PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Industry Opinions
  • News
  • Events
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Industry Opinions
  • News
  • Events
No Result
View All Result
PaymentsJournal
No Result
View All Result

Don’t Reinvent the Vault

The Benefits of Integrating Legacy Systems with the Cloud

Sean Ventura by Sean Ventura
January 17, 2019
in Banking, Featured Content, Security
0
cloud computing

cloud computing

2
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

When you think of bank security, the vault is probably the first thing that comes to mind. All of your wealth locked behind a foot of steel and concrete. For decades, that was enough to protect a bank’s most valuable assets.

Today, we’re managing a second vault: one filled with customer data, locked behind layers of encryption. The trouble is that today’s bank robbers aren’t working with dynamite, like in the westerns; they’re behind powerful computers. Many banks are still reliant on mainframes because of the processing power they provide – and because they’ve performed well for decades. But legacy systems that manage a bank’s digital activities may not be as prepared for this new kind of criminal as they need to be.

Fixing the problem doesn’t necessarily involve abandoning legacy systems, however. The rise of clouds such as Microsoft Azure provides for a hybrid approach – with the cloud functioning as a new vault door, protecting functions that provide access to data, such as customer login.

Two security standards, one long-standing and another on the horizon, are driving greater acceptance of the hybrid cloud-mainframe approach among financial institutions. Here’s why:

PCI-DSS: A new solution to a banking standard

Banks are no stranger to the regulations surrounding cybersecurity – for more than a decade, the major credit card providers have enforced PCI-DSS compliance, guiding banks through the proper channels of securing data.

PCI-DSS’ core components have remained the same over the years, such as maintaining a strong firewall and keeping data encrypted. However, PCI-DSS’ governing body continues to update the regulations as new threats emerge, meaning banks that were once compliant may no longer be. Although security is a critical function, keeping up with compliance can be a full-time job – and FI information technology teams are often stretched thin, as banks roll out more innovations to remain competitive with fintech startups.

In response, some FIs have turned to cloud managed service providers. The cloud MSP becomes a middleman, hosting some of the bank’s PCI-DSS-related controls on its servers and bridging customers from public portions of the FI’s website or application to their personal data. By choosing a cloud MSP, FIs share (and reduce) the risk of a data breach with a partner focused on security – and give their IT teams breathing room to focus on long-term projects. 

PSD2: An answer for tomorrow’s expectations

PSD2, which went into effect in the European Union last year, could also expand cloud adoption in the U.S. financial sector if Congress were to pass similar legislation – a possibility bank directors are closely watching.

Although PSD2 is less focused on security and more focused on customer preferences, its rules will ultimately necessitate more advanced security practices. PSD2 requires FIs to open what was once proprietary customer data to any company its customers permit – meaning retail giants such as Amazon could process transactions without the bank’s involvement using application programming interfaces (APIs). It also allows Account Information Service Providers (AISPs) to aggregate financial data, clearing the way for apps that could provide a single view of all of a customer’s bank accounts and credit cards into one dashboard, regardless of the different FIs that they reside in.

Because APIs will serve as new doors between customers and their financial data, it’s critical FIs build and house their APIs in a protected environment. As it does with PCI-DSS compliance, the cloud provides a security structure around these APIs that alleviates the security upkeep burden on an FI’s IT team.

The cloud will play another critical role in PSD2: enabling innovation. As more companies gain access to customer financial data, banks will encounter growing competition for customer attention – the rise of AISPs will eliminate the need for customers to log in to their account, reducing their interaction with the bank. The cloud offers a platform for FIs to build and launch new offerings and applications that will help protect their revenue stream in an increasingly crowded market.

A door to greater security – and new opportunities

Cloud migration can seem like an overwhelming, costly task. However, for banks that are happy with their current mainframes, it’s not necessary to make a radical shift. By investing in the cloud to protect existing data structures, you can strengthen your security measures without moving your data – and prepare your IT team for the competitive and cybersecurity challenges that lie ahead.

Summary
Don’t Reinvent the Vault
Article Name
Don’t Reinvent the Vault
Description
When you think of bank security, the vault is probably the first thing that comes to mind. All of your wealth locked behind a foot of steel and concrete. For decades, that was enough to protect a bank’s most valuable assets.
Author
Sean Ventura
Publisher Name
PaymentsJournal
Publisher Logo
Tags: Cloud ComputingCompliance and RegulationPCI-DSSPSD2Security
2
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Analyst Coverage, Payments Data, and News Delivered Daily
Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

Must Reads

Why ‘Explainable Ai’ Is the Next Frontier in Financial Crime Fighting

Why ‘Explainable AI’ Is the Next Frontier in Financial Crime Fighting

February 22, 2019
Middle-Market Companies Progressing Toward Digital B2B Payments Adoption

Middle-Market Companies Progressing Toward Digital B2B Payments Adoption

February 21, 2019
An ID-eal Position: Banks and Trusted Digital Identity

An ID-eal Position: Banks and Trusted Digital Identity

February 20, 2019
Speedpay® Pulse Trend Report Delves into the Benefits of Mobile Wallet Payments

Speedpay® Pulse Trend Report Delves into the Benefits of Mobile Wallet Payments

February 19, 2019
What Is the Difference Between PCI-Certified and Non-Certified Encryption?

What Is the Difference Between PCI-Certified and Non-Certified Encryption?

February 18, 2019
Does the Answer to POS Consumer Financing Lie in Bank-Fintech Collaboration?

Does the Answer to POS Consumer Financing Lie in Bank-Fintech Collaboration?

February 15, 2019
Faster Payments Need Faster Identity Verification

Faster Payments Need Faster Identity Verification

February 14, 2019
Can AI Help Small Companies Better Compete with Market Leaders

Can AI Help Small Companies Better Compete with Market Leaders?

February 13, 2019

Connect With Us

  • Advertise With Us
  • About Us
  • Terms of Use

Analyst Coverage, Payments Data, and News Delivered Daily

Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Industry Opinions
  • News
  • Events

© 2019 PaymentsJournal.com

  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Industry Opinions
  • News
  • Events
No Result
View All Result
×

Login

Register

Forgotten Password?

Register | Lost your password?
| Back to Login