Sean Finnerty is Executive Director Regulatory Compliance for REAN Cloud.
The financial sector was initially hesitant to move to the cloud due to being under constant pressure to adhere to strict regulations and standards. However, perceptions have changed; and adoption among banks, mortgage and insurance businesses and payment companies is booming. A recent survey from Gartner found that nearly 40 percent of small, midsize and large enterprises plan to migrate to the cloud within the next three years.
The better-known business benefits of cloud computing – accelerating operations, scalability and security – have successfully attracted financial customers. However, after migrating data centers and applications, these companies often find that the cloud delivers other unexpected benefits in the area of compliance.
The Baseline Benefits
Along with robust security, the ability to make operations faster, more scalable and flexible has attracted financial institutions to the cloud. Additionally, this level of agility facilitates the quick roll-out of new applications and drives innovation.
Speed: With automated deployments, organizations can release updates and new software much faster than with legacy systems, making it easier to respond to customers’ needs, and improve and remediate systems issues quickly.
Scalability: In the cloud, the physical infrastructure is controlled and maintained by hyperscale providers, enabling companies to easily scale up and down to meet network demand.
Automated security: Automated deployments and faster deployment release cycles are two factors attracting the financial sector. In the event of a breach, a patch can be quickly deployed across the automated fleet.
Layered security: The cloud provides multi-layered security, and with additional support from hyperscale cloud providers, guarding against network attacks such as distributed denial of service (DDoS) is more effective. It also facilitates network segmentation, enabling companies to achieve more prescriptive network design, limiting exposure and reducing the risk of a breach.
Fostering an Environment of Compliance
Regulatory requirements in the U.S., including the Payment Card Industry Data Security Standard (PCI DSS), the Gramm-Leach-Bliley Act (GLBA) and other data privacy laws, like Europe’s GDPR - will dramatically impact U.S. companies doing business in Europe. As a result, financial institutions not only need to protect data, but they need to be able to regularly report on the effectiveness their data protection measures.
Compliance is a major consideration of financial companies, with detrimental fines and customer loyalty on the line. According to a 2015 SANS Survey, 72 percent of respondents claimed maintaining compliance in the cloud as their biggest concern across all types of cloud deployment.
Nonetheless, the cloud has proven to be an optimal environment for facilitating compliance – ensuring key requirements like logging, data control and classification, redundancy and maintenance are achieved.
Logging: Compliance demands a level of IT “accountability,” which is best executed with scale and attention to detail. Logging is more than just data tracking, it’s keeping track of the right data, and hyperscale cloud providers help ensure that every detail can be recorded. Log retention requirements, which dictate how long data must be kept dependent on each regulation, are easier to achieve in the cloud with easy access to storage and native support for data aging and low cost, long term retention options.
Control and data classification: Banks that need to restrict access to information in their back-end systems from customer-facing online banking systems, must first classify the data before controlling access. Hyperscale cloud providers and third-party MSPs now provide services that help automate the tagging and data classification process, making it much easier to identify data and understand its location and access details. Additionally, finding mis-classified or unlabeled sensitive data is more manageable with new tools and capabilities that are pre-integrated with the platform to ensure ease of use.
Redundancy: This is a key security principle of compliance, and can be much easier to accomplish in the cloud. Hyperscale cloud providers can replicate workloads to aid in data recovery if an entire data center is lost to a natural disaster, because they maintain multiple data centers around the globe.
Maintenance: From automated redeployments with new builds to security breaches, staying up to date and maintaining visibility of networks and applications is crucial. The cloud can help automate these processes and make updating and implementing applications and deployments quicker and more efficient, thus reducing the risk of an out-of-date network.
Embracing the Cloud, Promoting Compliance
Regulations governing financial institutions are a major concern dictating the day-to-day business of organizations across the industry. As more of the financial sector moves to the cloud, it becomes clear that this virtual environment actually streamlines regulation requirements and promotes compliance through high availability of components, scalability of resources and an unmatched attention to detail in security services and features.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Informa.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.