Story image

Securing cloud platforms in the financial services sector

21 May 2018

Organisations in the financial services sector are faced with a unique set of challenges when it comes to IT security. They need to store large amounts of sensitive personal data in a secure manner yet face more stringent regulations than firms in other industries.

These challenges become particularly acute when cost and productivity demands push an organisation to use cloud platforms. While such platforms deliver significant advantages in terms of infrastructure security, they also create new security challenges – particularly around data access, credential compromise, and malware.

What’s more, the visibility and audit capabilities required for compliance with local and regional finserv regulations are not as readily served by traditional firewalls and endpoint security tools.

The pros and cons of the cloud

A key benefit of cloud is the lower operational cost and improved flexibility. Rather than having to establish and maintain on-premises infrastructure, cloud platforms are kept up-to-date, are readily accessible, and are scalable.

Improved flexibility occurs because where businesses are able to adapt as requirements change. This means in-house systems do not have to be designed to cope with future demands. Instead, the cloud platform can provide extra storage and processing capabilities ‘on demand’.

Despite these advantages, many are still wary of the cloud because of significant gaps around visibility and control over cloud data.  For example, without adequate security measures in place, staff might use unsanctioned cloud resources without the knowledge of the IT department.

Organisations that don’t know where data is being stored struggle to manage that data. This is particularly important in the financial sector because of the aforementioned strict regulatory requirements around data residency, ownership, and security.

A different approach to security

The strategy of centralised security at the device and network level – in other words having firewalls and endpoint agents in place – no longer works in an environment where many critical systems are moving to the cloud.

Once data shifts beyond the firewall and employees begin to access that data from uncontrolled, unmanaged devices, a new approach is required because privacy-conscious users are often reluctant to allow agents on their personal devices.

To overcome these challenges, many financial services firms are adopting a technology termed a cloud access security broker (CASB). A CASB offers many benefits, among them:

  • Comprehensive security
  • Regulatory compliance
  • Rapid deployment

1. Security

The first step in securing a cloud environment is adoption of discovery tools. IT can only secure services if they are aware of those services, aware of the relative risk each application poses, and empowered with tools to control data moving into these apps. At their core, these ‘Shadow IT Discovery’ services provide a way for IT managers to know exactly where data is going once it has left the organisation.

Security is also important after upload. An organisation should have the ability to identify sensitive data in the cloud and take action to protect that data where necessary. Capabilities like contextual access controls and data loss prevention (DLP) can help to classify and secure sensitive and regulated information.

In the financial services space, mobile security is also a critical component of a complete security strategy. Given the growth of BYOD and widespread use of managed mobile devices, a data-centric approach to security, wherein IT focuses on data protection as opposed to solely on device security, can be incredibly effective.

2. Regulatory compliance

Because the financial sector is among the most heavily regulated, cloud compliance is critical and dictates the processes and capabilities every organisation must have in place. Chief among these requirements is data protection.

Data protection in the cloud requires a deep level of control than can be achieved with granular data access policies as well as encryption. For structured data, encryption might include sensitive fields such as credit card numbers or personally identifiable information (PII).

When selecting security tools, a balance has to be struck between strength and usability. Industry-standard tools are recommended as they enable interoperability with systems that provide visibility and added control over cloud data.

To provide a further layer of security, any encryption keys should be held locally to reduce the chance of them falling into the wrong hands.

3. Rapid deployment

Unlike traditional security solutions, select CASBs are deployed in the cloud which removes the need to install and manage agents on client devices. As well as simplifying the rollout, it ensures the performance of endpoints is not constrained.

This approach also ensures employee privacy as there is no impact on personal data held on the device. Only corporate data falls under the purview of the organisation.

By selecting a CASB that offers this complete set of features and functions, a financial services organisation can be confident it has in place the technology required to maintain effective security of data in the cloud.

Article by Bitglass vice president of sales for Asia Pacific and Japan, David Shephard.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.