Myth

Financial services firms shouldn’t use the cloud for its customer data because it is less secure than on-premise systems.

Fact

This line of thinking is extremely common among people in the financial services industry, where the security of data is a principal concern. However, this statement is a myth. The truth is, the cloud is at least as secure as on-premise solutions, and one could even argue it’s more secure. Thus, financial services institutions can trust the cloud to keep their data safe. Here’s why:

Security Checks & Audits

Just look at cloud providers like salesforce.com, Google and Amazon -- their businesses are in large part based on keeping data secure. As much as financial services institutions are concerned about data breaches, so too are trustworthy cloud providers like these. Salesforce.com, for example, has had its security framework audited and data centres reviewed thousands of times by highly regulated clients such as pharmaceutical companies, financial services customers and government agencies (who are themselves customers). 

Points of Access

Among all the concerns around data security, breaches are ultimately the top concern for many institutions. And whether you’re looking at data being breached through a system hack or by someone inside the system, once again the cloud proves to be the more secure option. The biggest threat for an outside data breach is someone hacking into the system, but that’s incredibly difficult to do and has never been accomplished with cloud vendors like salesforce.com and Amazon. The same can not be said for on-premise solutions. When it comes to threats from inside the system, more people will have access to data if it’s on premise than if it’s in the cloud. This is because the number of ways to access data in the cloud is far fewer than then the number of ways to access data inside the firewall. Think about how many people have their passwords on post-it notes on their desks or leave their computers opened and logged-in as they leave their desks for lunch.

Regular Improvements

Furthermore, cloud solutions are more agile than their on-premise counterparts (they are called legacy solutions for a reason), which enables them to better stay up to date with new security measures. Everyday technology evolves, and these improvements include better ways to keep data secure. While cloud solutions can release regular updates to add new protections based on advancements in technology, on-premise solutions simply can not be as agile.  Because the core of their business is data security and so many customers rely on them to bring best-in-class security, cloud vendors are required to keep up with the latest advancements in technology in order to address these requirements.

Trusted Approach

Finally, the cloud doesn’t change the way that security is addressed. Just like with on-premise solutions, there are specialised vendors -- for example Okta, CipherCloud and CloudLock -- who support each layer of security in the cloud. These layers include who can access data (authentication), what you can do with the data to which you have access (authorisation), where the data is stored (residency) and who manages the data. Given that these layers (and specialised vendors) also exist in the cloud, financial services firms can approach security the same way they always have.

Go Ahead, Store Your Data in the Cloud

At the end of the day, the factors listed above -- resources, points of access and regular improvements -- not only make cloud solutions secure enough for financial services firms, but they also make them more secure than on-premise solutions.

Still not totally convinced? Just look at the precedent: Cloud Sherpas has helped numerous clients in the financial services industry implement cloud solutions and, while each implementation varied in capabilities provided, not once was data security an insurmountable issue. For example, we recently worked with one UK regulator to improve service capabilities through an implementation of Salesforce Service Cloud. The regulator chose this cloud solution because it was the only application that could handle the volume of transactions that would be coming in and that could be customised in such a way to meet the organisation’s demands. This was a milestone implementation for the regulator, who found that the security of the solution and overall success of the project far exceeded its initial expectations.

Ready to make the move? Before you do, I have one last piece of advice. Many companies spend nearly 80% of their time and money determining the compliance of different cloud solutions, and, while it’s important to do your due diligence, that’s a bit much. Even out the ratios some more and spend those extra resources differentiating solutions. While you should spend time looking at compliance, you don’t need to reinvent the wheel -- look at what others have done before, do your reference checks, ensure the compliance department is connected and then keep moving.