11:20 AM
Connect Directly

Can the Cloud Ever Be Safe?

Can banks trust their client data to the cloud? Absolutely, say the experts, who suggest financial institutions manage the risks of cloud-based services as they would outsourcing risks -- only with more caution.

Moving Beyond the Basics

And while Barker acknowledges that the caution on the part of smaller banks has mostly been warranted over the past few years, he says, "It's time to start taking a serious look at options that are out there." According to Barker, the FFIEC's recent guidelines will be helpful for banks traversing into cloud services for the first time, but he wishes the organization would have gone a bit further. "The guidelines were a bit light, but they did capture the salient points, especially about due diligence when choosing a cloud provider," he says. "They are covering the basics, but there's a lot more they should be covering. Cloud providers have certainly matured, but you really have to do your research."

Because of security fears, only one in five mobile phone users has banked via a mobile app in the past year, the Federal Reserve reports. While it is harder than ever to secure the increasingly mobile-based, real-time and open-access enterprise, it's also more important than ever. Bank Systems & Technology's security special digital issue examines the strategies and tools banks are using to provide an exceptional customer experience without compromising safety.

One of the most important questions a bank searching for a cloud provider needs to ask, says Barker, is if it can pull its data out of the cloud immediately if necessary. "Can I physically pull my data back and use it in the event of some breach or failure [on the part of the cloud provider]?"

Another critical issue for banks is a lack of standardization among cloud providers, Barker adds, noting that different providers have different data formats. But in general, banks should use the same diligence they use when choosing to outsource any services, he says, sounding a similar note to the FFIEC. "It's no different than any other outsourcing agreement with any company," Barker contends. "It's the same issues as with anyone else running the technology for your bank."

Like Barker, Chris Richter, VP of security services for St. Louis-based Savvis, a cloud infrastructure and hosted IT services provider, believes the FFIEC's guidelines only scratch the surface of what banks need to consider when choosing a cloud services provider. "A lot of it was common sense," he says. "They need to go deeper and provide more guidelines."

Richter notes, however, that there are services and organizations that are available to banks to help them research options and make the right decisions when choosing cloud providers. According to Richter, the National Institute of Standards and Technology, a non-regulatory federal agency, has issued its own cloud computing guidelines. He also points to the the Cloud Security Alliance, an industry association that provides education and promotes best practices for cloud computing, as another tool for banks seeking help choosing a cloud provider.

"No two clouds are created equal," asserts Richter, which is why it is so important for banks to do the proper research into cloud providers and know exactly what type of cloud services they are looking for. But, he adds, all banks can benefit from using the cloud in some capacity. "When you look at efficiency and staying competitive by reducing costs," Richter says, "banks really need to consider cloud computing."

Sidebar: Welcome to the Neighborhood

The difficulty of making sure data is secure in a multi-tenant environment such as a cloud is pushing some banks to rethink current cloud computing models. Rather than take their chances in a public cloud or build an expensive internal cloud, many financial institutions are moving toward a "community cloud" model, in which all of the tenants are fellow banks, according to Jon Ramsey, chief technology officer for SecureWorks, a Dell subsidiary based in Atlanta that provides managed security services.

"One of the inhibitors to adopting cloud-based services in banks is data security, specifically: How do you guarantee the authenticity of that data when it's not within your direct control?" he says. "Having fellow banks being the only tenants is one way to mitigate that."

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.