Many financial institutions have an issue with cloud computing. That issue is trust. The information they have, the people they serve, and the services they provide require banks to exercise not only discretion but extreme caution. Their wariness of the cloud is often expressed as security and compliance concerns, but it’s trust.
Perhaps more than in any other industry except healthcare, an institution in the financial sector will not survive without the trust of its clientele; in matters of money, forgiveness is in short supply. Misuse of data entrusted to financial institutions can wreak havoc on individuals, businesses, and communities. It can disrupt cash flows, payments, contracts, and more. Which is why financial services is the most closely and heavily regulated industry by far.
By extension, any business-support activity having the potential to undermine this implied trust covenant between client and institution ─ including the companies with whom institutions choose to do business, such as a cloud provider ─ must also be built upon trust in equal measure.
Trust in cloud computing has been slow to develop, and justifiably so. The benefits of the cloud in terms of IT resource management ─ deploying applications fast, disaster recovery, reducing costs, to name a few ─are well understood by financial services companies. So is the appreciation for the consequences of data breaches, regulatory compliance violations and tarnished reputations. Until proven that these concerns can be fully addressed by the cloud industry, the benefits ─ as good as they are ─ wait in the wings.
Would You Trust Your Money to the Cloud?
Uppermost is the minds of banks and other financial services companies is this: Can they obtain an acceptable level of service and support to satisfy the risk mitigation and regulatory compliance demands required by the institution’s board and executive leadership, as well as the regulatory agencies to which they are subject? This applies in all manner of business activities, not simply whether it is prudent to store critical data in the cloud. Their successful assessment and management of risk factors are fundamental determinants to the success of the institution itself.
Has the cloud data storage industry arrived at that point yet where financial institutions can believe that the many benefits can be theirs without undue risk exposure? If we look at the cloud computing landscape in its entirety, then the answer is no, simply because a majority of cloud service providers (CSPs) have not expended the effort or resources required. Compliance auditing, verifiable records, clearly articulated security protocols and methods, acceptable service level commitments and properly trained personnel are not among the priorities of most. For a select few, they are.
What Banks Need to Know When Looking for Data Security
A CSP that is able to satisfy the rigorous scrutiny of banks and other financial institutions is also likely to be capable of offering reliable and secure services to other businesses and industries, as well. Regulatory concerns are not the exclusive province of the financial community, although they probably set the bar for all others. Data security and protection is becoming a horizontal business necessity, especially as the Internet of Everything continues to evolve, and personal data continues to pile up.
To be a viable CSP in this environment is to make compliance a full-time job, as it has been at Peak 10 for many years. This is the first criteria that banks need to investigate in their search for CSPs.
A capable CSP maintains a rigorous auditing schedule throughout the year, ensuring compliance with the SSAE 16, ISAE 3402 and AT-101 audit standards. Customers who need assistance meeting the requirements of many certifications and regulatory demands, including the Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley and the European Commission’s Directive on Data Protection (“Safe Harbor”), among others, should have resources ready at their disposal. Data centers and cloud services must stand audit-ready to accommodate regulatory oversight.
Banks must be certain that the CSP can provide a range of managed security solutions designed to protect against viruses, spam and other issues that can compromise the security and integrity of your IT assets. Security extends to layers of physical protection in the data center, including card-controlled building access, biometric (fingerprint) scans, video surveillance and on-site 7x24x365 trained staffing.
Banks need to know with certainty where data will be stored and how accessible it is at any moment. This is critical to assessing risk exposure in cloud computing. Banks should have the ability to direct where and how its data is kept.
Disaster recovery and business continuity are often key components of data protection requirements. Banks should be certain that their prospective CSP has, and properly maintains a robust infrastructure with current technologies, that the CSP has data replications technologies matched to their requirements and, ideally, a wide geographic footprint of data centers that can further mitigate risk.
Trust is Bred Through Transparency
Providing advice and guidance is an essential part of services that banks provide their clients as they try to navigate the complexities of financial markets, retirement planning, mortgages and so forth. A CSP should provide the same services to its clients who are trying to evaluate services and options, keep up with rapid technology changes and industry innovation, and plan for the future. The provider should make the effort to understand the complexion of the customer’s risk exposure, and guide the client to a tailored solution that satisfies their needs.
Peak 10 takes this consultative approach to client engagement and solution design because it fosters understanding, effective cloud-based solutions and a business relationship grounded in trust. In the process, clients will often discover capabilities they were not aware of, services they hadn’t considered, or additional ways to apply the power of the cloud to drive business success while improving their own operational efficiency … safely and securely.