Have you ever heard the phrase “the cloud is just someone else’s computer”?
While this may have once been the whole story, modern cloud technology has become a sophisticated system of hardware and software resources that not only provide a place to run your apps, but also a wide variety of physical and virtual hardware and software services, all of which IT professionals can easily manage through APIs and simple user interfaces.
Today, Amazon Web Services , the world’s leading cloud provider, has more than 150 different services that allow developers to set up complicated infrastructure and applications within minutes. Many of these, including hardware provisioning, load balancing, and firewall configuration used to require weeks of time, tens of thousands of dollars, and highly-trained employees to deploy and maintain.
But time and cost savings aren’t the only benefits that come with using the cloud. Cloud providers like AWS, Google Cloud Platform, and Microsoft Azure offer on-demand scalability, the ability to outsource hardware management to world class professionals, highly available application-level services, access to supercomputers, and large support teams that are well-versed in devops and infrastructure.
While the cloud has been a boon for many organizations, not every company has been quick to integrate it into their operations. Security, regulatory, and confidentiality concerns frequently cause organizations in the finance space to be especially wary of leveraging cloud services for any key areas of their business.
Despite the numerous benefits that come from using the cloud, many IT executives in finance are concerned with storing data and running core workflows on hardware that they don’t own and operate. Financial firms are tightly regulated, and need to proceed slowly and meticulously when considering technologies that may affect data confidentiality, loss of control, and data access. These executives worry that a loss of direct control of their core infrastructure could result in the increased likelihood of a security incident.
Fortunately for them, they still maintain control over a large portion of the most common vulnerabilities in IT, regardless of whether they run their core applications on the cloud or on their own hardware. Generally speaking, attacks on physical infrastructure are some of the least likely cause of a data breach. Human error, usually in the form of weak and stolen credentials from phishing attempts or social engineering, are frequently the more likely reason for an incident. Outside of human error, application or infrastructure misconfigurations, such as open ports, backdoors, or unnecessarily elevated permissions are the next most likely catalysts for security breaches.
By using the cloud, IT executives can focus on implementing and strengthening the same controls they would use for on premise applications and configurations, while leaving the complicated management of physical hardware to the world’s largest and best data center organizations.
With the proper approach, IT executives can approach cloud-based security in much the same way as they approach security for on-premise applications. In fact, the biggest cloud providers have created highly secure APIs to manage infrastructure programmatically, sometimes making it even easier to implement best practices.
The following controls are simply some of the many ways that IT professionals can safeguard their operations, regardless of whether they use the cloud or their own hardware:
By applying these, and similar, standard controls, IT executives are able to maintain a similar security profile on cloud-operated infrastructure as compared to owned and operated hardware. Moreover, executives can actually simplify many of their security-related processes by leveraging sophisticated service offerings that cloud companies already provide, which include many of the following areas:
The cloud, as we know it today, has been around for over a decade. Today’s most sophisticated technical organizations are now managing multi-continent, highly redundant facilities that make it easy to deliver and deploy technologies. While there are valid concerns around using new technologies, many of those have been mitigated. By implementing standard security practices, financial organizations can continue to maintain a strong security profile, and as they work with new vendors, these organizations should look for providers that maintain similar security standards, much like we do at Apteo.