By Harish Grama, Global Practice Leader at Kyndryl
Cyber attackers are continuing to target the financial sector. In recent days, banks and credit unions of all sizes were hit with ransomware attacks on file transfer software, heightening fears about security risks financial institutions face when they migrate data to the cloud.
Public cloud security has long been a major concern for banks — with good reason. Financial services organizations are 300 times as likely to experience an attack or a breach as businesses in other industries. “Megabreaches” involving the theft of more than 50 million records cost businesses overall about $401 million an incident last year, according to the Ponemon Institute. That doesn’t include all the collateral impacts such as higher customer turnover, reputational damage and years of litigation.
While there are many reasons banks struggle with cloud security, here are five of the most common – and what they can do about it.
1. Choose the right cloud strategy.
Banks are discovering that public cloud is not always the answer. No enterprise in the future will be fully dependent on just one hyperscaler. The costs of moving data, the latency of edge services, sunk investments in local data centers, data residency requirements and the evolving capabilities of hybrid cloud management platforms have allowed banks to reconsider their approach to cloud. Banks that implement a hybrid cloud strategy enjoy the traditional benefits of cloud and can also integrate multiple applications and computing environments. It’s important to partner with a cloud-agnostic partner that utilizes the whole tech ecosystem to create a unified management system solution for enterprise clouds, networks and data centers.
2. Find a good partner to bridge the skills gap.
Financial services are faced with not only making sure their systems are secure and resilient, but also building the right cloud architecture, defining management models, determining which workloads are right for public cloud or private cloud, cloud migration and, managing the workloads and environment in a single pane of glass. More often than not, they do not have the right or enough in-house skills to manage these complexities. Managed service providers can help bridge the skills gap.
3. Lean into automation.
Cloud allows workloads to be enabled quicker and simpler, avoiding the human error from traditional legacy data centers. According to a recent Kyndryl-commissioned Forrester survey, 44% of organizations surveyed — including financial services companies — are faced with lack of automation, leading to human errors not being caught. And over a third also noted that they are not embedding security throughout their current operating models, leaving them open to vulnerabilities that could disrupt their business.
4. Focus on compliance controls.
Growing complexity from hybrid cloud growth, evolving regulations, and the variety of new technologies and IT environments in use are making risk and compliance challenges for companies.
With increased global governance over data privacy and protection, companies need comprehensive security controls to ensure that customer data is protected, and many must be compliant with the growing laws and regulations.
Cloud platforms enable banks to unify compliance and security practices at the policy level for simpler reporting. Organizations can tap into specialized compliance engines that stay up to date on regulations and changes while integrating with accounting systems. Cloud services can also look for potential disclosures of personally identifiable information and automatically delete records after their mandatory retention period ends. And their auditing engines are a big help when regulators come calling.
5. Understand that security is a shared responsibility.
The fundamental step to operating securely in the cloud is to understand that security is a shared responsibility. Cloud platform providers take care of locking down infrastructure, but banks must protect customer data on-premises, in transit and in the cloud. That’s no different from the responsibilities they assume in their data centers. Also, the major cloud infrastructure providers now all offer banking-specific platforms that have specialized controls and protections tuned to the needs of the industry.
While cloud is a path to modernization, banks must be equipped with the right tools for their journey.