What Every Financial Institution Should Look for from Its Cloud Vendors

What Every Financial Institution Should Look for from Its Cloud Vendors

Dan Dosen,

General Manager Cloud Services at iManage

As General Manager, Dan is responsible for the commercial aspects of the iManage cloud including customer onboarding, security-compliance and cloud roadmap. Most recently he was VP Business Development at Microsystems and VP Product Management at SpringCM.

Views 536

What Every Financial Institution Should Look for from Its Cloud Vendors

23.04.2019 08:30 am

The cloud model is gathering pace as the preferred environment for software deployments among financial services enterprises of all stripes, from fund managers and asset managers, to insurance brokerages and commercial banking institutions.

This is all well and good, because the cloud offers significant benefits to these institutions, ranging from increased agility and reduced capital expenditure, to greater performance and availability for their mission-critical applications.

In many cases, the cloud also offers the potential for greater security because a cloud vendor can devote far more time, staff, and resources towards creating a secure environment than a financial services company could. Building and maintaining the infrastructure for an on-premises deployment and keeping it secure from a barrage of threats is a 24/7 job, and many finance institutions are more than happy to let a cloud vendor shoulder that burden.

Here’s the thing, though: not all clouds are created equal when it comes to security.

In an era when cyber criminals and other bad actors are exploiting every technology loophole and potential human vulnerability to breach enterprise networks, financial institutions can’t afford to take chances on a cloud software provider that hasn’t shored up its own defences.

What Makes A Trustworthy Cloud?

There is a checklist that any financial institution should run through when evaluating cloud providers. Sitting at the top of the list is the question of whether or not that cloud provider is following a Zero Trust model.

Traditional enterprises, including legacy cloud vendors, have a security model that presumes a great deal of trust of internal networks, administrators, users and other resources in the environment. These resources may get automatic privileged access making the enterprise more vulnerable to sophisticated attacks.

Assuming that people within the network are automatically trustworthy doesn’t always work out so well – just ask SunTrust Financial Services, which experienced a breach that potentially impacted the data of 1.5 million customers in April 2018.

The way to avoid these types of breaches is through a Zero Trust model which assumes that no resources – either internal or external – can be implicitly trusted, greatly minimising the potential for data leaks.

It’s important to note that the Zero Trust approach needs to permeate every aspect of a cloud offering – from the datacenters, through infrastructure and process design, down to the system and application levels. When it comes to safeguarding sensitive financial data, it’s not enough for Zero Trust to exist in one area of a vendor’s cloud, but not others.

Customer Managed Encryption Keys (CMEK) are another essential component that financial services organisations should look for in any cloud offering. The CMEK is an encryption key that the customer generates and manages with a third-party service provider. The cloud provider never receives or stores a copy of this key.

Why is this important? Because it ensures that encrypted information can’t be decrypted unless the customer himself hands over the key and “unlocks” the data. This gives customers confidence that their private financial details will remain private – not just in the event of a breach, but in the event that a cloud provider is compelled to hand over data by an investigatory body or governmental agency.

Keeping data secure in today’s financial landscape also means keeping it properly domiciled. Woe to the financial services organization who runs afoul of the European Union’s General Data Protection Regulation (GDPR) or other recent regulations that require customer data to stay within a specific geographic boundary.

A cloud offering with geo-isolation capabilities solves this problem, ensuring that all services performed on customer data – encryption, optical character recognition (OCR), document preview, and so on – are performed solely in one specific geographic location.

For any finance company that’s using the cloud to manage their most important documents and emails – including policies and proposals, contracts, client communications, compliance documentation, and other essential paperwork – this capability isn’t a “nice to have” – it’s a “need to have.”

Choose Wisely

When it comes to security, the cloud service must be a key component of a financial institution’s overall security strategy. Picking a vendor who isn’t properly equipped to deal with today’s security demands can have catastrophic consequences.

Does the vendor follow a Zero Trust model? Do they offer CMEK? Do they have geo-isolation capabilities?

By seeking out cloud vendors with these qualities, financial institutions can give themselves – and the customers they serve – the confidence of knowing they’re taking an uncompromising approach to security in all aspects of their environment.

Latest blogs

John Jannes IHS Markit

Best Execution in the US: Three Things Broker-Dealers Need to Think About​

As we head into 2020, US broker-dealers are preparing for new mandates on how they report transactions back to customers. The requirements – established by the Securities and Exchange Commission’s (SEC) updates to Rule 606 – aim to bring investors Read more »

Nish Kotecha Finboot

Blockchain’s role in energy supply chains and the fight against climate change

Two topics dominated September’s UN General Assembly, at times provoking fiery debate. World leaders gathered in New York amid simmering tensions in the Middle East. The recent attacks on key Saudi Arabian oil facilities prompted questions about how Read more »

Denis Novikov Qulix Systems

How Can Digital Customer Onboarding in Banks Increase Sales and Build Loyalty?

While banking product portfolios tend to become similar, banks must select between 2 most popular strategies (or combine them): to compete in pricing or to focus on customer experience improvement.  If you prefer the first strategy, you may skip Read more »

Nick Ogden Worldpay

Worldpay founder Nick Ogden tops Payments Power 10 and other highlights from PayExpo 2019

Last week, fintech, banking, retail and gaming professionals attended the UK’s largest payments event, PayExpo 2019. Event attendees visited a series of conference sessions, debates and networking opportunities – and start-ups had the chance to Read more »

Lina Andolf-Orup Fingerprints

Finger on the pulse! The Countdown to 2020 has Begun

With 2020 in sight, now is the perfect time to pause and reflect on the past three months and see how the world of biometrics has evolved since our last update. With everything from high profile announcements to some news you may not have heard, Q3 Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel