Cloud Security | Is the Cloud Safe for Banks?

Moving data from local systems to the cloud can feel incredibly intimidating, but it’s even more intimidating when that data contains the private financial information of tens of thousands of banking and financial services customers. Add on legitimate concerns about cloud security, pair that with the ambiguous nature of a financial institution’s regulatory compliance obligations, and things become—well, a little more intimidating. That’s the kind of sentiment that financial services leaders face when they begin to explore the risks and benefits of moving a bank’s data, workloads, applications, and systems onto the cloud. But even before banking executives and their IT teams begin discussions around how to plan a cloud banking migration, there’s one critical question that needs to be answered: How safe is the cloud for banking or Is the cloud safe for banks?

The short answer: Yes, the cloud can be safe for banks. With the right security enforcement tools, controls, expertise, and intrusive detection and prevention systems in place, cloud computing in banking can provide a trusted technological foundation for a safe and highly secure infrastructure for even the largest banks. In fact, when compared with a bank’s pre-existing security infrastructure, the cloud can offer many banks additional controls aimed at improving data privacy and security, as well as tools and machine learning capabilities that can analyze and monitor data for irregular activity.

With a comprehensive plan and the right approach, migrating systems, business processes, workloads, and applications to the cloud can even offer an opportunity to improve the security of a bank or financial institution’s technological infrastructure. That’s not saying the security of banks today is anything but first-rate. In fact, Canadian banks are already leaders in cybersecurity. They invest heavily in their pre-existing systems to protect their technological infrastructure, customer data, and the financial system itself from cybersecurity threats. But by migrating to a trusted cloud service provider, banks will have the opportunity to review current practices and leverage the expertise of world-class security experts. They will have access to specialized tools and governance frameworks designed specifically to monitor cloud environments. They will even be taking advantage of both the physical and digital infrastructure of cloud service providers that invest billions of dollars in order to ensure they meet the highest standards of privacy and security in their cloud computing platforms—we’re talking about some of the most trusted technology brands in the world, including Google, Microsoft, and Amazon.

What Cloud Security Technology and Methods Help Keep Banks Safe on the Cloud?

When we talk about safety in cloud environments, we’re primarily concerned with cybersecurity or, more specifically, cloud security. After all, keeping our data and systems secure is a requirement for keeping our businesses and organizations safe. Although both cybersecurity and cloud security are concerned with the protection of data, systems, and devices from cyber threats, cloud security is a distinct form of cybersecurity that is particularly concerned with the protection of data and systems stored online by cloud service providers for the purpose of facilitating cloud computing—this includes the online delivery of services and solutions like data storage, servers, databases, networking, and software applications.

When it comes to banks and the financial services industry, cloud security is largely focused on protecting a bank or financial institution’s data, applications, systems, and environments from hackers, data breaches, and unauthorized access in order to prevent cyber threats like data leaks, malicious behaviour, service disruptions, malware, and theft.

Fortunately, there are many tools and methods financial institutions can use to secure and protect their systems on the cloud, and many of those tactical cybersecurity elements are already used by banks and financial institutions today. Methods and tools for protecting a bank’s data and applications on the cloud include security enforcement controls, like next-generation firewalls (NGFWs) and cloud-based tokenization; authorization protocols, like OAuth 2.0; intrusion prevention systems (IPS) and intrusion detection systems (IDS), like real-time threat-detection monitoring and alerting solutions; and communication protocols with data encryption, like HTTPS with Transport Layer Security (TLS) and PC over IP (PCoIP).

For banking leaders, complex technical jargon and cryptic cloud security terminology can quickly feel overwhelming, but a basic understanding of each component’s purpose can help ease concerns about whether the cloud is safe for banks.

While legacy firewalls and unified threat management (UTM) solutions have traditionally provided protection from cybersecurity threats, they may also come with some disadvantages in terms of cloud-based infrastructures and cloud security. UTM solutions can combine many security features into one solution, but that approach can also introduce the risk of having a single point of failure. In addition, traditional or legacy firewalls maintain access control and filtering through port-blocking, but they don’t provide the capability to filter packets by analyzing traffic at the application level.

Fortunately, next-generation firewalls are designed for this purpose, providing additional network visibility capabilities and control for a cloud-based banking infrastructure. With integrated intrusion prevention systems, next-generation firewalls can identify and enable applications regardless of port, protocol, evasive tactics, or SSL encryption. They can also provide more control over applications, as well as deeper inspection capabilities. The growing prevalence—and preference—of network virtualization solutions and cloud-based infrastructures makes innovative next-generation firewalls an important component in any bank’s cloud security strategy.

Although encrypted communication protocols can sound particularly complex, they’re simply doing specific jobs to ensure the communication channels where data is viewed, accessed, or exchanged remains private and secure. HTTPS works with TLS 1.2(+) to leverage encryption and ensure communication between a browser and server is secure. PCoIP, on the other hand, can securely deliver visual applications or workspaces from the cloud to specific endpoints, transferring only the encrypted image information in the form of pixels. By transferring the display of a virtual desktop pixels, PCoIP ensures that important business data doesn’t leave the cloud.

Keeping Banks Safe on the Cloud Also Means Addressing Security Threats Outside of the Cloud

In addition to cloud security tools and technology, there are some additional cybersecurity methods that banks and their financial technology providers can employ to ensure they’re taking a proactive approach to cloud security. The Continuous Integration and Continuous Delivery (CI/CD) pipeline—a modern DevOps methodology where the software release process is streamlined and automated—can include automated vulnerability testing to report on potential flaws or weaknesses. While automated vulnerability scanning can help identify potential flaws in security, penetration testing can take proactive cloud security testing one step further. These are simulated attacks by trusted security experts who can safely explore and exploit potential vulnerabilities in your cloud banking systems.

Although cloud security is primarily focused on the tools and technology used to keep cloud-based infrastructures secure from cybersecurity threats, one of the biggest threats to cloud security has nothing to do with vulnerabilities in technology—it has to do with human vulnerabilities inside the organization. According to a 2019 report by Kaspersky Labs, “Incidents in public cloud infrastructure are more likely to happen because of a customer’s employees rather than actions carried out by cloud providers.” The report found that, “around 90% […] of corporate data breaches in the cloud happen due to social engineering techniques targeting customers’ employees, not because of problems caused by the cloud provider.”

While human vulnerabilities exploited by social engineering tactics can create weaknesses in a bank’s cloud security, this challenge is not unique to cloud-based banking infrastructures. Social engineering is a cyber threat all organizations face today—including banks—and it continues to pose a threat to any IT environment, whether it’s on the cloud or not. As such, it’s important to create human firewalls by educating staff and providing ongoing awareness training on tactics used in social engineering attacks, so employees are continuously educated and aware of how to keep an institution’s data secure.

While the cloud can provide a safe technological infrastructure for a bank—including both the physical infrastructure as well as testing, disaster recovery, and production environments—one of the biggest concerns banks often face in moving their systems to the cloud is understanding how to meet regulatory compliance requirements, like the Payment Card Industry Data Security Standard (PCI DSS). While there is some ambiguity and a lack of clear direction from regulators on moving banking infrastructures the cloud, cloud security tools like next-generation firewalls can actually help streamline PCI DSS compliance by limiting PCI DSS scope.

In addition to improved infrastructure security, the cloud also offers banks and other financial institutions a wide range of business benefits that may soon become critical to a bank’s future success, as well as its digital transformation and legacy modernization initiatives. Those benefits include cost efficiencies, improved flexibility throughout the organization, and the ability to scale IT resources on demand.

It’s important to ask if the cloud is safe for banks when considering a cloud banking migration, but it’s more important that banking leaders and their teams understand how the cloud is safe for banks. When used together, cloud security tools, technology, and methods like these not only play an important role in keeping the financial institution safe from cybersecurity threats—they provide important opportunities for improved security for banks and financial institutions. With rising consumer expectations in the financial services industry, innovative fintech-based banking solutions, and industry-driven initiatives focused on modernization that includes the adoption of open banking—known in Canada as consumer directed finance—there’s no doubt the industry is experiencing change like never before. With change comes risk—but there’s also risk in not changing. With that in mind, maybe ask yourself this: Is it safe not moving to the cloud?

Sources:

https://thefinancialbrand.com/114779/advantages-of-cloud-computing-in-banking-cant-be-ignored/ (Retrieved November 10, 2021)

https://www.ibm.com/thought-leadership/institute-business-value/report/banking-hybrid-multicloud (Retrieved November 9, 2021)

https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/as-big-tech-dominates-cloud-use-for-banks-regulators-may-need-to-get-tougher-59669007 (Retrieved November 11, 2021)

https://cba.ca/banks-and-cyber-security (Retrieved November 12, 2021)

https://www.paloaltonetworks.com/company/what-we-do (Retrieved November 15, 2021)

https://en.wikipedia.org/wiki/Next-generation_firewall (Retrieved November 15, 2021)

https://digitalguardian.com/blog/what-next-generation-firewall-learn-about-differences-between-ngfw-and-traditional-firewalls (Retrieved November 15, 2021)

https://www.cloudflare.com/en-ca/learning/security/what-is-next-generation-firewall-ngfw/ (Retrieved November 15, 2021)

https://www.kaspersky.com/blog/understanding-security-of-the-cloud (Retrieved November 15, 2021)