Myths keeping bankers out of the cloud
Cloud technology has been in the spotlight recently due to the infamous iCloud hacking scandals. These isolated instances have cast a shadow over the technology and even generated several misconceptions that have stymied its acceptance by the banking industry.
The good news about the Cloud is that it offers better service through smoother workflow processes because it enables banks to use more solutions that do not depend on location. The flexible access to information through the Cloud provides the opportunity for banks to increase productivity and more effectively manage time. Using Cloud technology as an information management tool enables bank customers and staff to access sensitive documents from any appropriate device and location.
Furthermore, Cloud technology offers bankers the opportunity to use a more scalable solution to manage information. Instead of paying a fixed cost for the use of a system, the Cloud enables users to raise or lower their solution’s bandwidth to meet business needs without paying for additional usage during slow times. Having this flexibility is an advantage that banks should not ignore, if they wish to remain competitive.
Private vs. Public Cloud
Unfortunately, the Cloud has lately come under a cloud, so to speak, due to the myth that it is not secure. This misconception stems from the recent new stories regarding failures of the Cloud to protect several celebrities’ personal photos and a lack of understanding about the differences between the private and public Cloud. The prominent cases in which the Cloud leaked user data are examples which took place within the public Cloud, which has a much lower threshold of security.
In comparison, the private Cloud is designed around a specific community and restricts user access to a defined group of individuals. This additional layer of protection is one example of the security features which differentiate the private Cloud from the public Cloud.
Another myth is that all Cloud vendors claiming compliance offer the same level of protection. Providers always describe their Cloud technology as “fully” compliant, but in reality, there are nuances to the levels of compliance. For example, when a vendor brags that it has passed a SOC1 audit, it would be incorrect to assume their solution is as compliant as it needs to be. A SOC1 audit is based on controls around financial reporting and does not come close to matching the security verified by a SOC2 audit.
SOC2 checks for additional operational controls and service level agreement (SLA) benchmarks that go way beyond the other audit. Passing a SOC2 audit reassures banks that a Cloud vendor has the following priorities: the security and availability of their technology for the bank, the technology’s processing integrity and the confidentiality of the information within the Cloud.
Additionally, banks frequently use third-party technology providers, who rely on developers’ compliance claims. Once the technology has passed from one vendor to another it is no longer guaranteed by the original audit. To truly be compliant, the reseller should seek out their own SOC2 audit or their customers assume a greater compliance risk. Financial institutions take on a great risk by adopting technology from a reseller who does not perform an additional compliance attestation.
Currently, many financial institutions believe that the decision to adopt Cloud technology should primarily originate from the IT department. In reality, the most successful implementations are projects designated by the executive management team. An IT department is naturally instrumental in implementing Cloud solutions. However, in order for the project to be successful, C-level executives need to be involved.
Additionally, originating this decision from the top of a bank’s chain of command makes it more likely that all departments will get adequate training to use the new technology. Adopting Cloud technology is a business choice and changes a financial institution’s business model. Such a significant decision is not likely to succeed if its origin is the IT department.
These misconceptions about the Cloud are inhibiting the growth of the industry as a whole. Bankers need to challenge such inaccurate views about Cloud technology if they wish to remain competitive.
Mr. Tanner is senior manager at College Station, Texas-based Rentsys Recovery Services, a provider of comprehensive disaster recovery services for banks, credit unions, mortgage lenders and other organizations. He can be reached at [email protected].