Infrastructure

04:04 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Changing The Cloud Security Conversation

What are the pertinent questions banks should ask about security in the cloud?
Previous
5 of 5
Next


Matthew Neely, Director of Strategic Initiatives SecureState

The reality is that many businesses are not paying close attention to the contracts they sign with cloud providers, and don’t fully understand what the provider is responsible for and what they are responsible for.

It’s not really about the questions bank executives should be asking about cloud security, but rather the steps organizations should take.

The first step to take when you are looking to move processes or data to the cloud is to understand which controls must be in place to protect that business process or data.

Next, see if a cloud provider can implement the controls you require in order to protect your data. Depending on the size and maturity of your security program you may be able to get better security at a cloud provider then you can in house. However, these situations are rare for most financial institutions. For example, Amazon Web Services (AWS) CloudHSM allows you to implement hardware security modules (HSMs) to encrypt your data and protect the encryptions key. The ability to use HSMs to protect your data might not be an option in your current data center.

Once you have found a cloud provider that can meet your security requirements on paper, the next step is to perform an assessment to verify the controls are implemented properly.

If you do find a provider you are comfortable using, it is critical that your legal staff reviews the contract. The contract must include verbiage to ensure that it includes and implements the minimum list of controls.

Additionally, financial services institutions need to ensure they have the right to audit the cloud environment whenever they like. Organizations should perform follow-up audits at least annually to verify the required controls are still in place.

 

Peggy Bresnick Kendler has been a writer for 30 years. She has worked as an editor, publicist and school district technology coordinator. During the past decade, Bresnick Kendler has worked for UBM TechWeb on special financialservices technology-centered ... View Full Bio

Previous
5 of 5
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
11/12/2013 | 9:33:52 PM
re: Changing The Cloud Security Conversation
They might already be more secure. A cloud vendor likely has more resources to pour into security than any financial institutions' IT department.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
11/11/2013 | 9:24:49 PM
re: Changing The Cloud Security Conversation
Many cloud vendors are pouring a lot of resources into security. It's generally seen as the biggest barrier to adoption of their services. With all of that focus on security, the cloud vendors will probably get to the point where their services are the most secure on the market at some point. But we're probably not there yet.
Zarna Patel
50%
50%
Zarna Patel,
User Rank: Apprentice
11/11/2013 | 8:27:11 PM
re: Changing The Cloud Security Conversation
That's a good point about reading the contract and making sure to find a cloud provider that fits the needs of a financial institution by Mr Neely. Making sure the right security is in place at all times is just as important as initially securing.
KBurger
50%
50%
KBurger,
User Rank: Author
11/11/2013 | 4:21:05 PM
re: Changing The Cloud Security Conversation
It's interesting that these experts are suggesting there may actually be MORE security in the cloud than in alternative/traditional environments. I'm sure that's somewhat oversimplified, but it does illustrate that execs need to put aside assumptions and preconceptions about these emerging models and objectively assess what strategies truly will support business and operational requirements.
Byurcan
50%
50%
Byurcan,
User Rank: Author
11/9/2013 | 2:19:57 PM
re: Changing The Cloud Security Conversation
Cloud services provide too much potential to completely ignore. Like Howie mentions, it's good that cloud vendors can obtain these various industry certificates, so banks can know how legitimate of a cloud vendor they are dealing with.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.