Industry Trends

Public and Private Cloud Adoption - What Financial Services Need to Know

By Brian Forster | December 15, 2016

Back in 1950 the first broadly available credit card was introduced to provide people with an alternative and more convenient payment option to cash. In the late 1950s mainframe computers debuted, and by 1969 the first ATM was installed. And in 1983 the first online banking service was launched on the then fledgling Internet. All of these financial technologies (sometimes referred to as “FinTech”) were developed and brought to the market to make the lives of customers easier and to move the financial industry forward.

Fintech has continued to surge, and in the latest development we now see more and more financial institutions moving their data and operations to the cloud. In fact, the majority of financial institutions currently has or is developing a cloud strategy within their organizations. This represents another major sea change in the way financial services and transactions are processed, managed, and delivered.

Cloud networking and computing are being woven into the fabric of the financial industry. Let’s take a closer look at some of the benefits and challenges the cloud represents, as well as things organizations need to consider to keep their operations secure.

Private Cloud Benefits

Many financial organizations have chosen to migrate their data and processes to the private cloud, as it allows them to maintain sole control and ownership of their data and processes while enjoying the benefits of cloud-based computing. Private clouds often serve as a virtual data center, allowing organizations to consolidate applications and data while reducing hardware and cooling resources in an effort to improve efficiency. With private clouds, organizations can allocate resources with ease and scale their processes without having to send the data “out into the wild” of the public cloud or Internet.”

Keeping data within the organization’s sole control minimizes security stresses and regulatory compliance. However, it’s important to note that private clouds are typically much more expensive to deploy, especially in terms of ongoing operating expenses, when compared to public clouds.

Public Cloud Benefits

While discussions and announcements around some of the largest financial organizations moving to the public cloud (Amazon, Rackspace, Microsoft, etc.) have been rather quiet, make no mistake about it, these transitions are certainly occurring. Public clouds, much like private clouds, provide scalability (on-demand access to resources), flexibility (distributing resources between cloud users), and reliability (large numbers of available servers.)

The public cloud also allows users to only pay for the services that they use. Additionally, because the public cloud vendors provide all the necessary software, hardware, and support, organizations can significantly reduce both capital and operating expenditures in these areas.

Barriers and Challenges Presented by the Cloud

While the benefits offered by both the private and public clouds are profound, and only differ slightly, there are many shared barriers and challenges that financial organizations need to understand and overcome before making the move. The chance of data breaches (loss of personal customer information such account ot credit card data), unsecured APIs, and sharing technologies in multi-tenant environments all top the list of today’s CIO concerns.   

As financial organizations look to make the move to the public or private cloud, they need to examine these challenges and ensure they are adequately addressed. Failure to do so could result in severe penalties, high financial costs, and reputational damages that can be difficult to recover from.

Securing Private and Public Clouds

Despite the challenges financial organizations face when deciding to move data and processes to the cloud, there is now a wide array of new solutions designed to secure cloud environments available to make the process a bit easier. The most important rule is that financial data that enters and leaves the cloud, or that is stored there even temporarily, should always be put through the same scrutiny as any other data through traditional tools such as firewalls and IPS technologies, as well as application control, content filtering, sandboxing, and more.

It’s also important for organizations to consider security fabric frameworks that allow threat intelligence to be shared and across and between both local and cloud-based environments. Cloud security solutions need to be able to handle and segment the multitenant composition of traffic and inspect and isolate traffic in an effort to avoid risks.

After data has entered into the cloud, organizations need to be able to maintain control. Most traditional hardware-based security appliances do not have the ability to control data once it enters the cloud, so compatible virtual security solutions that provide for seamless policy enforcement and consistent threat intelligence and response synchronization need to be strongly considered.

While many cloud providers attempt to keep pace with current threats, one mishap could bring systems crumbling down. For this reason, it’s important for financial organizations to consider cloud security vendors that can share and respond to threat intelligence across the organization’s distributed environment.

As FinTech continues its march forward, organizations cannot afford to neglect security or assume it is being adequately managed by their cloud providers. Let’s get a conversation going on Twitter! What types of security practices do you think are needed to keep cloud adoption in the financial industry heading in the right direction?