The biggest security threats are linked with the overall adaption of internal processes (own people) and scaling with speed for better customer experiences (business) through digitization and migration to the cloud.
The environment in which banks operate nowadays is defined by innovation, integration, and capturing intelligence with quick deployment or enhancing market share through new products and capabilities.
Against this background, the biggest threat is adopting digital security (integration) and managing the institution’s risk tolerance. In a nutshell, it starts with digital customer onboarding, faster loan approval, or real-time payments in adherence to system procedures and due diligence in the process of digitization.
The biggest security threats are linked with the overall adaption of internal processes (own people) and scaling with speed for better customer experiences (business) through digitization and migration to the cloud.
How cloud-ready are banks
Banks are often considered reluctant to adopt new technology because of the high value of their assets. The risk is just too high! But at times, there are some technologies that genuinely offer benefits that outweigh the risks.
Speaking to asmag.com recently, Sivakumar Selva Ganapathy, VP of OpenBlue India Software Engineering and APAC Solutions at Johnson Controls, explained that contrary to some popular perceptions, banks are first movers in this field. Moving physical security on a hybrid model was adopted at a large scale approximately five years back (as database mirroring) on-premises virtualized deployments using Hyper-V or VMWare solutions.
“In contrast, one of the main benefits of using the cloud is the ability to monitor more accurately and provide specific resources as a system grows, without needing to enable maximum capacity upfront,” Ganapathy said. “Right now, it is all about cloud transformation and quick onboarding timelines for expansion and growth.”
A hybrid model leverages an easy model of deployment over the public cloud in adherence to data security, network configurations, and regulatory compliance. As banks manage a lot of data, the cloud solution providers (CSP) have designed their hosted cloud solutions in line with various global compliance systems specific to different regional/continental regulatory norms.
Challenges to overcome
The main challenges focus on the adoption and transformation timelines, with support from solution providers, which include OEMs, system integrators, and internal IT team stakeholders.
“We would like to refer to a complete shared responsibility matrix as promoted by CSP (Cloud Solution Providers such as AZURE, AWS, or GOOGLE), which facilitates and unifies adoption and explains the overall responsibility sharing when moving to the cloud,” Ganapathy said. “On-premises is a bigger stack to a customer who will be reduced further when it goes to Cloud Adoption.”
The roles and responsibilities for complete security in the cloud are not significantly different from on-premises strategies and practices. Most of the security responsibility largely remains with the customer.
“The shared responsibility model commonly applies across all CSPs relative to the infrastructure service offering and separates roles and responsibilities into two categories: One, the CSP owns “Security OF the Cloud,” typically limited to the physical security of data centers and the infrastructure inside such as computer, storage, and network, Or two, the customer owns “Security IN the Cloud,” where all security information related to access control, data, and protection of infrastructure is consumed as a service,” Ganapathy continued.
For IaaS, customers have full ownership and control of all their data, applications, operating system, and network configuration, so they are responsible for securing it.
Features that banks want
Cloud migration requires some integration and adaptability for cloud modules. If banks opt for a unified system, this will generate quick TCO (Total Cost of Ownership) analysis for their infrastructure expansion plans and fast onboarding over the go-live environment. Ganapathy listed five points in this regard.
- Unification (a unified system to manage access control, video surveillance, intrusion, and fire alarm systems) with intelligent and AI-driven dashboards. This will drive proactive responses to highly secured infrastructure for banks and quick skimming to root cause analysis.
- Applications that support identity access management (especially for OEMs that plan for SSO/ SAML followed by OAuth), quick onboarding of employees to the premises, managing extensive TATs (Turn Around Time) for database migration or user enrolments, higher levels of security in adherence to regulatory norms of banks.
- Transport layer security / zero trust adoption (secures every endpoint in a network, with true micro-segmentation and secure remote access.)
- Opting for mobile-based credentials with multi–Factor Authentication (MFA), such as touch sensors
- Intelligent visitor management solutions for leveraging top-notch customer services, thereby increasing retention rate.
- How can systems integrators and consultants help banks overcome their challenges and apprehensions about the cloud? How would you, as a solutions provider, be able to help them?
Ease of transformation starts with quick onboarding challenges and return to operations accountability. Driving a containerized approach (pre-modeled/clones) for various customer cases will make it easy for System Integrators to adapt. The shared responsibility matrix presented above will ease the job of consultants in adhering to banks’ regulatory norms.
Conclusion
Moving data to the cloud may sound dangerous to many customers. It may sound like you are losing control over the data, becoming vulnerable to cyberattacks and all the mayhem that would follow. Even a rumor of a cyberattack is unacceptable for banks because it would impact their credibility.
But as Ganapathy points out, the answer to if banks should embrace cloud-based physical security is a bit more nuanced than it looks. Cloud on the hybrid is already something that banks are adopting for various processes, and physical security only needs to be an extension. As technology advances and we see more confidence in the cloud, financial institutions may embrace cloud-based security.