For financial institutions across the globe, the benefits of cloud adoption are undeniable. Such digital transformation brings with it a new agility, enabling a fresh acceleration of company strategies.
This is because a cloud-based approach to financial services facilitates new digital workflows, enabling more effective collaboration between formerly siloed departments and other businesses or individuals with which financial organisations may work.
Currently, many financial institutions use cloud-based SaaS applications for non-core business processes, such as HR and financial accounting. However, as application offerings improve and COOs and CIOs get comfortable with the developments, the technology is swiftly becoming adopted for core activity.
According to PwC, by 2020, core service areas such as credit scoring, statements, consumer payments, and billings for basic account functions among asset managers will be using the cloud to scale. This is because data storage costs have fallen dramatically, facilitated by cloud-based infrastructure, making it much easier to manage big data and take an analytics-driven approach.
Security issues facing financial services today
Still, as ever, with great power comes great responsibility – namely problems of security and compliance. Through the cloud, data is able to flow freely to and from recognised enterprise endpoints, but also from mobile devices belonging to employees. Speedy dataflow is crucial for financial firms to stay competitive and efficient. Nonetheless, these businesses must remember that, while cloud vendors protect against attacks on their own applications and infrastructure, it’s up to financial institutions themselves to protect their own data and that of their users.
This is particularly pertinent because, owing to the endless sensitive information held on file, the financial services industry is a prime target for cyber miscreants. At one end of the spectrum, traditional investment banks are increasingly specialising in asset and wealth management, thanks to tighter regulation and corresponding fines within investment banking.
For malicious hackers, this is a highly lucrative target – not only is the data in question extremely valuable, but there’s now a wide range of stakeholders to steal it from.
Elsewhere in the finance industry, people still haven’t forgotten the Nutmeg and Tesco Bank hacks. Moreover, it was recently revealed that, eight months after the mega-hack of credit-rating company Equifax, 15 million British victims had only just been notified that their data had been compromised in the colossal 2017 breach.
Despite these incidents, however, the recent Capgemini and RBC Wealth Management report revealed that only 7% of asset and wealth management institutions are actively looking at cyber security, highlighting the issues in just one area of finance.
The power of the cloud
Thankfully, however, the agility of the cloud can safeguard the finance industry. When it comes to cyber security protection, cloud-hosting means that financial firms don’t need to hire a specialist team or cough up extra computing costs to deploy the technology in question. Instead, protective technology can be hosted externally by an expert team, all on a highly secure platform that delivers security protection quickly and economically in a financial organisation where manpower and cyber skills might be scarce.
In terms of the approach, when it comes to a data lifecycle between endpoints and the cloud, there are two key challenges that must be met. First of all, financial services companies must establish appropriate security rules. They need to be robust enough to protect a company’s data, digital assets, and users; at the same time, they must not affect the productivity of employees.
The next challenge is to ensure that all staff adhere to the rules and policies put in place by IT and the c-suite. While many employees may have the best of intentions, malicious and — much more commonly — careless behaviour still causes damage, so protecting employees from the effects such carelessness is crucial.
A three-pronged approach
Increasingly, this means anticipating and responding to disruptive challenges across the organisation in question. As such, financial firms should undertake a shift in thinking and put technology – rather than finance – at the core of their business. UEBA (User and Entity Behaviour Analytics) and CASB (Cloud Access Security Broker) technologies together provide solutions to these challenges.
UEBA tracks what users are doing and how data is moving, flagging if user or data behaviour differs from what could be considered normal and safe. Whether authorised or not, employees can put data and systems at risk, even if they stay within the security policies managed by a CASB.
For example, a hacker that’s tricked an employee into divulging their credentials can move cloud data laterally from different applications to a cloud system, designed to surreptitiously withdraw the data afterwards. A recent survey found that hackers can exit a network within an hour, armed with prized data, so it’s vital to spot a compromised account before it’s too late.
CASB helps financial firms get the rules of engagement just right, as CASB security keeps users in line with an organisation’s cyber security policies. Typically, the CASB takes the form of a software tool or service, located on premises or in the cloud on the condition that data flowing between endpoints and cloud applications traverse through the CASB. It then extends a firm’s security policies and strategy out to cloud services, including those the organisation does not directly control.
It’s not just about technology, however; when it comes to securing the financial services industry, creating a culture of security through genuinely engaging staff training is fundamental.
This means it’s time to bin the PowerPoint slides and instead opt for regular social engineering tests with employees. On top of this, a cyber security audit and even printing out some posters to stick on the walls can help – certainly better than burying helpful information in a staff handbook.
What’s more, across all financial firms, there needs to be a clear shift in how the aftermath of security and data incidents are handled. All too often, blame is often the first port of call, when instead it’s much better to foster a culture of learning and understanding. If people fear the repercussions received should they fall for a phishing scam or similar, then the conversation and lessons learned throughout the company will never move forward.
Ultimately, while there’s no silver bullet, a multi-channel approach – in the form of a CASB, UEBA, and an educative security culture – is the best way to calm any fears of suffering a breach and non-compliance. When deployed securely, cloud technology acts not only as the motor that powers digital transformation in the financial services industry, but also serves as the central platform for profitable growth.
Sourced by Dr Jamie Graves, CEO and found of ZoneFox