Blog  |  Nov. 11, 2021

Public Cloud Questions Answered: From Cloud Security to Compliance

Cloud services are transforming business operations for modern financial institutions, especially as consumers continue prioritizing digital channels. Referred to by IBM as “one of the most important shifts in the history of enterprise computing,” adoption of the public cloud is growing as organizations become more familiar with the advantages provided by this technology.

Since the public cloud supports digital and remote operations, cloud usage is likely to continue growing among financial institutions. In a recent survey from Celent, more than half of financial institutions reported they expect to run their workloads in a cloud within five years. So, why is the financial industry embracing the public cloud? In short, the public cloud delivers efficiencies, optimizes resources and provides enhanced security.

But there’s a lot more to uncover about cloud services. Take a look at these common questions on the cloud and discover how this technology delivers benefits to financial institutions.

Watch our on-demand webinar to learn more about the advantages of a cloud-based IT infrastructure.

 

WATCH THE WEBINAR

 

What is the public cloud?

Generally, the public cloud refers to a type of cloud computing in which resources are publicly available for subscription and consumption by any organization. Common examples of the public cloud include Microsoft® Azure, Amazon Web Services and Google Cloud Platform. In this type of delivery model, the provider owns and manages the infrastructure, removing that burden from the customer.

As institutions navigate an increasingly complex environment of regulatory requirements and strive to meet customer demand, the public cloud provides a reliable, accessible and compliant IT infrastructure. The cloud also supports scalability, allowing institutions to be strategic in resource allocation by purchasing only the resources currently required, then scaling up or down as needed. By contrast, with an on-premises approach, institutions must think long-term and plan for where they intend to be in the future, spending capital on resources that may not be used for years.

What is the public cloud vs. private cloud?

Unlike the public cloud, private cloud services are not available to any and all subscribers. Providers limit access to one or more specific organizations. In some cases, the third party only hosts the data center and the customer owns and operates the private cloud themselves. In others, the provider offers managed services to own and operate the environment for the customer. For a deeper dive into these distinctions, check out this blog.

How secure is the cloud?

Public cloud providers have many incentives—including customer satisfaction and reputation—to invest in the talent and technology needed for secure and compliant environments. As a result, Gartner says, “there have been very few security breaches in the public cloud—most breaches continue to involve on-premises data center environments.”

Due to the complexity of cloud-related architecture, there are situations where configuration issues arise. If prioritizing a move to the cloud, institutions should consider partnering with a trusted cloud services provider to leverage their knowledge, experience and security expertise.

What are the security risks of public cloud computing?

With a cloud migration, it is important for an institution to rethink their security policies around accessing information. For example, if an institution migrated their on-site email to cloud-hosted email, they should update their user and password policies to include certain complexities. Does the existing policy assume users will be in-office or be connected to a virtual private network (VPN)?

With a cloud-based system, users can log in from anywhere using any device, so organizations need to think through stronger security protections, such as multi-factor authentication (MFA).

What is a virtual desktop infrastructure (VDI) environment?

Virtual desktop infrastructure (VDI) uses software to create desktop instances on a server at a location or in a cloud environment. Each virtual desktop is assigned to a user, and when that user accesses their virtual desktop, they have access to all the files and applications meant for them. The end user accesses their files or applications by simply launching an application or going to a specific site in a web browser.

As the pandemic drove institutions to adapt quickly and embrace remote or hybrid workforces, many organizations moved data to the cloud to increase accessibility for those working outside the office. When users access resources with laptops on home networks—which may or may not have adequate security controls—it is possible some employees could download critical corporate data on their machine, opening up security concerns if the laptop were stolen or compromised.

One significant security benefit of VDI is the ability to centralize the management of desktops. Virtual desktops can be patched easily as they do not require the user to manually restart their machines, or remote users to connect to the network. By streamlining patching, vulnerabilities can be addressed quickly, leaving less opportunity for exploitation.

Should the public cloud be included in an institution’s cybersecurity monitoring?

Many organizations secure their perimeter and critical servers while monitoring for threats, but it’s important to remember that the cloud environment must be included in monitoring. Institutions should think about how users access the cloud and how they plan to detect unusual or suspicious behavior. MFA offers an extra layer of protection, and institutions can further enhance controls by setting up conditional or temporary cloud access.

It’s not enough to deploy firewalls and intrusion prevention systems; financial institutions must go above-and-beyond typical security measures to keep their systems safe and should consider partnering with a trusted managed services provider for cybersecurity solutions.

What are the regulatory considerations of moving to the cloud?

Regulations involving public cloud usage are continually evolving, so institutions must be aware of and follow current requirements. Institutions should consider leveraging the compliance expertise of their cloud services provider, so they can ensure preparedness for changes on the horizon, as well as upcoming audits or exams.

It is also important for institutions to remember that responsibility cannot be outsourced. Even if partnering with a trusted provider, an institution is responsible for the overall health and security of its infrastructure.

What is cloud disaster recovery?

Usually hosted by a third-party cloud provider, a cloud recovery solution acts as an “as needed” safeguard during a disaster. Cloud servers can be used in tandem with a physical backup (known as a hybrid system) or as a complete data backup of your entire IT environment.

Even minor inconveniences like the accidental deletion of data or hardware and software failures are enough to cause undue strain on internal IT staff. And the loss of a single server can disrupt business operations, damaging the customer experience and threatening reputational harm. Cloud backups are excellent tools for managing these minor inconveniences because they allow any server to be accessed and temporarily run on a secure environment or backup data to be recovered as needed.

Cloud disaster recovery is an option for migration if institutions aren’t ready to move servers to the cloud. This opens the door to a long-term migration strategy, so an institution already has a cloud presence when other assets expire or depreciate.

What is a cloud migration strategy?

A cloud migration strategy is a plan to guide an institution through moving its data or applications housed on-site to a cloud environment. Almost all institutions are good candidates for a cloud migration, but the specific timeline and migration strategy depends on an institution’s goals and capabilities.

Many choose to analyze their assets and migrate those with depreciating value or take advantage of planned server changes. Instead of adding new servers or replacing those that have depreciated, institutions use this opportunity to embrace the cloud and its many benefits. Taking the time upfront to assess which assets are good candidates for a migration first will help streamline the process.

Prioritizing Your Public Cloud Migration Strategy

Want to learn more about developing your institution’s cloud migration strategy? Watch our on-demand webinar for insight on the public cloud.

 

WATCH THE WEBINAR

 

Sean Martin serves as a product manager for CSI Managed Services and has extensive knowledge on implementing effective systems security and network management practices. He speaks and writes frequently on security-related topics affecting the financial services industry and holds Cisco CCNA and CCIE written certifications.

 

Get In Touch

Are you looking for the edge to outperform the competition? CSI is a full-service technology and compliance partner.

Let’s talk