Overcoming Security Risks in Cloud Adoption for Banks | GBAF

Overcoming Security Risks in Cloud Adoption for Banks | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Top Stories > NAVIGATING DATA RESIDENCY & PRIVACY COMPLIANCE IN THE CLOUD

NAVIGATING DATA RESIDENCY & PRIVACY COMPLIANCE IN THE CLOUD

Published by Gbaf News

Posted on November 29, 2017

7 min read

Last updated: January 21, 2026

Boeing 737-800 crash at Muan International Airport in South Korea - Global Banking & Finance Review — A Boeing 737-800 aircraft crashed at Muan International Airport, killing at least 28. The incident highlights aviation safety concerns and emergency responses in South Korea.

By Niall Twomey, Fenergo CTO.

Niall Twomey

Niall Twomey

Security and data security concerns have traditionally topped the list of issues for lack of adoption of cloud technologies by banks.

In a survey conducted by Forrester Research a few years ago, it found that the top five reasons why US banks were avoiding cloud technology included.

Security (73%)
Privacy (63%)
Risk (59%)
Regulation (56%)
Technology Maturity (43%)

This has prevented financial services organizations from embracing the cloud, while their fintech and regtech peers embraced the technology and outpaced them in terms of bringing innovations to market.

The security tools and solutions used in an on-premise world just don’t apply in the same way in a cloud-environment. On-premise solutions have a defined perimeter to protect, however, cloud has no such perimeter, making threats appear unbounded.

For financial institutions to embrace the cloud, they must take appropriate measures to address security concerns. To do this, they need to deploy continuous security monitoring to their cloud environment to ensure that all threats are recognized and acted upon immediately at any time.

Managing Data Privacy Issues

While cloud opens up the world of data for banks, its global accessibility also increases the risk of violating data privacy rules. It is very important to get clarity on data residency, as it has implications in terms of both international and local data protections laws, such as the forthcoming General Data Protection Regulation (GDPR) in Europe.

In a Client Lifecycle Management scenario, this means that banks will need to incorporate provisions that ensure data privacy. One way to do this is through the implementation of a robust authorization framework. This framework should ensure that a set of rules are applied automatically to data being accessed, viewed or shared by an entity in a different jurisdiction. The rules should govern the following examples:

For jurisdictions that absolutely prohibit the sharing of client data outside of their borders, the solution should not grant access to or sharing of client data outside the domestic country;

For jurisdictions where sharing of data outside the jurisdiction is permitted by client consent, the solution should be capable of collecting, collating and reporting of consent on entity and jurisdictional attributes on the client profile.

Where jurisdictions grant the sharing of some data but not others outside of the country, the solution should be capable of masking the data prohibited to be viewed using implementations of defined interface, based on a user’s confidentially level and sensitive data permissions.

Where data cannot be shared with select countries, the solution should be capable of ensuring this through jurisdictional attributes on the profile.

Solving Data Residency in Cloud Client Lifecycle Management

By its very nature, cloud gives the impression of full accessibility and flexibility of services and data. However, managed properly, data can be managed securely and efficiently, even in a cloud environment. To do this, certain protocols and rules need to be put in place to ensure good governance over this process. For example, by implementing a clear separation of data in separate databases, banks can ensure that data is not inadvertently accessed, viewed or shared with any prohibited user or jurisdiction. Similarly, the rules should ensure that data initially available in a more restrictive jurisdiction is never shared with a less restrictive one. This ensures the standards of data privacy remains at its highest. Conversely, the solution should be capable of controlling duplication of data to more restrictive jurisdictions e.g. where initial data is available in a less restrictive jurisdiction, controlled updates of duplicated data or notifications of data changes should be sent from less restrictive to more restrictive jurisdictional instances.

Conclusion

The financial services industry is still in the early stages of cloud adoption and experimentation. Over the last two years especially, the cloud has transformed from being perhaps the most frowned upon technology in the banking industry due to security and regulatory concerns to an area of growth, opportunity and better client experience.

In the next five years, the financial services industry will look very different than it does today. Cloud adoption will be very much innovation as usual enabling all banks to become cloud-first firms that prize speed, innovation and accessibility.

By Niall Twomey, Fenergo CTO.

Niall Twomey

Niall Twomey

Security and data security concerns have traditionally topped the list of issues for lack of adoption of cloud technologies by banks.

In a survey conducted by Forrester Research a few years ago, it found that the top five reasons why US banks were avoiding cloud technology included.

Security (73%)
Privacy (63%)
Risk (59%)
Regulation (56%)
Technology Maturity (43%)

This has prevented financial services organizations from embracing the cloud, while their fintech and regtech peers embraced the technology and outpaced them in terms of bringing innovations to market.

The security tools and solutions used in an on-premise world just don’t apply in the same way in a cloud-environment. On-premise solutions have a defined perimeter to protect, however, cloud has no such perimeter, making threats appear unbounded.

For financial institutions to embrace the cloud, they must take appropriate measures to address security concerns. To do this, they need to deploy continuous security monitoring to their cloud environment to ensure that all threats are recognized and acted upon immediately at any time.

Managing Data Privacy Issues

While cloud opens up the world of data for banks, its global accessibility also increases the risk of violating data privacy rules. It is very important to get clarity on data residency, as it has implications in terms of both international and local data protections laws, such as the forthcoming General Data Protection Regulation (GDPR) in Europe.

In a Client Lifecycle Management scenario, this means that banks will need to incorporate provisions that ensure data privacy. One way to do this is through the implementation of a robust authorization framework. This framework should ensure that a set of rules are applied automatically to data being accessed, viewed or shared by an entity in a different jurisdiction. The rules should govern the following examples:

For jurisdictions that absolutely prohibit the sharing of client data outside of their borders, the solution should not grant access to or sharing of client data outside the domestic country;

For jurisdictions where sharing of data outside the jurisdiction is permitted by client consent, the solution should be capable of collecting, collating and reporting of consent on entity and jurisdictional attributes on the client profile.

Where jurisdictions grant the sharing of some data but not others outside of the country, the solution should be capable of masking the data prohibited to be viewed using implementations of defined interface, based on a user’s confidentially level and sensitive data permissions.

Where data cannot be shared with select countries, the solution should be capable of ensuring this through jurisdictional attributes on the profile.

Solving Data Residency in Cloud Client Lifecycle Management

By its very nature, cloud gives the impression of full accessibility and flexibility of services and data. However, managed properly, data can be managed securely and efficiently, even in a cloud environment. To do this, certain protocols and rules need to be put in place to ensure good governance over this process. For example, by implementing a clear separation of data in separate databases, banks can ensure that data is not inadvertently accessed, viewed or shared with any prohibited user or jurisdiction. Similarly, the rules should ensure that data initially available in a more restrictive jurisdiction is never shared with a less restrictive one. This ensures the standards of data privacy remains at its highest. Conversely, the solution should be capable of controlling duplication of data to more restrictive jurisdictions e.g. where initial data is available in a less restrictive jurisdiction, controlled updates of duplicated data or notifications of data changes should be sent from less restrictive to more restrictive jurisdictional instances.

Conclusion

The financial services industry is still in the early stages of cloud adoption and experimentation. Over the last two years especially, the cloud has transformed from being perhaps the most frowned upon technology in the banking industry due to security and regulatory concerns to an area of growth, opportunity and better client experience.

In the next five years, the financial services industry will look very different than it does today. Cloud adoption will be very much innovation as usual enabling all banks to become cloud-first firms that prize speed, innovation and accessibility.