In a highly competitive environment, cloud computing is gaining widespread acceptance across industries, as a means to reduce costs and streamline operations. The financial sector is no different. About 39% of financial services CIOs estimate that by 2015, more than half of all financial transactions would take place through the cloud infrastructure, using Software as a Service (SaaS).
An increasing number of financial institutions are now adopting innovative cloud based business models, breaking out from the traditional operations tightly regulated inside the corporate firewall. Such best practices are worth emulating.
Migration to the cloud poses big security risks to the data, as the enterprise loses control of the data to third-party cloud providers. The risk is even more so for financial institutions, as they deal with money and highly confidential information. Large financial institutions have overcome this hurdle by adopting Infrastructure as a Service (IaaS), platform as a service, (PaaS), and or software as a service (SaaS), as the case may be, on private in-house clouds. Private clouds offer the best of both worlds. It allows significant cost savings, operational efficiencies, flexibility, ease of operations, speed of access, and responsive upgrades, normally associated with cloud computing, while still ensuring the highest levels of security and uptime.
Regulations inhibit financial institutions from migrating to the cloud fully. Federal law, especially the Gramm-Leach Bliley Act, and many state laws require financial institutions to take reasonable steps to safeguard client data, and also resort to affirmative action in case of security breaches that compromise customer data.
To overcome such risks and comply with the law, financial institutions undertake proactive risk identification and management practices, and due diligence when embracing cloud computing. This applies primarily in vendor selection, as compliance with the regulatory stipulations very often require the active co-operation of the cloud vendors.
To ensure compliance of requirements that forbid the migration of data, many financial institutions adopt hybrid cloud, storing legally sensitive data at a local server, and other data in the cloud.
Security has been the traditional bane of cloud computing. These financial sector best practices offer a worthy model to have the best of both worlds: the benefits of the clouds without compromising security.