Big Bank Public Cloud Adoption Accelerates Need for Security Controls

July 26, 2016 |

Researchers at Deutsche Bank predict that big banks’ use of cloud will ramp up “materially” in 2017. The cause? Pressure to cut costs and increase flexibility of IT environments.

Reticent to Adopt

While financial institutions have been slow to adopt public cloud usage due to perceived security and regulatory risks, that’s all set to change. Up until now, Deutsche Bank suggests that use of public cloud by big global banks is “very small,” however that it’s expected to grow. DB researchers Karl Keristead and Ross Sandler said:

“Some bank IT executives are telling us that they could go from zero use of the cloud compute or IaaS model today to 20%-30% (mostly for dev/test workloads) within 3 years. That would be extraordinary growth trajectory.”

However, “it has only been in the last six to nine months that [these banks] have moved beyond talking about [public cloud] to actually drawing up internal plans to ramp up usage.”

Big Banks See the Money

Adopting public cloud could save these financial institutions significant money. Consider that in the US, a MeriTalk survey of federal IT managers revealed that they believe the government can save more than $10 billion annually from datacenter consolidation and cloud adoption. Could finance see the same sort of savings? The evidence clearly says yes as the pressure to cut costs point to the public cloud.

Bank Centric Cloud Providers

The Deutsche Bank research also suggests that the drive to public cloud is also as a result of public cloud vendors like Amazon Web Services (AWS) and Microsoft Azure becoming more compliance centric in order to cater to the financial services industry.

Research from the Cloud Security Alliance analyzing the adoption of cloud solutions and requirements from financial institutions shows that:

  • As cloud computing becomes more prevalent throughout the financial sector, a mixed strategy of leveraging both private and public clouds emerge as the norm for most businesses.
  • Data protection is a preeminent security concern for the financial sector moving to the cloud. In particular, data protection standards and relevant laws are “top of mind.”
  • Industry regulation drives compliance requiring financial institutions to implement specific security measures to consider migrating to cloud services.

Banks Driving Adoption and Security Solutions for Public Cloud

As reported by the Wall Street Journal:

  • Steven Randich, CIO of the Financial Industry Regulatory Authority, told CIO Journal earlier this year that banks have grown more receptive to the cloud as they develop a better understanding of its potential benefits and become more comfortable with security features such as end-to-end encryption. FINRA processes 90% of its data – including all of its market surveillance capabilities – on AWS.
  • J.P. Morgan Chase & Co. is exploring some uses of Amazon’s public cloud to cut expenses and achieve more flexible storage. People familiar with the matter said at the time that the bank thinks it could save hundreds of millions of dollars if it moves toward the cloud.
  • Synchrony Financial CIO Carol Juel said that the public cloud “is well tested in performance,” but security capabilities are not as well proven. We have to make sure controls are there so banks and financial institutions can feel comfortable.”

Deutsche Bank suggested that still, banks will proceed with caution moving lower-risk computing workloads for development and testing, or applications that aren’t mission critical.

Public Cloud Security is a Shared Responsibility

As outlined by AWS, public cloud security is a shared responsibility. AWS takes responsibility for security ‘of’ the cloud, but puts the onus on the customer for security ‘in’ the cloud. For big banks adopting cloud, this needs to be a consideration as they balance tightly controlled access by providers like AWS with wide open access that could increase the risk of a security and compliance breaches.

A new network security paradigm championed by the Cloud Security Alliance which wraps network permissions around each unique user is essential for any bank wanting to adopt public cloud. Called a Software-Defined-Perimeter, it offers:

  • An individualized perimeter for each user
  • Fine-grained authorization for on-premises and cloud
  • Contextual awareness that drives access and authentication
  • Simplified firewall and security group rules
  • Dynamic adjustment to new cloud server instances
  • Consistent access policies across heterogeneous environments

When adopting public cloud, organizations should be mindful that individuals should only ever have access to the resources they need to do their job, and this should only ever be granted in reasonable contexts. Otherwise, there’s nothing stopping them from spending their downtime trawling entire network segments for sensitive information – and in the financial services industry there is a lot of sensitive and regulated information!

Learn more about how Cryptzone simplifies AWS security with our network access software that provides user control, operational agility and compliance.

Simpler, More Seucre AWS Access Control. Fix Issues that Static, IP address-based AWS security groups can't control. Get the infographic now.

Back to Blog Home

Paul Campaniello

Paul Campaniello is the Chief Marketing Officer for Cryptzone where he is responsible for worldwide marketing strategy, execution and sales support. Paul has over 25 years of experience with software startup companies.

He has held several senior marketing and sales positions including CMO/VP of Marketing at ScaleBase, Mendix, Lumigent, ComBrio and Savantis. Prior to Savantis, he was at Precise Software, where he helped build Precise from a startup to $100 million prior to going public and being acquired by VERITAS for $640 million.

Paul holds both a BS and an MBA from Bentley University.

Leave a Reply

Your email address will not be published. Required fields are marked *