Cloud Security April 28, 2017
By Gary B. Meshell 3 min read

The financial services sector (FSS) is accelerating the adoption of cloud. According to a 451 Research survey, financial companies are adopting hybrid cloud services as a core part of their technology and infrastructure strategies. Hybrid cloud is defined as a cloud computing environment that utilizes a mixture of on-premises private cloud and third-party public cloud services.

FSS Companies Shift to Hybrid Cloud

In 2015, IBM’s financial services customers, including banking, capital markets and insurance companies, began to implement public cloud for nonproduction workloads, including DevOps, testing and capacity on demand. Much of this adoption is driven by the shift from capital expenditure (capex) to operational expenditure (opex) budgets and an overall willingness to leverage everything-as-a-service, which are natural use cases for public cloud consumption.

IBM’s FSS customers are designing cloud-agnostic workloads that can run on any cloud, including private and public infrastructure. We see use cases such as grid computing, capacity on demand and DevOps drive these financial services firms to utilize public cloud as the primary platform to develop new services and applications. As FSS customers focus on strategic issues such as data center consolidation, application modernization and technology refreshes, the adoption of public cloud increases, as does its acceptance as a next-generation platform.

Read the white paper: Addressing the hybrid cloud security conundrum for financial service

The Complexities of Cloud Security

Although there is high degree of interest on the part of financial services firms to adopt hybrid cloud, there are still a number of major concerns regarding security, data privacy and a complex regulatory landscape that need to be answered before hybrid cloud can become mainstream. There are also negative perceptions regarding cloud that must be overcome, such as the notion that cloud security is difficult to maintain, complex and costly.

Any FSS company planning to adopt hybrid cloud should consider the following must-have elements when selecting a vendor:

  1. Regulatory and compliance alignment;
  2. Standard security frameworks and controls;
  3. Rigorous monitoring of regulatory changes;
  4. Access management;
  5. Network security;
  6. Data protection;
  7. Application security;
  8. Visibility and intelligence;
  9. Workload-centric capabilities; and
  10. Cloud-agnostic managed security services (MSS).

Regulatory Compliance and Security Standards

As FSS companies adapt hybrid cloud, there are myriad complex regulations that must be addressed to ensure that cloud-enabled applications are properly secured. These standards, such as those from the Federal Financial Institutions Examination Council (FFIEC), the Federal Reserve Bank of New York (NY FED) and the National Institute of Standards and Technology (NIST), are creating stringent cloud security requirements for financial services firms to implement security frameworks and controls that comply with these regulations.

These evolving standards and associated complexities have created opportunities for vendors to deliver industry-regulated security solutions to help FSS companies properly secure their hybrid clouds.

IBM’s FSS Hybrid Cloud Security Platform is positioned to become a reliable FSS industry solution by providing capabilities that include:

  1. Hybrid cloud support for private and public cloud;
  2. Support for infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and DevOps;
  3. Continuous regulatory compliance;
  4. Compliant security frameworks and controls;
  5. Data compliance, visibility and encryption;
  6. Cross-cloud platform management;
  7. Monitoring, detection and response;
  8. Dynamic infrastructure hardening;
  9. Cloud control catalog; and
  10. Identity and access controls.

Is Hybrid Cloud Safe for FSS?

So, is it really safe for FSS firms to utilize hybrid cloud services? With the right standards and solutions, yes, hybrid cloud is a viable option for FSS as of now.

Many hybrid cloud services have matured into secure platforms for financial services companies to support core production applications — with a few caveats. FSS companies must be diligent in their understanding of the evolving regulatory landscape and ensure that they are choosing cloud providers that can deliver the proper security framework, security controls, end-to-end monitoring, and a security management system that is highly automated and cognitive.

Ten essential elements for a safe, secure and compliant business operation

 |  |  |  |  |  | 
Gary B. Meshell
Global Sales and Business Development Leader, IBM

Gary B. Meshell is a recognized thought leader in the areas of security and cloud within the financial services industry. He has worked with a number of larg...

More from Banking & Finance
Banking & Finance   May 8, 2023

How the ZeuS Trojan Info Stealer Changed Cybersecurity

4 min read - Information stealer malware is a type of malicious software designed to collect sensitive information from a victim’s computer. Also known as info stealers, data stealers or data-stealing malware, this software is true to its name: after infecting a computer or device, it’s highly adept at exfiltrating login credentials, financial information and personal data. Info stealers typically operate by monitoring keyboard input, capturing screenshots and intercepting network traffic. They may also search a hard drive for specific types of data. The…

4 min read
Intelligence & Analytics   March 30, 2023

2022 Industry Threat Recap: Finance and Insurance

5 min read - The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

5 min read
Banking & Finance   February 7, 2023

How to Spot a Nefarious Cryptocurrency Platform

4 min read - Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

4 min read
Application Security   January 25, 2023

Kronos Malware Reemerges with Increased Functionality

6 min read - The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

6 min read
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature