy a hybrid environment by migrating select assets to the cloud. The idea of an all or none transition deters some institutions from even considering the cloud, but the reality is many organizations already utilize cloud applications in their daily operations, including for email or file storage. Additionally, some institutions choose to begin their cloud migration when it’s time to upgrade traditional hardware, such as replacing aging computers with virtual desktops.
Moving forward with the cloud
Making the decision to use a cloud provider does not have to be shrouded in mystery. Once financial institutions understand what the cloud is and focus on what it can do, the benefits become apparent. For many banks, the cloud offers the network, security and scalability for optimal growth.
Sean Martin is director of product strategy, CSI Business Solutions Group for Managed Services. In his role, Sean identifies and implements solutions designed to maximize security and profitability for financial institutions.