Community
In today’s information age, a daunting challenge for financial organisations of all sizes is determining the right approach to the storage of large volumes of data in a safe, cost-effective, compliant and easy-to-access manner. Deploying solutions on premise can be complicated and put stress on budgets and infrastructure space as the process would typically require extensive installations, configurations, updates, and dedicated IT teams. Against this scenario, enterprises are pressured to transition towards the adoption of cloud computing to lower the total cost of ownership, increase time to value, and achieve high performance and scalability.
It is evident that cloud computing enables companies in the competitive financial market to stay ahead in this digital world. However, despite many benefits, the flip side is that different types of risks can emerge if the adoption of cloud is not implemented with the right approach. One of the main criticisms leveled against cloud computing and SaaS is the dependency on third parties for storing data, particularly in light of new regulations, such as GDPR. The other is the paucity in the availability of applications.
The four point strategic plan detailed below can help businesses overcome these challenges.
1. Take a risk based approach to cloud computing
When it comes to cloud computing, the number one concern for companies is the inadequate understanding of data. Prior to moving forward with any cloud computing adoption, financial firms need to understand the type of data moved to cloud. A proper data risk assessment needs to be performed to analyse what and how important the data is. Part of this approach also means classifying what the potential risks are for enterprises if their data is stolen or lost, and employing stronger controls to prevent any disasters. Other points to consider include:
2. Select the right cloud service provider (CSP)
While transitioning to cloud, financial companies face the major obstacle of choosing the right CSP that suits their business requirements. The first step to follow is to partner with an industry standard cloud vendor who adheres to security and privacy standards set by industry bodies. Conducting a detailed research of a CSP will further ensure that the provider of your choice offers the best-in-class security controls needed to protect your business and data.
Most financial participants feel they are secure if they have followed mitigation strategies and fail to perform constant checks to ensure compliance. Continuous evaluation is required to ensure the approach does not become obsolete. These include:
3. Leverage the role of governance, risk and compliance (GRC) on cloud
There has been a surge of new laws and regulations introduced by different governments to implement security and privacy measures for enterprises storing information in the cloud, due to the rising threat of cyber theft, and the realisation of the quantum of data that can be compromised.
Developing a robust cloud-based GRC programme will enable enterprises to automate compliance by continuous control monitoring, improve visibility into organisation risk exposure, and achieve competitive benefits for regulatory and government controls. With a GRC framework on cloud, enterprises can achieve:
Monitor the cloud regularly
Financial firms today operate in a dynamic technological environment that requires the implementation of a wide variety of cloud applications to perform business-critical operations efficiently. It is of paramount importance to monitor these applications hosted on cloud in real-time and on a continuous basis. With the advent of new and improved technologies, enterprises need a centralised platform to provide a comprehensive view of the health, performance, and stability of their IT applications hosted on cloud. In an age where a few minutes of down time can translate into a revenue loss of hundreds of thousands of dollars, employing a real-time monitoring strategy ensures interruption-free data flow for maximum productivity.
With data breaches on the rise, businesses in the financial industry need to control where and how data is stored, shared, and accessed. A risk-based approach to cloud, and the use of a robust GRC programme along with cloud can be effective in combatting the barrage of constantly changing regulations levelled at businesses today.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Scott Dawson CEO at DECTA
02 July
Frank Moreno CMO at Entersekt
01 July
Pete McIntyre Financial Services Director at Planixs
Alex Kreger Founder and CEO at UXDA Financial UX Design
30 June
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.