There has been a steady increase in adoption of cloud computing and cloud security in the financial services sector over the past few years. This trend is only going to accelerate. According to a study by Cornerstone Advisors, 41% of the FIs have already done so and 20% are planning to invest and/or implement in 2021, and 30% have discussed at the board or executive team level.
The key drivers for this acceleration are:
- Scalable Infrastructure – Cloud paradigm has elasticity built into it inherently. For FIs, this offers the benefit of being able to scale up or down without having to deploy additional infrastructure. A great example of that is the rush of customers who received their stimulus checks last year. Many FIs caved under the onslaught of consumers checking their bank accounts after the stimulus check announcements. However, those who had elastic presence deployed in the cloud fared much better.
- Business Innovation – Cloud platforms provide a plethora of in-built services that can significantly reduce the friction of enabling business innovation. As an example in Amazon Web Service (AWS), Elastic Search, Kibana, and Elk Stack can be quickly spun up to conduct data analytics and dashboards to assist with business decisions.
- Compliance and Certification – Mostly Cloud providers already have compliance built into their platform, and they publish reports for FIs to use for their compliance needs. While FIs are still responsible for security inside the cloud, their ability to satisfy compliance requirements associated with security of the cloud significantly eases their burden.
- Security – Cybersecurity is a top priority in Financial Services. Cloud providers built in security in many significant ways – e.g. managed firewalls, key management systems (KMS) to assist with encryption, DDoS defense, etc. Additionally, a lot of innovation is happening from cybersecurity vendors that directly pertains to the utilization of the cloud – e.g. Bot Mitigation.
Cybersecurity attacks are only going to increase in the future
The financial sector is where the money is, which is why it has been a heavy target of malicious actors for a very long time. This includes not just cybercriminals, but also insiders and nation state actors. Common attacks perpetrated are ransomware, credential stuffing, cryptomining (i.e. use of company resources to mine crypto coins), and runtime data manipulation attacks.
What’s even more concerning is that this trend is rising year over year. In 2019, 7% of all cybercrimes were conducted in the FI sector, but in 2020, that number jumped up to 8.9%. The Cloud can help increase security, but only if the transition or utilization is managed well. In some cases, particularly when entities are migrating from traditional data centers to the cloud, a lack of expertise in the cloud can mean that access pathways are left open for attackers to exploit. For example, leaving S3 buckets (a common storage mechanism in AWS) open to the public.
Stop bad traffic before it comes anywhere near your cloud infrastructure
A key aspect of Cloud protection and security is the ability to keep bad traffic away from your infrastructure. By my estimation, about 40% of the current traffic received by digital banking sites is malicious traffic or spam. Stopping this traffic before it enters your infrastructure is not only beneficial from a security perspective—it can also substantially improve the performance of your infrastructure while helping to optimize costs by reducing the amount of necessary computing power.
Bot mitigation technology has come a long way to help address this risk. While traditional techniques have been to block suspect IP addresses, this has lost its efficacy over time because attackers are able to easily find a new pool of IP addresses. The new age of cloud-based bot mitigation products provide this protection via Artificial Intelligence and Machine Learning models that can differentiate between bot traffic and human traffic. These are typically very effective in blocking credential stuffing attacks, something that is faced by almost every FI on a regular basis.
Relying solely on perimeter protections is not sufficient anymore for Cloud Security
The legacy paradigm of cybersecurity focused on building strong perimeters around organizations via firewalls and intrusion detection systems. However, the COVID pandemic has completely appended this paradigm.
Now, end users can work from anywhere, which means a device or user should not be trusted by default, even if it was previously verified. This perimeter-less security paradigm is known as Zero Trust. Next Generation Anti-Virus (NGAV) and Endpoint Detection and Response (EDR) on every endpoint also helps further Zero Trust. Additionally, FIs should focus on a very strong social engineering and phishing regimen for their employees. As reported by the Verizon Data Breach Investigation Report (DBIR), about 25% of cybersecurity incidents start with a social engineering attack.
Deploy “least privilege” and “need to know”
“Least privilege” and “need to know” are fundamental constructs in Identity and Access Management (IAM). This essentially means that employees should have only as much information or access as is necessary for them to perform their duties, but no more.
Most cloud providers have a built-in functionality for this very purpose. For example, AWS IAM can be used to manage access and privileges of individuals. This also helps in the case of an insider attack (i.e. when an employee of the company conducts an attack because of inducements, personal beliefs, or for financial gain).
Mean time to respond is really important
Time is of the essence when dealing with cybersecurity attacks. Quick detection and remediation may stop such attacks in their throes and prevent the removal of data. That’s why it is important to improve the mean time to respond. For this reason, any enterprise with Personally Identifiable Information (PII) needs to ensure that 24/7 monitoring is in place.
This can be done in-house or can be set up via an arrangement with a Managed Detection and Response (MDR) provider that has expertise in cloud technologies. In addition to providing cybersecurity protection, this will also help certify many compliance requirements. Additionally, for some areas of the infrastructure, the remediation should be automated, such as when private storage buckets are made public. This can be accomplished via automation features available in the cloud (e.g. AWS Lambda serverless functions).
Conclusion for Cloud Security
There is a stampede towards the Cloud in the FI sector for many reasons. This “cloud-first” mindset is enabling a rapid pace of business innovation and decreasing time to market across many organizations.
However, the Cloud opens up a whole different paradigm of security, including many options that may not be present in a legacy data center setup. Being aware of these options and deploying them intelligently will help FIs manage their cybersecurity risk—and perhaps take it to a scale which was not possible before. This will ensure continued trust and confidence of their users and clients and satisfaction of their applicable compliance regimes.