As a director of IT Security and Compliance for D+H, Michael Barrack provides IT security, and risk and compliance consulting services for community financial institutions nationwide. With more than 20 years of serving community banks and credit unions, Michael brings a keen understanding of how our clients use technology to support the business and what the regulators expect as it relates to IT-related compliance.
You are hereResourcesOur ViewpointsMaximize Your Information Security in the Cloud
For the scores of financial institutions clamoring to move to the cloud for the countless business benefits, there has been a surprising and unexpected benefit many didn’t fully see coming. Their company information is more secure than ever. Rather than needing to increase security and compliance as an added cost and trade-off for their numerous cloud gains, these clients are delighted that their information is far more secure than it ever was in the on premise network.
How can this be? And how could it be overlooked when it is so clear cut? Because so much myth and fear of the unknown dominates the topic of cloud computing, it is often challenging to see the forest from the trees.
The first such challenge is that while the term “cloud” is used as a monolith, we must be clear – not all clouds are created equal. If most providers and potential buyers use the term cloud to mean public clouds, then there is good reason to be doubtful that the control structure is sufficient to meet the stringent standards of financial institutions and the FFIEC. However, a community cloud, like the D+H Compushare C3 cloud, built exclusively for the financial services industry, is a very different story. Compushare C3 has vast information security protections built into its very design, and it is this type of cloud on which this perspective focuses.
The second challenge institutions have is based on the due diligence process itself. In evaluating the community cloud’s suitability, financial institutions have followed the guidance carefully – but that approach does not involve comparing relative control strength. In addition, the institution may hesitate in advocating the control sufficiency of the community cloud to avoid degrading the current information security of the on premise network. Naturally, they don’t want to advertise ways in which the current network is not secure, particularly to executive management and the board. And so, a proposal is delivered to the board reflecting a solution that aligns with the business strategy and meets the regulator’s strict IT guidance, while omitting an answer to the question, how will our information be more secure?
As financial institutions migrate to the cloud, however, it becomes unmistakable how much and in what ways their information security will improve. Beginning with the options to implement multi-factor authentication and at-rest data encryption, financial institutions will gain options that were simply not available or affordable in their former on premise environment. Beyond that, institutions have other choices that lock down their information with greater control than they have ever exercised. Examples include the ability to allow, restrict or prevent:
- Saving files to a local hard drive or other external device
- Access by IP address (institution offices only or remote computing allowed)
- Access by time of day
- Access through a combination of the above
Financial institutions are wise to carefully document their cloud specific IT policies to reflect the decisions they made in the related areas above.
Beyond protecting sensitive information with greater and more granular access controls, there are several other key ways financial institutions substantially increase their information security with community cloud solutions. On the top of this list, there is:
- Increased protection from viruses, worms, and malware
- Improved resiliency from threats by mobile devices & BYOD
- Improved insulation from DDoS threats
- Increased system availability and improved, actionable disaster recovery
These are not just “paper-based” advantages – they are real world. In 2014, we saw our clients experience one of the worst winters we have faced in a long time. But those using Compushare C3 fared considerably better than the traditional on premise clients in recovering and restoring operations at their secondary sites. Additionally, cloud computing clients have been insulated from malware attacks.
Information security remains one of the most important trusts a financial institution safeguards for its customers and members; the same is true for partners like D+H, who serve this industry exclusively, and honor that trust daily. Our community cloud computing solution delivers that trust and allows financial institutions to be confident about their information security.