How can FS organisations ensure security and compliance in the cloud?

By Ryan Sheldrake, Field CTO, EMEA, Lacework


To stay ahead of the competition in a landscape that is constantly being disrupted, the majority of financial services (FS) organisations have cloud computing.

While this move is essential for improving customer services, boosting innovation and delivering agility, security in the cloud is more complex than in on-premises environments. It cannot be thought of as an extension of existing on-premises security protocols; it requires a different mindset altogether.

The challenge is exacerbated by the high stakes setting FS organisations operate in. The fact they hold sensitive financial data makes them a prime target for cybercriminals. In the last year, for example, 74% of security leaders in the sector have experienced one or more ransomware attacks. It also means that the consequences of being breached are more significant – the cost of even one data breach is approximately $5.72 million.

Ryan Sheldrake

On top of making sure their environments are bulletproof, they have the double challenge of navigating a complicated regulatory environment to prevent being handed hefty non-compliance fines. Not surprisingly, a study found that compliance monitoring and security governance was the top concern for banking respondents.

Although cybersecurity has long been a priority for the FS sector, organisations cannot afford to become complacent when it comes to adopting cloud technologies. So, how can they guard against malicious actors and remain compliant, while continuing to transform their infrastructure?

Building strong cloud security protocols

Preparation is the best form of defence, which means putting in place strong cloud protocols from the outset is vital – in other words, security must not be an afterthought.

Organisations need to manage the logistical and physical security of multi and hybrid cloud infrastructure. This requires implementing comprehensive security protocols that account for the full lifecycle of personally identifiable information, both on and off premises.

These protocols must also enable teams to build security throughout the development lifecycle, from when they are creating new tools and applications to when the products are running in production.

For security teams which are often strapped for talent, this can mean implementing automated cloud security tools. These help reduce the burden on security, engineering and DevOps teams by giving them a holistic picture of their environment, identifying potentially malicious activity or even misconfigurations that can be taken advantage of by attackers.

Boosting compliance in a complex regulatory landscape

By building strong security protocols and implementing the right cloud security technology, organisations can also improve compliance in a highly regulated environment.

As FS companies increasingly implement cloud technology from different vendors, more financial regulators are establishing standards and guidance. Security teams therefore need to be mindful of how these are evolving, alongside ensuring compliance with regulation such as PCI-DSS, CCPA, GDPR, SOX.

A big part of this involves continuous monitoring and reporting. With the help of cloud security tools, organisations can streamline the compliance process, helping teams to track configuration changes and provide automated audits, as well as setting up alerts to pinpoint exactly when an item becomes non-compliant, lessening the load on teams and reducing the risk of anything flying under the radar.

A secure future

With Deloitte stating that the cloud is “redefining the art of the possible” in banking, the transition to cloud computing holds a great deal of promise for the FS sector. But it needs to be done in a considered way, embedding security into the process from the beginning.

Taking this approach, FS organisations can strengthen their security posture while simultaneously reaping the rewards of cloud adoption.


Explore more