3 strategies for prioritizing security as cloud adoption increases

Hardly a week goes by without news of a data breach, but many banking executives seem to prefer burying their heads in the sand over assessing and addressing risk. In Cornerstone Advisors’ 2018 What’s Going On in Banking study, almost half of banking executives ranked cybersecurity as one of their three primary concerns. That number dropped to 36 percent in 2019, and by 2020, it had fallen to just 21 percent.

At the same time, cloud adoption is at an all-time high, and it will only trend upward from here. McKinsey research predicts that up to 90 percent of banks’ IT workloads will be hosted in the public cloud over the next decade, while data from Accenture illustrates a 33 percent increase in the portion of bank IT budgets allocated to the cloud.

Something’s got to give.

Sign up for the free BAI Banking Strategies newsletter and get industry insights delivered to your inbox.

The cloud advantage

Several forces are behind the switch to a cloud-based IT infrastructure in banking, but customer expectations are perhaps the most fundamental driver. Customers want more value, accessibility and personalization — all of which require modern financial institutions to collect huge quantities of data.

When treated carelessly, that data poses a serious risk, and financial institutions that fumble customer trust face an uphill battle to regain it. When used responsibly, however, data can enable banks to drive revenue and get to know customers on a level that goes far beyond an app saying “Welcome, [name]!” With the right insights about consumers and their needs, the lender can recommend products and services that genuinely help individual customers with their goals of saving for major expenditures, funding retirement or simply improving their overall financial well-being.

The cloud also benefits bank employees, with platforms such as Salesforce offering a way to connect formerly siloed systems used for sales, service and customer engagement. Salesforce’s Financial Services Cloud is purpose-built for financial institutions, and it gives employees the ease and power of a single tool instead of an intricate system of legacy solutions. Banks just need to keep in mind that they, too, are responsible for protecting the data in their cloud platforms — not just the providers themselves.

The reality of shared responsibility

Many cloud customers are quick to assume that providers have security needs met. While that is largely true, organizations also have a role to play in configuring how data is disseminated and accessed across their business. When these seemingly minor details are overlooked, the consequences can be disastrous.

One of the best ways to prioritize security and enable success in cloud migration is to establish a center of excellence (COE). Different areas of the business will have different needs, but letting them pursue cloud solutions independent of one another will produce a disjointed result that fails to adequately protect data. COEs combine representatives from all areas of the business to ensure that the migration meets disparate needs while keeping sensitive information safe.

Once you’ve assembled a COE, the group should meet regularly to work through the following steps:

  1. Construct a cohesive cloud strategy: Thinking about security measures can enable business growth initiatives. Banks and financial lenders shouldn’t necessarily prioritize security over digital transformations, but they should look for solutions that address risk and security along with cloud migrations. Outlining the most important ones will help your organization prioritize the capabilities that you want to achieve.
  1. Pursue capabilities outlined in the strategy: Too many organizations rush into a cloud implementation by purchasing solutions and capabilities that they hope to unlock. Unfortunately, they end up with a disjointed mashup of products that are difficult to align from a security perspective. By waiting until you have a complete strategy in hand, you can look for specific solutions that execute against your strategy and ensure each one is implemented in a way that prioritizes security over speed.
  1. Ensure the COE meets at a regular cadence: Cloud migration is much more of an ongoing journey than a destination, which means you’ll want your COE to meet at regular intervals to double-check the trajectory and ensure the process is unfolding as planned. It’s also important to remain informed about the latest cyberthreats and how they could impact your organization’s cloud security posture.

The cloud continues to be a game changer for forward-thinking financial institutions, but it can cost a fortune in fines and lost customers when it’s implemented without regard for security. To carry out a successful and secure cloud migration, organizations must start the process with a well-crafted strategy, execute against that strategy and adopt a mindset of ongoing improvement.

Pete Thurston leads the technology team at RevCult. 

Subscribe to the BAI Banking Strategies newsletter and podcast.