Three critical ways to help financial services protect their data in the cloud
By John Michael
As the digital transformation agenda continues the majority of retail and commercial banks aim to triple their use of cloud services by 2025, according to research1. Cloud-hosted data will enable them to improve agility and take advantage of greater storage capacities, streamline processes and move away from legacy systems. Yet, keeping that data secure can be incredibly challenging. In this blog we look at three critical areas that should be addressed to ensure high levels of data security while still benefitting from cloud technology.
Use encryption technologies to reduce risk
State-of-the-art encryption could save a business from hefty fines in relation to the GDPR in the event of a data breach. Yet worryingly, recent figures suggest that as much as 82% of the databases in the public cloud are not encrypted2. While cloud providers do offer encryption to customers, the only information required to access their data is a username and password. It therefore falls to financial services organisations to take matters into their own hands and ensure data is securely encrypted before it is sent to the cloud, both in transit and at rest.
For ultra-secure encryption, data should preferably be encrypted with a FIPS certified randomly generated AES 256-bit encrypted encryption key, providing the highest levels of security and protection. The user should retain full control of this key, ensuring that it is stored separately to their data. Taking this approach means that even if the cloud account is targeted and hacked, the data cannot be accessed.
Share information securely using multi-factor authentication (MFA)
In the financial services sector, highly sensitive information is shared regularly between businesses. While the cloud facilitates instant collaboration, co-operating parties should ensure that data is encrypted and that relevant stakeholders are provided with a copy of the encrypted encryption key to access the files. This introduces a multi-factor authentication (MFA) security procedure, even when data is sent to a third party.
As an example of unsecure third-party access causing major issues, a data breach suffered by a South African bank in 2020 effectively put the data of 1.7 million customers at risk. While the bank’s own network remained secure, the breach concerned the premises of a third-party business who had been entrusted with customer data for marketing purposes. Here, encrypted data with an encrypted encryption key stored separately would have prevented the incident.
Control access and centralise data management
Controlling access is a major factor in mitigating the risks associated with human error. Through centralised management, those responsible for cloud and data security in the organisation will be able to monitor and control file access, set geo-fencing and time fencing restrictions, encrypt file names and disable users’ access to data remotely. This will go a long way to eliminating security risks.
As financial services organisations continue to collect more data, the cloud can be a viable solution to the processing, storage and sharing of confidential information. But the cloud will only be useful in this regard as long as security measures can be enforced. High-quality encryption and effective centralised control of access to sensitive information will provide the financial services industry with the peace of mind that comes from having safer data.
Learn more about managing, sharing and encrypting data in the cloud.
