Achieving Financial Institutions’ Stringent Cloud and Data Security

Achieving Financial Institutions’ Stringent Cloud and Data Security

by November 2, 2020

Over the past years, cloud computing has become a key technological enabler for innovative service development, allowing industries to tap into new service models and improve productivity, cost-efficiency and flexibility.

Banking and capital markets leaders are increasingly recognizing that cloud is no longer just an option but a necessity at this point as demand for online and digital banking services surges, and technology continues to disrupt the sector.

According to Standard Chartered’s group chief information officer Michael Gorriz, demand for cloud services has surged over the last couple of years driven by the rise of the digital economy but COVID-19 has significantly accelerated the trend. The emergence of new platforms, the entrance of non-bank players into financial services, as well as the rapidly changing regulatory landscape have all contributed to banks’ adoption of cloud computing, Gorriz wrote in an August 2020 post.

Companies across the global financial services industry have been on the public cloud journey for the last five years, with tremendous acceleration over the past two years, said Deloitte. The consulting firm said it saw a threefold increase in the number of organizations adopting cloud between 2016 and 2018.

For Standard Chartered, the bank’s “cloud transformation journey” has materialized in initiatives such as MOX, its digital bank in Hong Kong that’s entirely cloud-based, and scPay, an award-winning global payments system that’s fully cloud native, Gorriz said.

Mox by Standard Chartered cloud security

Standard Chartered’s MOX Open’s its Virtual Banking Service to Select Customers

There are numerous benefits in adopting cloud computing but cloud computing’s biggest opportunity relies on the fact that it makes it possible to synchronize the enterprise, breaking down operational and data silos across risk, finance, regulatory, customer support, and more. Once massive data sets are combined in one place, the organization can apply advanced analytics for integrated insights.

And at a time when fintech companies continue to gain ground, cloud is giving the opportunity for mature financial services institutions to tap into new markets and find ways of competing against digital-first players.

But adoption of cutting-edge technologies is bringing new security issues. Though organizations are investing more than ever in cybersecurity, data breaches and other security incidents continue to increase in both number of size.

According to Accenture, the banking industry incurred the most cybercrime costs in 2018 at US$18.3 million. In the next five years, the firm estimates that cybercrime could cost banks an US$347 billion.

To help financial institutions and fintech address these challenges there are various solutions on the market.

One of those solutions in data security help financial service providers protect their customers, meet government and industry data security compliance standards, facilitate security auditing and avoid the damage to reputation caused by data breaches.

Thales’ CipherTrust Data Security Platform is an integrated suite of data-centric security products and solutions that unify data discovery, protection and control in one platform unifies data discovery, classification, data protection, and unprecedented granular access controls with centralized key management – all on a single platform.

One of the key regulatory mandates such as PCI DSS will require CipherTrust Tokenization to comply with security policies and regulatory mandates while protecting other sensitive data including personally identifiable information (PII). While there are no tokenization standards in the industry, most tokenization solutions fall into one of two architectures: vaultless- or vaulted tokenization, both secure and anonymize sensitive assets. Tokenization software can reside in the data center, big data environments or the cloud and both solutions leverage CipherTrust Manager as a secure encryption key source, also available for cloud, with readily available FIPS 140-2 Level 3 certification as a Root of Trust, the highest security available for the most sensitive data.

In Indonesia, a leading fintech and service provider has turned to Thales for its data protection needs. The company has been using CipherTrust solutions to meet Payment Card Industry Data Security Standard (PCI DSS) compliance and securely exchange data with its customers from the e-commerce, banking and insurance fronts.

PCI DSS is an information security standard for organizations that handle branded credit cards from the major card schemes, including Visa, MasterCard and American Express. Requirements for compliance include protecting cardholders’ data, building and maintaining secure networks and systems, and implementing strong access control measures.


Featured image credit: Freepik