expert
OPINION
MARK JOW , EMEA TECHNICAL EVANGELIST , GIGAMON
Mark Jow , EMEA Technical Evangelist , Gigamon , asks if the financial sector is prepared for the invisible threats lurking in the cloud . He warns : “ While it may be reasonable to assume that cloud providers provide security by design as part of their platforms , this is sadly not the case .”
Why the financial sector must confront an invisible cloud threat
he financial sector has never been
T a stranger to strict security policies . Since the 1600s , banks and their security partners have pioneered some of the most secure strongrooms in the world . Named originally after their vaulted ceilings , ‘ vaults ’ have since become synonymous with the highest level of protection , featuring armoured walls and air-tight locks that can protect valuables from thieves , natural disasters and even atomic bombs .
But modern banks have far more complex threats to counter , and far more valuables to protect . Customer payment data , access to high-profile networks and critical operations all present lucrative opportunities for bad actors . All this leads to an environment in which the Bank of England identified the risk of cyberattacks as one of the major threats to the nation ’ s financial stability . So , are these bastions of security prepared for today ’ s criminals ?
A cloudy landscape
The rise of fintech newcomers in banking can be credited for initiating a dramatic shift in the
financial landscape . With new startups often making extensive use of modern cloud infrastructure and SaaS providers such as Mambu , they benefitted from efficiency and scalability , whilst offering customers more flexible digital banking options . It is no surprise , then , that established retail banking brands have been quick to follow suit .
But the outcomes of an increasingly digitised financial system are not all positive . Without considered security controls , tools and capabilities in place , cloudbased workloads can be easier to penetrate , and are often targeted directly by bad actors .
While it may be reasonable to assume that cloud providers provide security by design as part of their platforms , this is sadly not the case . Far too often , organisations leave security gaps that only become clear in post-incident analysis . When said organisations make up part of a nation ’ s critical national infrastructure ( CNI ), remediating cloud security gaps before an attack can occur is essential .
With UK Finance forecasting that notes and coins will account for just 7 % of all UK payments by
WWW . INTELLIGENTCISO . COM 41