Cloud, General, Security

Survey Says… Banks Remain Unconvinced About Cloud

 

  • Banks Just Getting Started with Cloud
  • Stronger Auditing Mechanisms Desired
  • Purpose of the Survey & Background of the Project
  • Step into the Cloud Control Matrix

Banks Just Getting Started with Cloud

Cloud technology is gaining traction in the finance world. However, banks and other financial companies aren’t moving to the cloud as quickly as many industries are. Fresh data from a trusted industry group, as reported by David Bannister in Banking Technology, reveals that a large amount of banks are only in the beginning stages of cloud development, still unsure about how to manage privacy and security.

The survey, conducted by the Cloud Security Alliance (CSA), asked IT professionals how cloud is used within their organizations, revealing that:

  • Three in five (61%) company cloud plans are still in their infancies.
  • Almost one in five (18%) will incorporate private clouds in some way.
  • Almost half (39-47%) will eventually implement a hybrid system consisting of traditional servers, private clouds, and public VMs.
  • Zero (0%) of the banks and other institutions said they were migrating more than 50% of their software to cloud environments.

The findings of the poll also demonstrate that banks are less likely to exhibit extreme caution toward the cloud when their operations are fundamentally based on electronic transfer. Among cash transfer institutions, just 3% reported stringent rules related to cloud.

“The results of this report are insightful into understanding how the financial services industry is progressing in terms of cloud adoption and how cloud providers can best serve their interests and needs,” explains Cloud Security Alliance head Jim Reavis.

Stronger Auditing Mechanisms Desired

Most finance companies (57%) want to see more robust encryption methods in cloud settings, but there is even more demand for standardized and comprehensive auditing tools, with four in five firms (80%) reporting that providers should be more transparent.

Banks are certainly wanting to move whatever they can to cloud systems, though. The top two reasons finance establishments choose cloud are the limitless adaptability of resources (68%) and ability to provision virtual machine almost immediately.

The types of applications most often chosen for cloud delivery are:

  • Customer relationship management apps – 46%
  • DevOps and software creation – 45%
  • Email – 41%
  • Backend-as-a-service (BaaS) – 20%
  • Desktop-as-a-service (DaaS) – 14%.

The financial industry must keep a close eye on user protection as determined by a number of filters, which results in a plethora of compliance concerns – with top priorities including:

  • Safeguarding at the level of the data itself – 75%
  • The institution’s policies and procedures – 68%
  • Payment card industry data security standard – 54%.
  • Federal guidelines – 47%.

CipherCloud security VP Chenxi Wang said that the results of the survey were definitely optimistic, suggesting that cloud was becoming increasingly popular among banks and similar organizations. More importantly, it gave providers a stronger sense of how to attract the attention of these organizations: “There’s plenty of room for growth, particularly for providers who can fill the void for the auditing and data protection controls that are at the top of respondents’ cloud wish list.”

Purpose of the Survey & Background of the Project

The poll actually was broader in scope than the IT departments of finance institutions. Leadership at federal agencies, insurance companies, and security firms were questioned as well to accurately gauge the finance cloud from various angles, incorporating:

  • The process of streamlining mechanisms and applying industry standards
  • Determination of the best internal guidelines for users
  • Development of the most valuable training approaches.

The survey was compiled using information collected from over 100 IT businesspeople from a diverse spectrum of markets and organizational complexities. Participants were based throughout all major global regions. The poll was carried out in collaboration between the CSA and CipherCloud, in order for cloud providers to better be able to meet the needs of financial entities.

The poll was handled by a project within the CSA called the Financial Services Working Group. The next effort by that body will be to focus on best practices related to the finance cloud. The consortium is codirected by BBVA risk management director Juan Francisco Losa and CaixaBank data protection chief Mario Maawad. Anyone who wants to be a part of the project can email financial-services-leadership@cloudsecurityalliance.org.

Step into the Cloud Control Matrix

The CSA is a well-respected industry organization, with executives from major enterprises including Coca-Cola and Microsoft. The CSA is known for its Cloud Controls Matrix (CCM), a model “specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.” The matrix is based fundamentally on critical industry standards such as PCI DSS and ISO 27001.

This tool created by the CSA is helpful in identifying providers who really deserve your business so you don’t have to feel like you are stepping through a field of landmines. If you really want security, it’s wise to choose a provider who has itself been certified to meet the specifications of PCI DSS, SSAE 16, ISO 9001:2008, and ISO 27001.

By Kent Roberts

Free Use Image via Wikipedia