The article tries to discuss the competitive advantage Financial Institutions will have when putting dynamic transactional data in the cloud, and also says the risks involved can be mitigated. I think the traditional firewalls and security measures might suffice to protect data within one’s premises, but will not hold against data on the move.ie the data put on cloud services . So what are the options Financial Institutes have to handle risk?
- Accept the Risk – If the decrease in operational costs, outsourcing of IT and flexibility offered by cloud platforms outweigh the risk of a data breach, the bank must accept the possibility of damaging its brand due to such incidents . Risk retention is only advisable if it does not pose any financial threat.
- Mitigate the Risk – Removing PII & PCI before moving to cloud helps reduce amount of risky activity. Ramping up security measures and firewalls at company expense is another risk reduction strategy.
- Eliminate the Risk– The only way to eliminate this risk completely is to keep data on premise.Even then it is not ideal situation as on-premise data stores are also susceptible to hackers.
- Transfer the Risk-Altering the contract with cloud vendors so that there are strict data monitoring clauses transfer some of the the risk. Insurance is also a good way to transfer risk. Investing into legal and compliance teams to protect themselves from legal issues are other steps to transfer risk to a 3rd party.
- Risk Avoidance- When you forsake the activity containing risk, it is risk avoidance. Risk avoidance usually leads to risk elimination.
I feel that banks with sensitive data can not transition to a cloud framework unless they understand that the security in the cloud has whole new dynamics and technology than the security measures that they are historically used to.
Reference:
Financial Institutions Weigh Risks, Benefits of Cloud Migration