Will the security benefits of cloud computing outweigh its risks in 2022?

Stakeholders and executives of financial organisations remain on the fence about whether the advantages of cloud computing outweigh the potential risks of trusting sensitive information to remote servers. With the current demands on banks’ IT infrastructure and front-, middle-, and back-office staff, and the implementation of Basel IV pushed forward to January 1, 2023, this year may be a good time to transition ever-growing IT infrastructure to the cloud.

Cloud computing is becoming increasingly attractive to—and indispensable for—financial organisations. The cloud has the potential to completely change the financial services landscape. Banks can take advantage of cloud technologies to improve their entire risk management systems and to access fast, high-end technologies on an ‘as-needed’ basis. As a result of switching to cloud computing, many services can be delivered with reduced up-front capital outlay and IT expenses.

The current state of cloud computing allows financial organisations to access any modern core banking system offering without any loss in cost-effectiveness. This not only enables banks to save costs, but also increases data processing speed and improves the quality of the financial services they provide.

Despite possible initial hurdles in implementing cloud technologies, such as security risks, reliability issues, and problems with business continuity planning, the extra flexibility and scalability provided by the cloud far outweigh the negative aspects. If an organisation can ensure effective corporate governance and security by performing vigorous endpoint management and IT policy management, the cloud will provide many security benefits.

Security benefits of cloud computing

Some IT professionals still overlook the fact data can be more secure in the cloud than in a physical data center. They continue to see data which has been stored in the cloud as a vulnerable asset, raising security, privacy, and compliance concerns.

It is true some engineers are so focused on getting to the cloud they do not initially put the time into setting up security, governance, and auditing. In the best-case scenario, the organisation only has a permissions nightmare to deal with, even though incorporating proper governance will still be a painful and expensive process. In the worst case, neglecting security in a rush to the cloud can result in a data breach or the deletion of all of IaC (Infrastructure as Code to automate cloud resource deployments) and backups.

The cloud is very different from a traditional data center, and banks need to approach their data management differently as a result. Otherwise, the cloud could end up being an extra expensive data center should financial firms choose to throw their legacy technology into it.

Cloud computing has the resources to ensure high levels of security and prevent data breaches, but it is imperative an organisation implement vigorous endpoint management and IT policy management to gain the maximum benefit.

The cloud uses a unique key to encrypt your data

Unlike traditional data centers, which typically rely on physical defenses to prevent unauthorized access to data, public clouds, such as Amazon Web Service or Microsoft’s Azure, allow server-side 256-bit encryption to protect files. These files remain encrypted when they are transferred within the network or saved to cloud storage.

Data objects sent to the cloud server by the client/user are also deduplicated and compressed. In this case, if a third party were to gain access to the data, they would be forced not only to decrypt the objects without the AES (Advanced Encryption Standard) 256-bit encryption key, but also to uncompress and reassemble them into readable files.

High-performance file access is provided and protected through cache servers

When high-performance access to a file is required, the cloud infrastructure can be modified accordingly by deploying virtual or physical cache servers. As with traditional file servers and NAS (Network-Attached Storage) devices, these servers cache only the active files needed for local, high-speed access, thus reducing storage needs and costs.

Cloud storage data and metadata are encrypted and unavailable in their ‘at-rest’ format, so a cache server is required to access them. This server, in turn, provides its own additional security, such as closed unused protocol ports, no open back-end access, additional encryption between the client and the directory server, and self-encrypting drives.

Lightweight directory access protocol authentication policies 

The same reliable authentication procedures and access tools as in an on-premises data center can be used for cloud deployments. For instance, access to remote data can be provided though standard file sharing protocols such as SMB (Server Message Block) 1, 2, and 3 or NFS (Near-Field Communication) v3 and v4, in exactly the same way as if traditional file servers or NAS (Network-Attached Storage) devices were used.

Additionally, AD (Active Directory) permissions, which are controlled by the bank’s system administrator, manage data access. An authenticated user can access only the data that is visible to them, and the rest of the data is protected through group- or user-specific policies. Moreover, the support of Active Directory trust relationships allows the creation of logical links and the application of policies between users and domains within the system.

Immutable, unchangeable file data with infinite version histories

The cloud easily surpasses the capabilities of traditional data storage when it comes to the protection of data against accidental or intentional mistakes and system failures which would otherwise lead to data corruptions.

Writing data to cloud storage is done using a WORM (Write Once Read Many) model, in which new data is always appended (added to the existing one) and never replaced or overwritten. The system creates snapshots of data at assigned intervals in order to be able to instantly recover any set of data in case any server-side or related problems occur.

Cloud data centers are highly certified and regulated

Third party regulations and certifications ensure data is secure. All public clouds, such as AWS, Azure, or GCP, are required to go through extensive third-party certifications, e.g., HIPAA, HITECH, Soc2, PCI, and ITAR, to ensure all data is properly protected.

Consequently, they meet important audit and compliance requirements. Should a financial institution transfer its data to the cloud, it will meet all these requirements automatically. Should a financial institution transfer its data to the cloud, it will meet all these requirements automatically.

Popular file security solutions support cloud-based storage

In the past, many data and file security solutions (such as firewalls and antivirus software only supported traditional NAS (Network-Attached Storage) software to detect and stop cyber threats. Today, the same integration capabilities are available when using cloud-based file storage.

Cloud solutions now allow high levels of flexibility when it comes to integration. This provides banks with the ability to find and isolate sensitive data, visualise data access, adopt and manage a least privilege access model, and streamline compliance activities.

Moreover, it allows unstructured data to be securely stored by financial institutions in public or on-premises cloud storage, where the cache server, as an extra layer of protection, processes the actively used data whenever high-performance access is required.

Importance of cloud computing security in 2022

Working with on-premises deployment creates a false sense of security because of the perception the network itself is protected by a physical boundary. However, only the most sensitive networks operate in an ‘air-gap mode’ without any outside access. Of course, providing remote access opens systems up to certain cybersecurity risks, but in the cloud, there is also less risk of misconfiguration, and all those risks are more easily mitigated by using standard security infrastructure and features, and standard security audit tools.

While cybersecurity risks exist in both on-premises and cloud environments, cloud systems are better protected than on-premises or data center deployments. It is notable many of the recent major hacks occurred in on-premises networks or hybrid environments rather than in purely cloud-based systems.

An optimally running cloud solution reduces cybersecurity risks through the use of a standard set of cloud services and technologies, which present less penetration risk than non-standard on-premises or hybrid networks.

Banking risk management functions will receive tangible benefits from cloud computing, but leaders of banks’ risk departments still face significant challenges when migrating to the cloud. With the increased number of cloud adoptions in finance, the importance of day one security, governance, and auditing should not be downplayed by a financial organization’s management. Failing to take these factors seriously will undoubtedly lead to the disruption of business operations and could damage the organisation’s reputation owing to financial and legal issues.

To prevent disasters and secure a bank’s data in the cloud more effectively, they should set up multiple layers of security. For large banks and other financial organisations, it is better to set up risk management functions with a private cloud provider. Small- and medium-sized businesses, on the other hand, would benefit from taking advantage of the public cloud service providers in order to grow their business and connect data securely. For highly secure operations, it is better to use a private cloud. If you use a public cloud for the upper layer of your organisation’s operations, a hybrid cloud solution might also be a good option.

Moreover, hosting a cloud storage system in your own data center within a security perimeter can be just as efficient for your organisation. Private cloud solutions deployed in a private data center possess all the benefits of public clouds, including 256-bit encryption, compression, deduplication, and modular building blocks that can scale at a comparatively low cost.

By partnering with CompatibL, financial institutions can ensure they are always in control of their sensitive corporate and private information, and are compliant with the current and upcoming regulatory capital requirements.

 

• Read more under:
• Announcements
• Artificial Intelligence