IT
Security is the main barrier to cloud adoption which no one implementing cutting-edge cloud technology can afford to ignore...
Already, 27% of IT security budgets are allocated to cloud security and this is estimated to reach 37% in the next 12 months.
97% of organisations use some type of cloud service either public, private and more frequently hybrid – up from 93% a year ago. Trust in the cloud is growing - now 69% of users trust the public cloud to keep their sensitive data secure.
So how do financial institutions secure the cloud?
Below is a few of the key cloud security areas that need to be looked at and how best to do this.
1. Protect SaaS applications from external threats
SaaS applications deliver many benefits but also expose organisations to risks from advanced threats primarily due to unauthorised access to corporate SaaS accounts. All organisations need a solution to prevent cyber criminals from accessing SaaS applications as well as protection against the most sophisticated malware and zero-day threats.
2. Secure your email
Securing your email system is the topmost priority in cloud security. There are so many areas to cover but you must:
-
Ensure that malware, viruses and spyware are neither received nor sent within email or attachments
-
Minimise spam, scams, phishing expeditions and illegal content
-
Ensure staff, neither accidentally nor with malicious intent, permits or sends confidential, sensitive or illegal content
Organisations should provide an email usage policy to reduce staff misuse of email. This provides you with some redress should it occur.
3. Data sharing
To avoid putting your financial institution in danger of losing or compromising sensitive corporate data, you must provide a secure and easy-to-use file sharing and data storage solution. This will enable staff exchange large files with clients, colleagues, contractors and third parties from any computer or mobile device.
4. Mobile security
BYOD anyone? If you do encourage employees to use their own mobile devices, you need a BYOD policy. Additionally, many organisations provide mobile devices that permit roaming access to corporate email and so it may be undesirable to hold sensitive messages on these devices. In order to avoid this, organisations should implement a filter to control which messages can be synchronised to a mobile device. Filtering based on security labelling prevents sensitive information from being exposed to mobile devices.
5. Know where sensitive data is stored
Organisations need to identify the location of sensitive data. You should capture and identify assets on networks, shares, SANs, in databases and email systems and in transit. It is wise also to also identify data owners and most common data users in order to assist with securing your cloud applications.
Following this advice will ensure you can harness the power and benefits of cloud computing while protecting the assets of your organisation.
By Trilogy Technologies.