Bank of the Future

Secure Banking on the Cloud

 
November 13, 2018

Every banking service depends heavily on technology to develop an understanding of customers, markets, and competition, as well as the impact of regulations. But the role of technology does not end with gathering data – in fact, it begins right there!

In using this data to deliver personalized experiences to customers, banks have to ensure it remains secure and that the customer’s privacy is fully protected. This presents banks with the opportunity to opt for the cloud. Several types of cloud based services have emerged recently, such as infrastructure-as-a-service, platform-as-a-service, software-as-a-service, and so on.

Let us see how cloud can help banks provide secure services to end customers, while also ensuring protection of data.

If a bank has its own IT infrastructure and software platform, it must also ensure to provide support and take care of maintenance. Along with that, as technology is rapidly changing, it is required to have a roadmap to meet the expectations of customers - as the demand today is for any service, anywhere and at any time.

To sustain in this ever-changing marketplace, banks must partner with cloud service providers to provide the core infrastructure, platform, or software aligned to the overall IT roadmap. Cloud service providers have the ability to provision all technology requirements in significantly lower time and less effort than it takes a bank to do by itself. This is because cloud service providers offer such services to multiple entities across industries, for a variety of customers, per global requirements and regulations.

Partnering with a cloud service provider will require banks to only have a roadmap of their technical needs and security requirements, and leave the headache of implementation and maintenance to the partner. Two main advantages of this approach are:

  1. Banks can concentrate on improving their core services
  2. Banks needn’t worry about developing the technology competency needed to ensure the protection of customer data

 

If you consider a cloud service provider’s security posture (globally accredited vendors), they are heavily regulated given the high level of responsibilities they are expected to undertake. This means, to be able to service banking institutions, cloud service providers need to comply by standard global certifications like ISO 27001, SOC2, and regulatory requirements like FFEIC. In addition to these regulations and certification, banks can recommend additional security controls to their cloud service providers, and make use of third-party audit firms to periodically verify and report compliance.

The use of data analytics, security events management, multifactor authentication, and behavior analytics strengthen cloud security, allowing cloud service providers to support banks in tackling cyberattacks, while they concentrate on providing core banking services. All this makes a strong case for banks to engage cloud service providers for data management, but the key question is – how to choose a cloud service provider? Watch out for our next post on that.

Tags

Sampathkumar Ranganathan is a domain expert with TCS’ Banking and Financial Services (BFS) unit. With 20 years of experience in the areas of networking, databases, data architecture, Sampath works with TCS’ BFS clients in the US, Europe, and Asia on technology and implementation for data security. Currently, he takes care of cloud compliance for the TCS Enterprise Cloud, where he analyzes risk and compliance trends, designs and implements required controls, and works with third-party certifying authorities on control effectiveness assessments. He has a Master’s degree in Software Systems from the Birla Institute of Technology and Science (BITS), Pilani, Rajasthan, India, and has a Master’s degree in Communication Engineering from Nanyang Technology University (NTU), Singapore. He also has a CISSP certification from (ISC)².