AIB also wanted to re-assure customers by proactively implementing new security policies to protect customer data in light of forthcoming industry regulations such as the EU General Data Protection Regulation.

AIB is the leading retail, SME and corporate bank in Ireland, and cloud services are essential to its plans for future growth due to their ease of use, speed and flexibility. Today, more than 630,000 customers use AIB’s award winning mobile banking app every month, with cloud services also used for collecting biometric log in and contextual data of customers, as well as a multitude of internal business operations.

Recognising the importance of cloud services and the need to future proof, AIB approached Skyhigh to identify its cloud services and their risks. As part of its initial assessment, Skyhigh identified a total of 2,500 cloud services in use and ranked each service by its data, legal, business and compliance risk profile as a means of assessing and mitigating potential threats.

“Protecting customer data is paramount to AIB,” said David Cahill, Security Strategy & Architecture Manager at AIB. “Times have changed, however, and cybersecurity no longer ends at the network perimeter. Employees are using a multitude of cloud services in order to do their job more effectively, something that we need to embrace if we’re to stay competitive in an increasing agile and digital world. Our initial step into cloud adoption security was therefore driven by needing to improve visibility into exactly which services were being used and how.”

AIB already has a well-defined and mature process to review and validate all external IT services and partnerships. Its Remote Access Forum (RAF) meets monthly to review requests and authorise requests for external connections and data flows. It has a defined checklist of requirements, multiple steps for provisioning, and a team that reviews and validates all external connections and approves them for use. By identifying and analysing cloud services, Skyhigh’s platform is now used to inform the RAF steering committee, helping AIB streamline the decision process for adding cloud services to the approved list.

”We sanction services like Box because they offer extremely high levels of usability, service and security. However, it’s not enough to simply buy a licence, we need to ensure they are being used and being used responsibly,” continued Cahill “Skyhigh’s granular analysis of sanctioned IT means the right cloud services are being used for the right reasons. Something that’s easier said than done.”

AIB’s work with Skyhigh will continue to enhance business processes in the future. For example, if an AIB employee attempts to use an unauthorised cloud service today, it is not just blocked, instead it will inform the user saying why it’s unsafe and which app to use instead. Skyhigh’s granular analysis of AIB’s cloud network is also helping AIB refine its legacy IT infrastructure and experiment with advanced functionality such as cloud bursting.

“The financial sector is incredibly highly regulated but I guarantee that every leading bank in the world is using thousands of cloud services. Whether or not they know it is another matter,” said Charlie Howe, VP EMEA Skyhigh Networks. “AIB is a great example of how banks can embrace cloud services and take proactive steps to adopt them securely, rather than just saying no to everything. Employees will just find another service if you ban them from one they want to use, which could well be a greater risk.”