Securing Financial Services
7th July 2021, Online
Securing banking’s rush to the Cloud
After years of hesitation, financial institutions are migrating rapidly. But Cloud security is a whole new ballgame. Do CISOs know the rules?
When Deutsche Bank and Google Cloud agreed a multi-year contract back in July 2020, as part of a £12 billion investment plan for new technology, it was just the latest sign that banks have moved beyond their traditional aversion to public Cloud, forced by the need to shed costs and compete with fintech upstarts. The two companies also plan to ‘selectively co-innovate’ with promising startups and fintechs, as well as driving broader adoption of Deutsche Bank’s cloud-native offerings
Goldman Sachs will expand its Marquee web services platform next year. This expansion will come in the form of new products, and these additions will run on AWS. And JP Morgan’s multi-billion multi-Cloud journey is well under way, and the bank has explored multiple Cloud providers, private cloud and hybrid Cloud. Its launch of a digital-only UK retail bank in response to the threat from challenger fintechs is one result.
The list of those embracing public or hybrid Cloud goes on. And for banks still unsure about general Cloud providers there is another model. IBM and Bank of America are collaborating on what they are calling “the world's first financial services-ready public cloud”.
This custom platform takes it for granted that security, privacy and compliance with a host of detailed regulations are fundamental to any finserv Cloud migration. And IBM explicitly says that it will add a stringent, financial services policy framework, financial-grade resiliency and offer a large catalogue of financial ISV and SaaS solutions.
This emphasis is right: FS Cloud migration depends on whether the banks and the regulators can be sure that the Cloud is a secure and private repository of the trillions of pieces of market and client data that it will need to hold and process. In one study, 59 percent of industry respondents felt that making sure cloud platforms and their related applications and data were secure represented the most significant challenge to fully embracing multi-cloud computing solutions.
When explaining its strategy, Deutsche Bank was at pain to emphasise that it will have functionality to manage its encryption keys, as well as choose the data region for applications to be deployed, saying, ‘flexibility and resilience will improve, with an uncompromising focus on data privacy and security to safeguard customer data and Deutsche Bank’s information assets’.
So how can financial services firms ensure their Cloud journeys are secure?
The Securing Financial Services conference will take place online and will look at how cybersecurity teams, risk management functions and boards are tackling the key issues in digitalisation, data privacy, security, operational resilience and regulatory compliance. Join us on July 7.