Cloud adoption has been on the rise for several years now. According to Flexera’s 2022 State of the Cloud report, 63% of respondents considered themselves “heavy” cloud users.
However, while many financial services organizations have adopted cloud computing, some have begun to reconsider that stance. In 2023, financial services organizations are taking a hard look at and reconsidering their cloud investments.
Why FinServ is Questioning Cloud Adoption
The rise of digital banking means that some financial services organizations have been using the cloud for years while others are just getting started. These early adopters have had the opportunity to see the good, bad, and ugly of cloud computing, which is raising the following concerns about cloud adoption in the industry.
One of the main selling points of the cloud is that it is supposed to be cheaper than operating an in-house data center. Cloud providers can take advantage of economies of scale, which should mean that the cloud is cheaper.
However, this is not always the case, and, in many cases, cloud-based deployments are more expensive than on-prem ones. This is especially true if an organization’s applications and data storage are not optimized to take full advantage of cloud environments. As a result, with cloud cost differentiation falling through, many organizations are reconsidering cloud investments.
Cloud environments are supposed to offer greater resiliency and availability than on-prem systems. Cloud infrastructure is globally distributed and has built-in redundancy, which can help to reduce the impacts of failures.
However, this isn’t always enough to ensure resiliency. Cloud downtime has caused outages of major brands in the past. As a result, financial services are increasingly considering in-house deployments or multi-cloud strategies with infrastructure duplicated across multiple cloud service providers to improve resiliency.
Under the cloud shared responsibility model, cloud service providers and customers share the duties of securing their infrastructure stack. The exact breakdown of responsibility depends on the cloud service model in use (IaaS, PaaS, SaaS, etc.).
Under the cloud shared responsibility model, anything under the service provider’s control is a black box to the customer. Without visibility into the underlying infrastructure, financial services organizations lack visibility into where their data is stored, whether it is encrypted in transit, and other security controls. This lack of knowledge and visibility creates significant security and regulatory compliance concerns.
Managing the Risk
Financial institutions are inherently risk averse. In a cloud environment, the most privileged user is the individual with physical access to the computing resources. This can lead to leaks of PII data, PCI data or destruction of data – bypassing all the security safeguards implemented by the customer. Regulatory issues exist without the company doing anything to create risk. These include CCPA, GDPR, HIPAA, PCI, 23 NYCRR 500 violations, as well as GLBA and Dodd-Frank risks.
Customers are thinking long and hard on how to mitigate and remediate these risks. It becomes part of the Third-Party Risk Management (TPRM) paradigm.
How MorganFranklin Can Help
The cloud doesn’t always live up to expectations, and it can introduce significant concerns alongside its benefits. As financial services companies grow more familiar with cloud computing, many are developing concerns about their existing cloud strategies.
In some cases, these concerns and issues may drive organizations to retreat from the cloud in favor of on-prem data centers under their own control. However, in most cases, these cloud concerns can be mitigated with the right cloud adoption strategy.
MorganFranklin’s cybersecurity practice has extensive experience in developing solutions that meet financial services’ business needs, security requirements, and regulatory responsibilities. For financial services organizations looking to develop or update a cloud strategy, our experts can provide guidance on how to extract the full benefits from the cloud while avoiding common pitfalls and security challenges.