The continued vulnerabilities of FinTech and cloud computing

By Keith Sonia | 1 November 2016

As more sensitive information is stored online, the sustained menace of cybercrime and fraud continues to grow and evolve. And it’s not just corporations and everyday citizens dealing with the possibility of cybersecurity breaches – cyberattack has reached a new peak thanks to the 2016 US presidential election. Many are pointing fingers at the Russian government and those at the top of politics in the US, including Clinton campaign chairman John Podesta, are finding much of what they once thought was private out in the open for public consumption.

Just last week, as many as 100,000 hijacked devices in the US were used to help cause a large disruption in service from websites that are customers of Dyn, a company that helps users find some of the web’s most popular sites online. The sites impacted by the three simultaneous attacks on Dyn included Google, PayPal, Twitter, and Reddit. There are no lead suspects in the attack, but some have wondered out loud if the attack served as a test run for future cyberattacks.

So, if entities and individuals such as the Clinton campaign and John Podesta, as well as web giants like Google display continued vulnerability to attack, just how safe are key pieces of data and information online and on the cloud?

The allure of the cloud remains the same: companies big and small contracting tech firms to house critical information in data centres they themselves did not have to build. Such outsourcing cuts costs dramatically, leading to an enhanced bottom line and, as cloud proponents would note, a more reliable service. This also allows for cloud-adopting businesses to churn out new products faster, enhancing a variety of markets with more technological development.

With that outsourcing, though, comes risks. Handing data over to third parties, often in remote locales, with different data centres, means that complex attacks can leave the customer scrambling to protect key pieces of data, often critical information of their own customers. Though security remains a concern, cloud proponents are quick to remind sceptics that instead of a few in-house IT staffers, most cloud solutions are staffed by extensive teams of security professionals that develop encryption tools designed to thwart the most seasoned of hackers and cyber criminals.

Amazon Web Services remains the industry’s largest provider of cloud services, with more than one million customers buying storage from the platform. It was recently a victim of the cyberattacks, but Andy Jassy, Amazon’s chief cloud computing executive, told the Wall Street Journal that he and his employer remain confident that cloud computing is the most secure way for companies to store their data and information, while also reiterating that security in general remained the most important issue for companies such as his, calling it “issue zero”.

So, although giants like Amazon are providing outstanding levels of security, how do customers remain at risk for cyberattack? As explained in EBN, breaches are usually the fault of the customer themselves. While Amazon, Google, Microsoft and others provide a standard of security, if a customer develops an application on top of a third party cloud program like those offered by the aforementioned companies, and they release it with a structural flaw like broken or bad code, they can roll out the red carpet for online agents of fraud, meaning the security provided by even the largest, most sound company is made to be completely useless.

Doing one’s homework, too, is of the utmost importance when it comes to shopping for a cloud services provider. Is the company you’re planning on handing over all of your information truly secure from an internal standpoint? Internal incidents have occurred in the past, and so it might be that the cloud is the most vulnerable when an engineer or designer leaves the door unlocked for hackers. When searching for a cloud providers, ensuring that they are running substantial checks on their developers is critical. Additionally, many cloud providers now offer checks on coding, which could potentially identify the mistakes of the customer. Or, the option of partnering with cloud providers to write critical pieces of code is available, and may prevent damaged coding in the long run.

It is that homework, and developing new behavioural traits when it comes to computing, that will help make the cloud more secure. As Sid Nag, research director for Gartner, recently commented: “The real security challenge is using public cloud services in a secure manner. More education is needed to help organisations overcome the hype associated with the security concerns.” With only a fraction of companies fully integrated on the cloud, there is a considerable track record of lackadaisical security procedures that customers bring on to the cloud, out of habit. They might view a traditional SaaS services as a be all end all when it comes to their overall security – much to the horror of seasoned professionals.

So, with the rapid development of technology offerings, and with a greater reliance on the cloud by everyone from governments to small business to corporate giants, education is the key to greater security in the long term. As executives and cloud professionals have routinely stated, it isn’t the cloud itself that is vulnerable; the architecture of the cloud itself is solid. Instead, it’s the continued belief in run of the mill security measures, as well as faulty engineering in building applications, that leaves critical customer data open to hackers. Until hackers feel like cloud services are purchased only by those with a forward-thinking, 21st century view of their cyber security, they’ll continue to see the cloud as a viable option for fraudulently acquiring key pieces of data.

By Keith Sonia

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development