TECHNOLOGY
Protecting Sensitive Data When Migrating To The Cloud
G
iven the clear benefits of cloud computing it is interesting that there are not more organisations adopting this way of provisioning data-driven IT services for their employees. After all, there is less outlay on technology capital expenditure, less HR spend on IT personnel, and the opportunity to leverage the latest efficient IT solutions. Yet for many organisations, fears about the cloud linger. One of the biggest issues for banks and financial services companies is to guard against unauthorised access to data, and there are genuine concerns that moving to the cloud will bring about less, rather than more, stringent security controls. Questions are repeatedly raised around how to keep files encrypted as they move to and from the cloud or are sent to customers and business partners via cloud-based services. There is also a lack of understanding about whether a cloud environment will comply with 18
industry-specific and general data protection security regulations, not to mention data leakage, and accessing information from multiple devices. The most important decision for a bank or finance company is to select their cloud provider carefully, and ensure that all of their employees use only this approved platform. Enabling multiple platforms has the effect of fragmenting sources and sharing services, reducing the ability to monitor and control the spread of data, and compromising security protocols. Without access to a corporate-approved cloud platform, the temptation is for employees to use free, unsecure cloud environments just to ‘get the job done’, and the danger is that the IT department may not even be aware of it. Another consideration is the lack of physical control. If someone wants to steal data from an on-site data centre, they have to physically enter the building
to access the systems that house the sensitive documents. But with the cloud, if credentials are stolen, it is difficult for organisations to retrospectively restrict document access. On premises, sensitive data is the priority of the company. For cloud providers, however, the priority is giving access to their platforms 24/7, even if security is taken seriously. Case in point - Banks At all costs, banks and financial advisory firms must avoid the loss of capital and ensure there is no capacity for unauthorised users to access data that could lead to them taking the institution’s money somewhere else. The challenge lies in letting appropriate data be available to appropriate authorised users but also making sure all financial assets can be dealt with as if they were located within the walls of the institution’s datacentre and only accessed by trusted individuals.