Securing Financial Services Virtual Summit

Securing Financial Services
7th July 2021, Online

Securing banking’s rush to the Cloud
After years of hesitation, financial institutions are migrating rapidly. But Cloud security is a whole new ballgame. Do CISOs know the rules?

 

 

When Deutsche Bank and Google Cloud agreed a multi-year contract back in July 2020, as part of a £12 billion investment plan for new technology, it was just the latest sign that banks have moved beyond their traditional aversion to public Cloud, forced by the need to shed costs and compete with fintech upstarts. The two companies also plan to ‘selectively co-innovate’ with promising startups and fintechs, as well as driving broader adoption of Deutsche Bank’s cloud-native offerings

Goldman Sachs will expand its Marquee web services platform next year. This expansion will come in the form of new products, and these additions will run on AWS. And JP Morgan’s multi-billion multi-Cloud journey is well under way, and the bank has explored multiple Cloud providers, private cloud and hybrid Cloud. Its launch of a digital-only UK retail bank in response to the threat from challenger fintechs is one result.

The list of those embracing public or hybrid Cloud goes on. And for banks still unsure about general Cloud providers there is another model. IBM and Bank of America are collaborating on what they are calling “the world's first financial services-ready public cloud”.

This custom platform takes it for granted that security, privacy and compliance with a host of detailed regulations are fundamental to any finserv Cloud migration. And IBM explicitly says that it will add a stringent, financial services policy framework, financial-grade resiliency and offer a large catalogue of financial ISV and SaaS solutions.

This emphasis is right: FS Cloud migration depends on whether the banks and the regulators can be sure that the Cloud is a secure and private repository of the trillions of pieces of market and client data that it will need to hold and process. In one study, 59 percent of industry respondents felt that making sure cloud platforms and their related applications and data were secure represented the most significant challenge to fully embracing multi-cloud computing solutions.

When explaining its strategy, Deutsche Bank was at pain to emphasise that it will have functionality to manage its encryption keys, as well as choose the data region for applications to be deployed, saying, ‘flexibility and resilience will improve, with an uncompromising focus on data privacy and security to safeguard customer data and Deutsche Bank’s information assets’.

So how can financial services firms ensure their Cloud journeys are secure?
 

The Securing Financial Services conference will take place online and will look at how cybersecurity teams, risk management functions and boards are tackling the key issues in digitalisation, data privacy, security, operational resilience and regulatory compliance. Join us on July 7.

  • Is hybrid Cloud the answer to security worries?

    • Banks report a clear intention to maintain many workloads on dedicated, on-premise servers while also pushing ahead with public Cloud deployments.
    • But hybrid Cloud environments come with their own issues of visibility and control, compliance and governance and data security.
    • How can FS firms tackle these problems?
  • SaaS, IaaS, PaaS

    • Cloud security architectures depend on Cloud delivery models.
    • For example, IaaS Cloud deployments require network segmentation, (IDS/IPS), virtual firewalls placed in front of web applications and so on.
    • A SaaS deployment might demand logging and alerting, IP whitelists and API gateways.
    • How can CISOs find the right answer for their organisation?
  • Securing data in transit

    • Inability to monitor data in transit to and from Cloud applications is often raised as an issue.
    • Major Cloud providers include several layers of protection, including encryption, IPSec tunnels, managed SSL certificates, and so on.
    • But what should end-users do to ensure the integrity of data in transit across hybrid and multi-Cloud environments?
  • The security challenges of Cloud Native

    • Securing containers, backing up Cloud Native applications, avoiding accidental misconfigurations...
    • These are just some of the security headaches of the Cloud Native environments banks must embrace as they digitalise to meet the fintech challenge.
    • So what are the solutions?
  • Solving the Cloud visibility problem

    • CISOs describe Cloud visibility as 'hazy at best', with more than two thirds (69%) of those polled admitting they have a Cloud visibility gap.
    • So how do you ensure you can see all Cloud assets and can analyze assets in-depth?
    • Which new tools can give you in-depth, full-stack visibility into AWS, Azure and GCP?
  • Keeping regulators happy

    • For highly regulated industries such as financial services, complying with a huge and complex mass of mandatory regulation is a priority.
    • This is not just a case of ensuring security or privacy, it's about knowing the current state of the regs and of compliance with them.
    • How can banks track compliance in this new environment?
  • Ensuring consistent control

    • Lack of consistent security controls spanning traditional server and virtualized private Cloud infrastructures can cause serious problems for CISOs.
    • One solution for ensuring consistent policy setting and control within the Cloud is automation.
    • But how does this work in practice and how can CISOs maintain consistency within the shared responsibility model?
  • Building a secure multi-Cloud strategy

    • Some studies allege that security incidents rise the more Cloud providers a firm uses.
    • But for most FS firms a single-Cloud strategy is a non-starter.
    • So, what are the key considerations for operating and innovating in multi-Cloud environments? And how should firms go about ensuring multi-Cloud security?
  • Frictionless security: the customer challenge

    • CISOs tasked with securing Cloud implementations might be forgiven for thinking that security was their sole concern.
    • Unfortunately for them, banks' reason for moving to the Cloud is so they can innovate faster, and tailor products and interactions better to their customers.
    • How can CISOs get out of the way of this process?
  • Staffing Cloud security

    • The well-publicised talent shortage in cybersecurity is even more pronounced when it comes to Cloud security.
    • Finding staff with the skills to address the very specific needs of security in the Cloud is becoming increasingly difficult as demand surges.
    • What are the answers for sourcing and training?
  • Vulnerability monitoring

    • The same mechanisms that create the benefits of Cloud, like virtualization, can have a negative impact on monitoring controls and erode CISOs' ability to take action in response to incidents.
    • Traditional tools, like SIEMs, may not be configured to deal with the practicalities of how Cloud deployments work.
    • What should CISOs be watching out for?
  • Identity & access management in the Cloud

    • Properly managing identities and permissions while using Cloud computing platforms is a crucial first step when implementing a compliant (multi-)Cloud strategy.
    • How do you bridge the gap between your existing identity management systems and the Cloud?
    • And how do you ensure you continue to meet regulatory requirements and the needs of your DevOps teams?

Who Attends

Job titles

Head of Global IT Security
Managing Director Fraud Risk
CISO
Security Governance, Risk and Compliance Manager
Data Loss Prevention - EMEA Operations Lead
Group Head of ICT Risk (Tech. & Cyber) Controls
Strategic Cyber Threat Intelligence Lead
Head of Financial Crime, Info Sec & BCP
Head of Security Architecture
Head of Compliance & Financial Crime
Third Party Risk Consultant
IT Systems Continuity and Integration Manager
Head of Integration, Planning & Development, Compliance Assurance
Information Security Manager
Business Information Security Officer & Third Party Officer
Head of Information Security
CISO
Cyber Security Manager
Head of IT Governance, Risk and Compliance
Senior Information Security Consultant
Group Head of IT Infrastructure and Cybersecurity Audit
Chief Information Security Officer
Compliance Manager & MLRO - UK
Head of Information Security & Audit
Senior Information Reporting Officer
Manager - IT
Senior Server Engineer
Cloud Security Architect
IT Risk Manager
Cyber Security Manager
Senior Technology Risk Manager
Group Head of Risk Domains (Cyber & Tech) and Control Plans
Head of Operational & Technology Risk / CISO
Global Head of IT, Internal Audit
Head of Threat
Head of Security and IT Policy
Lead Information and Cyber Security Specialist (Assurance)
Information Security Programme Manager
Global Infrastructure Security Engineering Manager
VP, Cyber Investigations and Insider Threat Manager
Senior Information Security Consultant
Information Security and Resilience, Operational Risk Oversight Manager
Head of Risk
Global Head - Security Operations
Head of Payment Security
Senior Vice President, Head of Information Security
Cyber Security Manager
Information Security Manager
VP Investigation
PCI Coordinator
Threat Intelligence Manager
Senior Special Agent - Global Security
Vice President - Strategy, Cyber & Intelligence
Head of Investigations and Monitoring
Technology Compliance and Operational Risk Director
Principal Cyber Risk Engineer & Technology Industry Practitioner
Head of Information Security Advisory & Operations
Group Security Operations Manager
Head of Technology
Global CISO
Information Security Officer
Global CISO
Security Operations (SOC) Manager
IT Risk Manager
CISO
Divisional CISO UK, CGC IT, CFO Tech & Platforms IT
Vice President; Information Security Officer
Security Business Partner
Assistant Director of Risk
Group IT Manager
Leader of Network Security EMEA
Security Architect
Senior IT & Cybersecurity Risk Manager
EMEA Operational Security Manager & Business Line Security Officer
CISO
Senior Security Consultant
Technology Risk Management Director - GRC and Quantitative Risk Analysis
Financial Crime and Data Protection Consultant
UKI Cyber Operations Lead
Head of IT and Change
Future Fraud Strategy
Chief Risk Officer
Group Head of Cyber Risk Intelligence
Manager Information Security & Resilience | Operational Risk Oversight
Head of Group-wide Security Optimisation
Director of Cyber Security UK
Technology and Resilience Risk Manager
Leader Payment Systems
Head of IT Risk and Cyber Security
Chief Risk Officer
Acting Chief Information Security Officer, Europe
GRC Manager
Senior Advisor, Information Technology
Manager – Strategy & Intelligence; Investigations, Insider Risk and Data Loss Protection
Chief Information Security Officer
Chief Security Officer EMEA region
Risk Governance Manager (Technology and Cyber)
Head of Information Security
Head of Financial Crime & Compliance Management
Manager of Security Operations, Engineering & Administration
Information Security Strategy and Architecture
Principal Investigations Manager; Physical Security & Investigations
Head of IT Strategy, Governance and Reporting
Senior Specialist Digital Fraud Strategy
Global Head of Information Security
Information Security Officer
Vice President IT Risk - Security Architecture Risk Assessment
Director of IT Governance & Risk Manager

Organisations

Rothschild & Co
Citigroup
Sumitomo Mitsui Banking Corporation
Aldermore Bank PLC
BNY Mellon
BNP Paribas
Refinitiv
Together Money
Travelex Holdings
Gravity Bank
Vanquis Bank
AmTrust International
HSBC
e-finance
Citigroup
Unum
Koine
AerCap
Brewin Dolphin
Phoenix Group
HSBC
LV= Liverpool Victoria
EMQ Inc.
Paragon Customer Communications
PRIMIS Mortgage Network
Activ Trades
SCS Europe
Aviva
Newcastle Building Society
Lloyds Banking Group
Credit Suisse
BNP Paribas
BlueBay Asset Management plc
Travelex Holdings
Quilter plc
Aldermore Bank PLC
Metro Bank
Schroders
London Stock Exchange
Barclays
Fidelity International
TSB Bank
XPS Pensions Group
QBE Insurance
Barclaycard
Redington Limited
Tesco Bank
Yorkshire Building Society
Barclays
Anderson Zaks
Royal Bank of Scotland
American Express
MasterCard
Bank of England
Bank of America Merrill Lynch
Chubb
Quilter plc
Quilter plc
DNA Payments Ltd
First Sentier Investors
GAM Investments
Uphold Inc.
Brewin Dolphin
Brewin Dolphin
Volkswagen Financial Services AG
Credit Suisse
Bank of America
NatWest Group
NS&I (National Savings and Investments)
International Currency Exchange Plc (ICE Plc)
FIS Global
Bank of Ireland
Scotiabank
Société Générale Corporate and Investment Banking - SGCIB
B89
Co-operative Bank plc
AIG Europe
Royal London Group
Aviva
Ipswich Building Society
Santander
Credit Suisse
BNP Paribas
TSB Bank
Prudential
UBS
Close Brothers Group
HSBC
ICBC Standard Bank
thinkmoney
Great-West Lifeco Europe
NEST Corporation (National Employment Savings Trust)
Redwood Bank
Lloyds Banking Group
Man Group Plc
Mapfre Abraxas
BNP Paribas
Jaja Finance
NEST Corporation (National Employment Savings Trust)
Great-West Lifeco Europe
AIB
Barclays
MUFG - Mitsubishi UFJ Financial Group
NewDay
VISTRA
Zenith Bank (UK) Ltd.
MSCI Inc
Commerzbank

Company headcount

1000-1999
10,000+
5000-9999
500-999
10,000+
10,000+
10,000+
500-999
5000-9999
500-999
1000-1999
2000-2999
10,000+
2000-2999
10,000+
10,000+
1-99
100-499
2000-2999
5000-9999
10,000+
5000-9999
100-499
1000-1999
500-999
100-499
1-99
10,000+
1000-1999
10,000+
10,000+
10,000+
100-499
5000-9999
3000-4999
500-999
3000-4999
3000-4999
3000-4999
10,000+
5000-9999
5000-9999
1000-1999
10,000+
10,000+
100-499
3000-4999
3000-4999
10,000+
1-99
10,000+
10,000+
10,000+
2000-2999
10,000+
10,000+
3000-4999
3000-4999
1-99
100-499
500-999
100-499
2000-2999
2000-2999
10,000+
10,000+
10,000+
10,000+
100-499
3000-4999
10,000+
10,000+
10,000+
10,000+
1-99
3000-4999
2000-2999
2000-2999
10,000+
100-499
10,000+
10,000+
10,000+
5000-9999
3000-4999
10,000+
2000-2999
10,000+
1000-1999
1-99
10,000+
100-499
1-99
10,000+
1000-1999
100-499
10,000+
1-99
100-499
10,000+
10,000+
10,000+
10,000+
1000-1999
3000-4999
100-499
3000-4999
10,000+