Barnaby Mote, CEO and founder of 4sl, explains why leaders of Financial Services Organisations need to look at data security when working with cloud providers
Financial services organisations need to pay close attention to how their cloud providers back-up data, or risk significant data loss or even non-compliance, 4sl has warned. According to IDC, by 2025 49 percent of the 175 zettabytes of data worldwide will be stored in public cloud environments as organisations realise the benefits of using IaaS, PaaS and SaaS. The finance sector is no different in adopting the cloud, with cloud use increasing by 43 percent between 2017 and 2019(1). Yet while cloud can give significant benefits, it also introduces new challenges. Organisations that assume cloud providers’ backup policies meet the finance sector’s rigorous regulatory demands may find themselves at significant risk.
“Nobody doubts the cloud’s value, but the ‘health and hygiene’ standards in place for firms’ on-premise environments can’t be assumed for the cloud,” said Barnaby Mote, CEO and founder of 4sl.
“Quite simply, there are wide variations in the backup and recovery capabilities of cloud services and few provide even the most basic provisions by default. Where backup can be added on, the data is always held by the provider – not ideal for organisations concerned about having all their eggs in one basket. Regulated organisations with strict data retention demands shouldn’t leave this to chance: either do the legwork to understand what each provider offers and configure accordingly, or use a separate technology or service that ensures corporate standards can be applied consistently across the board, from mainframe to microservices.”
Finance sector organisations have clear reasons to invest in the cloud – from improving the scalability of infrastructure and applications, to saving time implementing new applications or infrastructure, or reducing costs. One frequently identified benefit is handing over responsibility for backups. With demonstrating data availability a key part of meeting regulatory obligations, understanding cloud providers’ backup and recovery processes or ensuring alternatives are in place should be a priority. For now, ignorance and misconceptions are still commonplace. Only a quarter of FS organisations claim to know their cloud providers’ backup provisions in detail, whilst 36 per cent of firms using AWS and 43 per cent using Office365 wrongly believe that their data will still be available long after it’s gone.
“From fintech to the growing cyber threat, the financial sector already has enough challenges on the horizon,” continued Barnaby Mote.
“Not knowing whether your cloud data is at risk need not be one of these. With data finding its way into increasingly diverse on-premises and cloud locations, the solution to this challenge is very achievable.”