The financial services industry is, after much wringing of hands about data security, moving computing operations to the cloud to save money, improve operations, increase agility, gain access to large-scale resources and improve security.
Given the sensitive nature of client data, financial firms have been slow to adopt the public cloud, but resisting cloud deployment based on security fears is becoming more of a thing of the past. IT people tended to overestimate the security measures deployed within their own walls as well as their ability to contain customer-data breaches. A recent report on the state of the security industry report showed that one-quarter of all data breaches take organizations weeks, or even months, to contain. By contrast, large cloud providers have security teams, systems and tools constantly monitoring operations.
It’s the business of cloud providers to supply computing power that is secure both on the perimeter and inside the data center. So while an individual machine may be running month-end banking statements in the afternoon and seismic modeling for an oil and gas exploration late at night, the data is securely ensconced behind internal firewalls that protect each virtual machine. What’s more, cloud provider infrastructures that require certification are subject to regular audits from consulting firms that specialize in IT security.
The very complexity of cloud operations also provides a layer of security. Even if cyber criminals know the specific cloud provider an institution uses, they’d still have to find the right data center and gain access. Even then, there’s still substantial internal security left to breach. Businesses that store information on their own servers offer a comparatively easier target than those that use the cloud.
For those hesitant to to join the public cloud, there are providers that offer private clouds where virtual machines can be dynamically allocated inside the provider’s firewall. This may limit the savings, flexibility or sophisticated resource management of using the very large multi-tenant public cloud providers. Still, there are decent compromises as some banks, asset managers and advanced trading firms are increasingly moving key operations to an in-between state known as a virtual multi-service public cloud operation. Whichever way banks choose to go, all financial firms that move to some kind of cloud are still responsible for their data security. Sensitive data should be encrypted both in transit and while stored. Access control remains the most important function in securing the bank’s information. If a client of a cloud provider insists on doing its own police work, the public cloud offers systems administration as well as plenty of tools for intrusion detection.
Internationally, regulators are warming to moving finance to the cloud. Asian regulators, eager to assist their financial institutions to compete, are active in promoting cloud solutions. In 2013, Denmark’s banking regular approved several cloud providers for finance organizations. A Dutch company formed to provide financial services solely through the cloud now has one asset manager, an insurance company/wealth manager and two banks on its platform. One banking software company features microfinance clients, a small bank in Africa and two community banks in the United States running its banking software on the cloud.
As banks face challenging new rules on capital, the cloud offers a way to upgrade infrastructure without huge capital expenditures. Operating expenses can instead go towards minimizing the impact of modernization on their balance sheets.
This article was written by Tom Groenfeldt from Forbes and was legally licensed through the NewsCred publisher network.