Infrastructure

04:04 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Changing The Cloud Security Conversation

What are the pertinent questions banks should ask about security in the cloud?
Previous
2 of 5
Next


Chris Rezek, Consultant
McKinsey & Company

Cloud computing is being rapidly adopted by enterprise IT, but concerns about trust are still inhibiting the rate of that adoption, particularly for financial services and public cloud.

To enable prudent cloud adoption, enterprises should expand scope beyond technology-focused security questions to include key risk management issues, such as transparency, governance, and compliance.

Bank executives should ask themselves four questions: How much value do we leave on the table if we do not adopt cloud? How pervasive is unofficial cloud adoption already, across the organization? What concentration risks do we create or avoid through managing distribution of data? Can we achieve cloud scale with in-house demand alone (i.e., private cloud)?

In addition, they should also ask vendors four questions: What level of transparency and control will the provider deliver? What third-party inspections and certifications are available? How will our compliance requirements be met for each jurisdiction? What level of access to physical and logical systems do we retain?

Instead of making binary, enterprise-wide decisions about cloud, organizations should understand and balance the benefits and risks of available cloud offerings. Adoption decisions should be structured around individual workloads and data and avoid enterprise-wide blanket cloud bans.

Banks should reduce legal exposure through a prudent contracting approach, while at the same time recognizing the essential novelty of the legal environment and unavoidable uncertainty. Key contract elements include the right to audit, right to transparency and reporting, coverage of compliance requirements, and visibility and consideration of the full supply chain (i.e., the cloud provider's service providers).

Cloud can deliver new benefits, along with new risks. Cloud solutions can improve transparency, simplify log and event management and enable more centralized planning. A business- and risk management-focused approach can enable banks to take advantage of efficient, flexible cloud solutions while still protecting data and delivering security.

 

Peggy Bresnick Kendler has been a writer for 30 years. She has worked as an editor, publicist and school district technology coordinator. During the past decade, Bresnick Kendler has worked for UBM TechWeb on special financialservices technology-centered ... View Full Bio

Previous
2 of 5
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
11/12/2013 | 9:33:52 PM
re: Changing The Cloud Security Conversation
They might already be more secure. A cloud vendor likely has more resources to pour into security than any financial institutions' IT department.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
11/11/2013 | 9:24:49 PM
re: Changing The Cloud Security Conversation
Many cloud vendors are pouring a lot of resources into security. It's generally seen as the biggest barrier to adoption of their services. With all of that focus on security, the cloud vendors will probably get to the point where their services are the most secure on the market at some point. But we're probably not there yet.
Zarna Patel
50%
50%
Zarna Patel,
User Rank: Apprentice
11/11/2013 | 8:27:11 PM
re: Changing The Cloud Security Conversation
That's a good point about reading the contract and making sure to find a cloud provider that fits the needs of a financial institution by Mr Neely. Making sure the right security is in place at all times is just as important as initially securing.
KBurger
50%
50%
KBurger,
User Rank: Author
11/11/2013 | 4:21:05 PM
re: Changing The Cloud Security Conversation
It's interesting that these experts are suggesting there may actually be MORE security in the cloud than in alternative/traditional environments. I'm sure that's somewhat oversimplified, but it does illustrate that execs need to put aside assumptions and preconceptions about these emerging models and objectively assess what strategies truly will support business and operational requirements.
Byurcan
50%
50%
Byurcan,
User Rank: Author
11/9/2013 | 2:19:57 PM
re: Changing The Cloud Security Conversation
Cloud services provide too much potential to completely ignore. Like Howie mentions, it's good that cloud vendors can obtain these various industry certificates, so banks can know how legitimate of a cloud vendor they are dealing with.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Dec. 2, 2014
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.