Our Solutions Architect, Ben Fishbune, spoke at CBA’s Virtual Technology Showcase – detailing why financial institutions should move to the cloud and explaining how to stay safe and compliant. To watch the presentation, visit CBA’s website here.
Why Should Financial Institutions Move to the Cloud?
A quick Google search will describe the “top” benefits of cloud technology. However, you’ll probably have to dig a little further to find out that most benefits of cloud adoption fit into a few categories: Reliability, Security, Mobility and Future Considerations. Reliability of Tier 3 and 4 data centers include the highest availability metrics in the industry. Tier 4 data centers adhere to the following:
- Zero single points of failure
- 99.995% uptime per year
- 2N+1 infrastructure (fully redundant)
- Maximum downtime of 26.3 minutes per year
- At least 96 hours of independent proprietary power
These facilities also follow strict auditing procedures to verify their physical security and availability principles. Many are continuously reviewed for a huge array of compliance standards, including SOC, PCI, HIPAA, ISO, CIS, WCAG and more.
Moving workloads to a centralized cloud allows for many options when it comes to mobility and connectivity. This allows users to leverage applications or desktop infrastructures that were previously only available through VPN connections to the corporate network. This can be leveraged to allow for greater flexibility for both employees and the organization as a whole. Cloud workloads are vital to adopting emerging technologies and proof of concept deployments. They can be used to offset capital expenses for operating expenses through various payment models, including pay-as-you-go or yearly contracts.
What Challenges Come with Cloud Computing and a Remote Workforce?
The major challenge with cloud computing is the shared responsibility around security and compliance. While many of the cloud providers hold responsibility for physical security and compliance, it is important to determine exactly where their responsibilities end. This can be accomplished by a combination of strong vendor management, understanding where data is being stored and how it is accessed, monitoring and reviewing access controls and implementing vulnerability and patch management systems. Network documentation, change management and policy/procedure reviews also play a key role in security and compliance in a cloud environment.
Additionally, advanced cyber threats can be a significant challenge for migrations to cloud services of all kinds. By nature, there is an increased attack surface relative to the shared compute and storage components of various providers. Traditional attacks are still used, such as phishing and other scams targeting employees, but specific attacks around remote access, exposed customer data and ransomware are on the rise in cloud environments.
Many of the solutions utilized to solve shared responsibility complications will also ensure protection and security for many traditional and evolving threats in the cloud space.
How Can Your Financial Institution Effectively Achieve Compliance and Security?
As previously mentioned, there are many ways to achieve proper compliance in the cloud. It is essential to be continually evolving regarding technology and risks that could compromise network security and compliance. It is important to monitor and implement controls and procedures as well as reviewing policies to ensure efficiency and security.
Vendor management plays a critical role in security and compliance. Due diligence for all vendors involved in data storage or processing should be completed on an annual basis, if not more often. Mapping out the security responsibilities, controls and actions for each critical vendor helps with managing the relationships and properly reviewing the relationship. Policy requirements need to be updated or reconstructed with cloud-based access in mind. Confidentiality, security and access policies need to reflect the vendors and access methods related to cloud applications and data center. In some cases, it may be best to create new policies specifically covering the cloud platforms.
Implementing access controls to allow users and devices to access data in a least privileged methodology is recommended. Many platforms include tools allowing configuration of access for users, devices or even file level. Along with access controls, protecting and educating users becomes more important as mobility is normalized. Ongoing user training for security and threat awareness is especially critical for mobile and cloud users. Most security breaches and attacks are linked to social engineering, intercepting legitimate access from existing employees.
Overall, it takes a strong understanding of technological requirements, compliance and security along with implementation tactics for multiple platforms to stay safe and compliant in the cloud. Demand for expertise in these areas has skyrocketed as more companies look to leverage the cloud and support a mobile workforce, making a partnership with a compliance-focused Managed Service Provider critical when planning and implementing a secure, efficient and flexible cloud deployment while minimizing risk.
At Xamin, we offer solutions that help financial institutions – and other highly regulated and reputation-sensitive companies – tackle the transition to the cloud, evaluate their strategies related to remote and cloud connectivity and uphold compliance. If you missed our presentation at CBA’s Virtual Technology Showcase, you can still watch it here.