siliconindia logo

Securing The Cloud To Drive Business By:- Ratan Jyoti

"Banking with the cloud is definitely a game changer"

Use And Implementation Of Cloud In Business

The burden of possessing, managing and maintaining the IT infrastructure has been the key challenge for financial sector. Banking with the cloud has definitely been a game changer. Many banks have already placed their less critical application to cloud computing as a low-risk exercise. The major benefits to the bank are:
• No upfront capital costs and reduced technology costs
• Faster implementation • High flexibility and scalability
• Multi-channel reach

Secure Implementation of Cloud in Banking and Financial Sectors

With cloud, it has been a generic fear that confidential data would be exposed and security and compliance with banking regulations will be at stake. Following security issues needs to be considered based on the significance of the information:

1. Physical Security
With certain type of cloud models, it is likely that we may lose control over physical security as the physical boundaries cannot always be distinguished. Cloud model chosen should consider this fact.

2. Encryption
Encryption is a tool by which we can encrypt the information while passing through the cloud. Application of both ways Secure Sockets Layer protocol (SSL) may be a good option but the important thing to consider would be who will hold the encryption/decryption keys when data is at rest and when data is moving. Full encryption functionality may be chosen as standard for all confidential data.

3. Regulatory concerns about data
Banks consider regulatory concerns about data security & privacy while moving to the cloud vis-à-vis cost saving. It is very important for the bank to remove sensitive data prior to transferring data to hosted solutions. Private cloud is an option where more electronic security can be achieved.

4. Logging & Monitoring
Logging and monitoring is very important. Level of logging and monitoring depends upon the type of cloud solution and sensitiveness of the data. Some of the standard like Payment Card Industry Data Security Standard makes it mandatory to have suitable logs and monitoring mechanisms.

5. Database Security
One of the key challenges for the Banks in cloud computing is data-level security.A system can be adopted where the databases are kept inside the bank, and after that integrated with applications placed in the cloud solution. Classification of data is the key to take such decisions.

6. Virtualization
Virtualization in the cloud increases the benefit, cost efficiency and optimization of resources manifold. Attacks among virtual machines on one banking server cannot be avoided if security is not considered in its design.

7. Perimeter security
A zone of trust in the cloud should be made by using perimeter security devices and by suitable alerting & monitoring mechanism. Although benefit of clouds in the banking is enormous, the common standard to ensure data integrity does not yet exist. Even though enough security mechanism is available today, the decision on level of security and privacy of the data are still key concerns for the bank.