By Alfredo Rubina, Vice President of Financial Services at SoftServe

How to securely embrace cloud networking

After years of cautious reluctance, a majority of banks and financial service providers have now turned to cloud solutions to digitize their IT architecture and manage big data.

In doing so, they are responding to increasing pressure that has emerged in recent years: while market conditions remain difficult due to low or negative interest rates, the demands and expectations of increasingly well-informed customers are growing. These, in turn, are being served by digital challengers in the financial environment with ever smarter and more user-friendly offerings. A vicious circle that the pandemic has further intensified with its digitalization push.

Innovation is therefore in demand. Most firms have realized that the enormous amount of data they hold represents a considerable asset. Managed in a smart way, it can provide knowledge and insight that can be used to react to changing market conditions in real time. Consistent and available data, provided by the appropriate cloud technology, thus becomes a significant factor for flexibility and agility.

Still a key factor for banks and financial service providers: cost savings. Cloud solutions enable them to use resources more efficiently and significantly reduce the costs of infrastructure, computing power and storage capacity. The added flexibility and elasticity also lead to significant savings.

In addition to innovative products and cost savings, many financial institutions also want to deploy modern, security-focused applications that offer machine learning and real-time threat analysis, for example.

But organizations have different needs, and many have already realized that not all cloud platforms offer the same capabilities. This is where multi-cloud environments come into play. This model allows workloads to be moved between any clouds in an environment – depending on what the optimal platform is at any given time. The multi-cloud model thus represents maximum automation, performance and security.

Nevertheless, financial institutions have so far mostly moved only smaller projects to a multi-cloud. This has allowed them to gain experience and take the first steps in developing new digital applications. But they find it difficult to take the decisive step of transferring business-critical data and applications there as well – even though they are aware that this would enable them to exploit the full potential for innovation and productivity and give them an edge over the competition. Why is that?

On the one hand, multi-cloud helps financial companies to implement new business models in an innovative and agile way. On the other hand, however, it presents them with challenges in terms of migration, operation and management. This is especially true for organizations with extensive legacy infrastructure in areas such as billing, accounting, availability, disaster recovery, security classifications and data locations.

For most financial services organizations, the biggest challenge in deploying multi-cloud applications is implementing consistent security policies across all enterprise applications. But security is paramount at a time when enterprise resilience is being tested daily.

Why cyberattacks are dangerous for banks

2020 and 2021 were challenging years for the cybersecurity world. Cyberattacks of all kinds were on the rise, posing new security challenges for banking institutions around the world. Since the pandemic hit hard in 2020, the shifting world we have found ourselves in has been especially beneficial to hackers. Meanwhile, technical innovations such as artificial intelligence, self-learning or adaptive malware are allowing cyberattacks to become more complex.

Banking data is extremely valuable, which leads to the banking industry being particularly exposed. Furthermore, the industry’s digital transition, which includes mobile banking and other online services, has left it vulnerable to cybercriminals. According to a Trend Micro report, ransomware attacks on banks climbed by a staggering 1318% in 2021. At the same time, fraud cases increased by 238 percent, and data breaches are on the rise. That’s why banking and cybersecurity must collaborate to guarantee data security and protection. Building a technological firewall must be the first step to protect sensitive data. The next one is to incorporate strong cybersecurity controls throughout the entire risk management process.

According to GlobalData, rising demand for cybersecurity in the retail banking industry will drive worldwide security sales up from $7.9 billion in 2019 to $9.8 billion by 2024.

Cloud migration security

Banks and financial service providers have realized that the cloud is more than a technology; it is a place where they can store data and applications and access advanced software applications over the internet:

• McKinsey predicts that in ten years 40% to 90% of banks workloads will be hosted on public cloud
• According to Accenture reports the banks increased their budgets dedicated to cloud from 9% to 12% between 2018 and 2020
• Bloomberg expects the number of fintech applications to run in the cloud to grow to over 80% by 2025

Using cloud computing technology is an extra advantage to the banking industry. However, with the potential for instant identification of potential breaches in security solutions for banking data, cloud solutions can also become vulnerable to cybersecurity risks. Institutions must ensure their cloud infrastructure is securely configured to prevent harmful breaches. Cloud technology offers a variety of security advantages, but when a breach does occur, it is typically the result of a bad configuration. Institutions should also ensure they are quickly implementing security patches when available to avoid vulnerabilities being exploited.

According to Novios’ study, there has been a recurrent problem of weak or default configuration of cloud-native security controls and default policies, putting business environments at risk. Lack of qualified people, complex rules, and poor cloud migration planning are the main causes of these issues. According to the ‘Cloud Security Report 2021’ from Cybersecurity Insiders, 96% of businesses are concerned about cloud security in some way. At the same time, 72% of respondents are either not at all confident or only moderately confident in their cloud system security. Cloud security, on the other hand, is a valid reason for cloud adoption, as cloud service providers invest more in security than most multinational corporations would ever be able to. Security is now an integral aspect of cloud service companies’ fundamental business processes, not just a support function.

How to protect data while traveling

It is crucial to understand that sensitive information security depends not only on high-level cybersecurity structures because another common source of data breaches is employee negligence. People have become increasingly reliant on rapid access to digital information. Remote access to business information became so simple thanks to smartphones, laptops, and tablets which can provide the employee with information access anytime, anywhere. The risk increases when traveling. Employees should be informed of the hazards they and the information they carry with them may face while traveling, as well as the steps they can take to mitigate this risk. The risk associated with the potential information disclosure depends on the nature and sensitivity of the information itself.

According to Shred-It industry research, 47% of business leaders said that human error was to blame for a data leak at their company. Hackers obtain access to valuable data through weaknesses created by lost devices or papers, poor password choices, and other errors. The consequences of this negligence could be dramatic. First, the cost of the breach identification, the investigation of what type of information has been stolen, and who has been affected by the breach. Depending on the damage, the business may be obligated to compensate affected customers. Second, the effects of a data breach often extend to the company’s public or private shares. Commonly, companies affected by a data breach are experiencing a drop in share prices sometimes even for months. The stolen personal information can also result in a lawsuit against the institution, causing not only reputational damage but also astronomical fees and possible jail time.

Companies must therefore ensure that private and business data are kept separate, for example by using company-owned laptops and smartphones: This prevents messenger services such as WhatsApp from accessing contact data without being asked. If mobile devices are centrally managed and equipped with company-approved software, the risk of hacker attacks can be minimized. Access rights should be assigned carefully; admin rights, for example, should only be granted to employees who really need them. If an employee has only limited rights, cybercriminals can also access less sensitive data.

Overall, employees should be better trained in the use of IT and sign declarations of commitment to protect business and trade secrets. They should store data uniquely on company servers or in the cloud, because locally stored data is lost with the mobile device. To ensure that no one can listen in, telephone and video conferences should be encrypted with randomly generated access codes and only secure Internet connections should be used.

However, there is no such thing as 100% data security on the go. That’s why it’s important to create awareness of security risks that occur outside the office.