Worries about control and security have had financial services firms dragging their heels when it comes to adopting a cloud strategy. But now, as the cloud becomes more secure and stable, many are starting to realizing that utilizing the cloud does not equal putting their business at undue risk. Could your firm be one of them?
The financial services industry is in the early stages of cloud adoption. The Cloud Security Alliance (CSA) finds just 61% are currently developing a cloud strategy. By comparison, Rightscale finds that 95% of all companies in general are already using the cloud.
Why Worry About Cloud Security?
Of the financial services firm considering cloud adoption, 18% say they are planning on using only private clouds, and none plan to host the majority of their systems in a public cloud. In addition, many financial services firms are avoiding the cloud altogether primarily due to security concerns.
CSA finds the top reasons financial firms avoid the cloud are:
-
Security (100%): Fully 60% ranked data confidentiality as their top concern, with 57% worried about a lack of control over their data and 55% citing the possibility of a data breach.
-
Regulatory restrictions (71%): While 31% say are working with regulatory agencies to develop cloud standards, most say they can’t achieve compliance without assurances that they can detect malware, audit permissions and encrypt/tokenize data. Fully 61% said ownership of encryption keys is a concern, and that they would balk at using a cloud service that didn’t let them control the keys on-premise.
-
Concerns over public breach notification (43%): CSA found that as many as 13% of cloud users in the financial sector have experienced a cloud security incident, with data leakage (50%) unauthorized access (33%), malware (25%) and service abuse (17%) the primary causes.
Still, financial firms recognize the cloud’s benefits – from reduced capital investments and speedier time to market to more flexible capacity and better support for mobility – and they’re determined to find a solution. Consequently, firms are pushing cloud providers to offer:
-
Increased visibility: Financial services firms can’t rely on a cloud that is a black hole when it comes to understanding where data resides and how it’s managed. They need tools that provide complete visibility into workloads no matter where they reside, on-premise or in the cloud.
-
Better data security: Whomever owns the encryption keys owns the data. Financial services firms must work with cloud solutions that let them own and control their own encryption keys, ensuring the utmost in data security, both on-premise and in the cloud.
-
Real-time logs: Financial services firms can not house sensitive, critical data in the cloud unless they can actively track and monitor its usage. This means they must be able to collect, analyze and audit logs from both on-premise and cloud infrastructure in real-time.
Addressing the challenges of the cloud requires a variety of toolsets, all collaborating and working in concert to provide the capabilities, visibility and security financial services firms require. Once financial firms gain end-to-end visibility, transparency, manageability and control, across both on-premise and cloud infrastructure, they will be able to both reap the cloud’s benefits and mitigate its risks.
Where is your financial firm on its cloud journey? Join the discussion.