Stage Three: Security | Concerned the Cloud isn’t as secure?


In the third of this five-stage Cloud migration journey blog series, we’ll address the very real issue of cloud security. A perceived lack of security in cloud applications continues to be cited as a reason why financial institutions remain reluctant to migrate their core services to the cloud. Reluctance to embrace cloud technology prevents greater agility and innovation throughout the business. Furthermore, this perception of lack of security is misguided as security within the cloud has the potential to be even greater than on-premises physical server rooms.

The benefits of moving to the cloud are becoming increasingly difficult to ignore as FIs seek to improve operational efficiency and make vital cost reductions throughout the business. A change in mind-set is required and the long held assumption that physical servers are inherently more secure than virtual ones in the cloud is no longer valid.

Cloud vendors have highlighted that they are required to have stronger security and operational controls, as they are already specializing in delivering cloud services to a number of demanding sectors, including government and healthcare. In many cases the infrastructure of a cloud provider is more secure than the on-premises infrastructure of a client. It would be a mistake, however, to believe that cloud technology has no security issues to cause concern. Rather, it should be recognised that these are exactly the same concerns as on-premises networks. Most cloud providers have now obtained security certifications from various bodies in different industries such as, as mentioned earlier, government, healthcare, financial services and defence. This is an important step in demonstrating that they take security seriously and are aware of the concerns relating to cloud migration.

Security is mostly dependent on processes, whether in the cloud or on-premises. If the right IT and business processes are not in place, banks will not have a secure implementation. Cloud migration does not lessen security responsibilities for banks. They are still required to take a disciplined and robust approach to managing applications. The cloud will give banks the instruments to manage those applications but ultimately it is the responsibility of the bank to implement these procedures in a secure way.

The endorsement of cloud technology has been strengthened with a number of regulators publicly stating their support of cloud within the financial services sector. The Bank of England (BOE) announced in 2016 that new technologies such as cloud can actually reduce risk inside financial institutions. In the United States, the Financial Industry Regulatory Authority (FINRA) has already migrated some of its most critical systems to Amazon’s Web Services (AWS). The driver towards this migration has been increased regulatory requirements for data aggregation and analysis. These demands have emphasised the need for such organisations to re-evaluate their business needs.

Ultimately, when it comes to security, banks need to adopt a structured and holistic approach that can work regardless of implementations. Security in the cloud is not inferior but different. The need to maintain a secure environment remains the same with or without the cloud. Cloud vendors offer different tools that allow clients to enable the highest degree of security. However, banks must still ensure that the necessary processes and architecture best practices that allow for cloud migration to take place in a safe and secure environment are established and implemented.


This is the third installment in the Five Stages of the Cloud Migration Journey blog series. View the infographic to learn what other important considerations your firm should be making in this necessary first step towards digitalization. Visit our blog to read about the other topics in this series.