ACCREDITATION BRINGS MUCH NEEDED CONFIDENCE TO FINANCIAL CLOUD COMPUTING
Migrating to the cloud is often considered a complex undertaking for financial organisations, especially with the diverse range of perceived risks associated with it. However, Nathan Johnston, from cloud computing IaaS provider Memset says measures like vendors securing respected and standardised CESG accreditation helps bring much needed confidence to the market.
Financial organisations have shunned away from the cloud for many years, missing out on the massive efficiencies and cost savings that can be gained from having access to on-demand, scalable IT resources. However recent improvements in cloud security and a wider variety of applications becoming available means this industry is set for significant growth.
So why haven’t financial institutions adopted the cloud as quickly as other industries? The confidential nature of the data processed through this kind of IT solution can cause business leaders to worry about outsourcing their requirements. Privacy and data protection are of high importance to financial institutions, often with huge monetary fines in place for breeching regulatory requirements.
Also, the lengths to which the National Security Agency (NSA), and other US law enforcement and security agencies, have exploited the Foreign Intelligence Surveillance Act (FISA) and Patriot Act to snoop on foreign electronic data have severely hampered cloud adoption.
Financial firms are further impacted by worries around availability, vendor lock-in and compliance.
Private Cloud: Financial organisations might want to consider using a private cloud for peace of mind over data being compromised in a public cloud scenario. For example, traders would be extremely nervous about having their proprietary trading strategies in the cloud in case a competitor on the same cloud could gain access to it. Since financial services operate in a highly regulated environment, a private cloud solution would bring added reassurance when moving data to the cloud.
UK-based Vendor: Using a fully UK-based cloud vendor with UK-based data centres and also a UK head office will ensure the data that you put in the cloud is protected from the NSA and the Patriot Act. If you use a US vendor, even if they have a dedicated UK office – they are still subject to the demands of the NSA, meaning they can hand your data over to the US authority at any time – despite what agreements they have in place with you.
Availability: IT managers are also concerned about the availability of applications deployed on the cloud. Make sure you carefully check a vendor’s Service Level Agreement (SLA) that will set out guaranteed uptime and so on.
Vendor Lock-In: Most cloud providers provide access to their resources through proprietary APIs. If you wish to switch to a different cloud vendor you are often faced with high costs to actually get your data out in a usable format.
As Memset’s entire Infrastructure-As-A-Service platform is built on open source software, data can be moved quickly and easily across many different cloud providers if required, helping to alleviate vendor lock-in.
Compliance: As there are no definitive regulations on how financial companies can use the cloud, the security accreditations gained by IT vendors can provide added peace of mind that they have the security and systems in place to keep your data safe.
For example, Memset have secured CESG accreditation for our cloud infrastructure up to Impact Level 2. This involved undergoing vigorous penetration testing by a third party who are tasked with trying to hack into and break our infrastructure. We easily passed this test and our systems were approved to hold secure government data.
Penetration tests are done annually and the PGA who carry out the accreditation process also check that the vendor has the relevant internal policies and procedures in place and staff are checked under the baseline personnel security standard for IL2, and Security Clearance checked for IL3 to ensure protection over systems and sensitive data, which is especially important for financial services.
Looking for a supplier holding IL2 or IL3 accreditation should give you further reassurance that your data will be safe.
If you are a financial services organisation that heavily relies on IT enabled services you can benefit massively from cloud computing. Cost savings, scalability, faster deployment times and increased mobility are just a handful of benefits that the cloud can bring to your organisation.