Reassessing Cloud Security and Vulnerabilities in Financial Services

By: Madhavan Krishnan, Vice President – Cloud Computing & DevOps, Virtusa Corp

Cloud computing is continuously transforming the way organizations use, store, share data, applications workloads. With this transformation, a whole new set of security threats and challenges are also introduced in the system. With so much data going into the cloud—especially in public cloud services in particular—these resources are perceived to be more vulnerable to threats. The needs of modern-day cloud architecture are diverse and traditional security solutions are rendered unsuitable here.

If software continues to be the engine of innovation, organizations need to rethink how to secure their cloud workloads. The way applications are now developed and consumed is changing rapidly and movement of software into the cloud and the consumption of SaaS can create additional challenges for legacy security products. Some of the challenges most organizations face are:

  • Control over Security: Defining ownership of Cloud security is an important first step in securing the Enterprise Cloud. Typically, enterprises would want to retain control of user identity and authentication, data and compliance requirements. Question that looms large is how the control is managed and governed on an ongoing basis.
  • Continuous agile integration and deployment: Legacy security tools cannot keep pace with this agility because they can’t be quickly tuned manually, nor can they learn and auto-tune themselves faster than the current pace of continuous integration and continuous deployment.
  • Layered Infrastructure: Organizations are leveraging containers and virtual machines across one or more public and private clouds to scale their applications. Any security solution specific to one public cloud or to containers fails to meet the security requirements of a modern SaaS vendor.

Key Cloud security design considerations

 

  • Full stack cloud security: Securing the Cloud deployment is a full stack activity across the entire hybrid cloud environments typically adopted in financial services companies. While the Cloud platforms like Microsoft Azure, AWS and the like offer security controls on their platform, the onus of implementing the security controls in the context of a company resides with the enterprise itself. With the proliferation of mobile apps and ever increasing digital foot print, securing the Cloud full stack from the infrastructure, application servers, databases, user identity etc. are all to be secured at each layer thereby ensuring a fool proof system.

 

  • Data-driven approach to secure the Cloud: Machine Learning algorithms are now used widely to secure Cloud based system to prevent unauthorized access. Anomaly detection algorithms can be implemented to intercept incoming data to detect and call out authorized access from potential illegal access to system. These algorithms can automatically detect and quarantine the offending data input for exception handling.
  • Multi-factor authentication of the user: In order to manage different users and their proliferation in the cloud it is important to have a user management in place for all the different user accessing the platform. Multifactor authentication is a very popular and recommended way of ensuring a user access to the cloud is protected not just with a password which is prone to be compromised but also with additional authentication data that a user can authenticate with. Typically, multi-factor authentication needs to be implemented as a best practice guideline rolled to every user of the system.
  • Data residency and protection: Enterprises need to ensure data is protected by encryption at both rest and on the wire. In addition, some countries have regulatory compliance requirements in terms of data residency. Design of Cloud security will need to factor in data residency considerations right at the beginning of their Cloud adoption journey  

Leave a Reply

Your email address will not be published. Required fields are marked *