Having the capabilities to distribute processes via the cloud can assist financial institutions in becoming more efficient. However, misunderstanding the cloud’s risks, regulatory oversight and proper control mechanisms can create severe problems.
A cloud-computing platform − a network of servers hosted internally, through a third party provider, or a hybrid of both – allows financial institutions to move technology to affordable solutions. It takes away the struggle surrounding purchasing, developing and maintaining a technology infrastructure.
The cloud, however, does not remove all hazards.
Israeli-based Radware, for example, reported hackers could launch large-scale distributed denial-of-service attacks using public cloud platforms such as those offered by Amazon, Google and Microsoft. Those clouds provide capabilities that hackers find attractive such as bandwidth and computing power where they can upload, store and test scripts in a disguised platform.
In addition, according to the Federal Financial Institution Examination Council examiners should help identify gaps in mitigation strategies if a financial institution engages in cloud computing. This includes the thorough vetting of intrinsic risks, the clear identification of control instruments, and assurance that remaining threats remain at adequate levels.
So what are the biggest cloud-based security threats?
With the cloud, financial institutions must become more aware that data is outside their network. Therefore, banks also need to ask vendors about data handing.
Then there are some less obvious hazards as well such as a lack of transparency, understanding where data resides, what it is doing, who has access. Many cloud providers also have the ability to shift data from one place to another, without receiving permission, so an organization’s information could end up in an overseas data center.
In addition to DDoS attacks, hackers leverage cloud services to conduct phishing attacks along with other malicious activity such as application programming interface abuse.
Some core providers not only offer cloud services but also protect against cloud weaknesses. They offer secure, private cloud offerings including infrastructure as a service, firewall as a service, desktop as a service and disaster recovery as a service, which allows financial institutions to protect all their services onsite.
Using a private cloud rather than a public cloud like those offered by Amazon or Microsoft also improves the security of the financial institution’s data and gives it more control over who has access to the cloud infrastructure.
Other core providers offer a secure cloud-computing environment using infrastructure management, which enables financial institutions to move IT to the cloud to leverage its many benefits. This includes cataloging the on-premise network and comparing functionality to similar cloud platforms.
Some IT providers also offer a set of managed technology infrastructure tools that provide cyber security protection from perimeter to endpoint. These include firewall services, intrusion detection and prevention, and the ability to monitor traffic across the network.
Malicious actors out there are advancing very rapidly and the security defenses of yesterday are quickly negated and not as effective. Encouraging financial institutions to consider a very layered approach to security helps protect their systems even if they are in the cloud.
It really comes down to the financial institutions and banks understanding their current security environment and contrasting that with a possible cloud infrastructure. Financial institutions have to be mindful about their current vulnerabilities, and if any would be remediated or reduced by moving to the cloud.
Decisions about efficiency planning and technology are often tough and foresight can be a challenge. CCG Catalyst is here to help banks seeking the best course of action for their business and with vendor relations and management.
CCG Catalyst is a leading management consulting firm connecting bank strategy to innovation, transformation, and disruption. We advise our clients on the direction of banking, development of the strategy and managing the disruption related to the execution of the tactics. CCG Catalyst leverages decades of deep industry experience to provide practical business strategies and organization, analytics, and technology consulting for our clients.