Why financial service organisations may have a false sense of cloud security

Most organisations were hit by surprise when the pandemic struck back in early 2020. But the enterprises that adapted best were those already investing in cloud-centric trans- formation projects. Cloud native applications and infrastructure offer them the opportunity to become more agile, support a mobile workforce and deliver enhanced customer experiences faster. As organizations embrace cloud digital transformation, there is cyber-risk to consider also. As we discovered in a study of IT decision makers across all industries including financial services, there’s a significant disconnect between headline confidence in their security strategy and the day-to-day reality.
The good news is that tools exist today to make cloud security more integrated, easier and a lot more effective than many IT leaders in the financial sector believe. Finding the right security partner now, is more important than ever.

Driving digital growth
Global financial services organisations have been enthusiastic adopters of digital technology during the pandemic. The vast majority claimed that the crisis had considerably (46%) or somewhat (42%) accelerated their cloud migration plans. Most (86%) feel completely or for the most part where they need to be with adoption projects.
The same organisations even believe that migration has in itself focused their minds more on cybersecurity (51%). A majority (58%) also revealed that they’ve implemented information security training policies to mitigate any risk of user error impacting the business. This confidence extends to the security posture. Most said they feel fully (36%) or mostly (55%) in control of securing the remote working environment, and a similar number (87%) were confident about securing the future hybrid workforce. What’s more, over two-thirds feel certain they’re able to get visibility into data flows as business-critical information is sent from corporate systems to remote workers.

The bad news
All of this seems pretty reassuring. But on closer inspection, we began to notice some vulnerabilities which may indicate more deep-seated challenges. Despite confidence in their security strategy, nearly half (48%) of respondents claimed privacy and security challenges represent a “very significant” or “significant” barrier to cloud adoption. Only 10% felt there was no such roadblock on digital transformation. They singled out setting consistent policies, a lack of integration with on-premises security tech and patching and vulnerability management as the top three operational security headaches in this area.
Also of concern is awareness around the shared responsibility model, which defines how far protection from providers (CSPs) extends and what the customer is responsible for. Almost all (99%) of those we polled said their CSP provides “more than enough” or “sufficient” data protection. Most (90%) were also very or somewhat confident in their under- standing of the model itself. Unfortunately, the reality is somewhat different. Responsibility for data security is 100% the customer’s responsibility in IaaS and PaaS environments.

Cloud security that works
We were also concerned to see that a greater number of financial sector IT leaders believe cloud security adoption makes life more complicated and expensive for them than those who do not. Over a quarter (27%) think it can also create more siloes, when in fact the right tools can bring IT security and developer teams closer together, for example.
Fortunately, cloud security has advanced considerably in recent years and today there are Cloud Security Platforms that protect cloud infrastructure, cloud native applications, cloud governance and extended detection and response for existing SOC teams which integrate into the major CSP platforms. That means powerful, streamlined security and compliance with a high degree of automation to simplify protection whilst mitigating risk and taking the heat off stretched IT security teams. The financial services firms quickest to familiarise themselves with this new reality will be those in pole position for secure digital transformation and growth as they exit the pandemic.