Explained | Security concerns over moving banking data into cloud

Banks can leverage hybrid cloud to scale easily without burdening their existing systems

Banks can leverage hybrid cloud to scale easily without burdening their existing systems | Photo Credit: Reuters

The story so far: Indian banks have urged the Reserve Bank of India (RBI) to allow cloud adoption and lay down rules for it as they feel it is important for the digital makeover of the traditional banks, and to help them compete with their digital-native competitors. The Indian Banks’ Association, which includes members from banks like the State Bank of India, Punjab National Bank and Axis Bank, and other banks have prepared a report for the RBI on cloud adoption. The report explained how cloud adoption in banks would reflect in various areas like cost reduction in maintaining technology and infrastructure, and provide banks with customer-centric and active business models to grow their brands.

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

Why is there a need to shift to the cloud?

Banks operate in a highly dynamic economic and business environment, which needs modernising their IT operations to allow a greater degree of self-service and enhanced product functionality.

The importance of data and data storage is increasing in size, type and complexity, across the traditional banking sector. Managing the data storage imposes time, cost and skill pressures on the internal IT teams.

Along with the evolving demands of the new digital banking systems, it is equally imperative for the data to meet compliance and security requirements, Devika Nayyar, Country Manager- BFSI, HPE, a global player in cloud computing, told  The Hindu.

Hence, banks are increasingly pivoting towards the cloud. Cloud services that span across both public and private clouds are at a sweet spot of delivering data for the new age needs of banks, Nayyar added.

What are the challenges faced by banks with the traditional practice of storing data?

The traditional business operating models are unable to serve the modern needs of financial services institutes (FSIs) amid soaring customer expectations.

Growth in contactless payments, shared economy, and online-only institutions are further causing the financial services industry to re-evaluate their core practices, Nayyar said.

Financial institutions with legacy infrastructures need the same speed, agility, and economics that digital-native competitors enjoy to meet consumer demand and stay competitive in an evolving marketplace, Nayyar added.

What are the security concerns of moving banking data to the cloud?

Many banks rely on old mainframe systems for storing accounts, customer records, loans, balances, and other critical data.

This reliance is due to the proven reliability of such systems as they can maintain data integrity even in case of certain hardware failures, errors, or interruptions, Akshat Jain, CTO & Co-Founder of Cyware, a cybersecurity firm, said to  The Hindu.

Moving this financial data to the cloud poses security concerns like lack of visibility into a cloud service provider’s security measures and the related incident alert and audit information.

“The biggest difference between an on-premise environment and a public cloud is the visibility and control of the bank’s IT team. They can’t protect what they can’t see,” Vinay Sharma, Regional Director, India and SAARC, NETSCOUT, a cybersecurity firm, said to  The Hindu.

Another concern is the lack of adequate security controls to monitor and ensure the security of data in transit, data at rest, and data in computation, Jain said.

It also includes the risk of account compromise due to credential theft, social engineering attacks, malware threats, and other attack vectors. Cloud-based Denial-of-Service attacks also affect the availability of banking services to customers, Jain noted.

What is the way forward?

Some financial institutions and cloud players support the deployment of hybrid cloud models rather than complete migration to the cloud. A hybrid cloud setup is one in which applications run in a combination of different environments. The most common hybrid cloud example is combining an on-premises data centre and a public cloud computing environment, like Google Cloud.

“The hybrid model is preferably better,” K. Paul Thomas, MD and CEO, ESAF Small Finance Bank, said to The Hindu. He reckons that banks as of now do not need a complete cloud solution for all applications but can put peripheral applications on a cloud that requires on-demand infrastructure.

Some banks may conveniently choose to separate sensitive data from low-risk data by hosting high-risk data in a private cloud and moving low-risk data to a public cloud, to avert security risks, according to Nayyar.

Hybrid cloud can increase banks’ agility, efficiency, productivity, and improve their security measures, and latency management with real-time governance.

Banks can leverage hybrid cloud to scale easily without burdening their existing systems or making significant upfront investments. ‘One size fits all’ is certainly not the approach that one can opt for, Nayyar noted.

She added that hybrid cloud is highly cost-effective since the price model shifts from fixed to variable, where businesses pay only for the resources they use, eliminating the need for guesswork and underutilised capacities.

Another global player in the cloud computing industry, Dell Technologies, also spoke in support of hybrid cloud for banking.

“I firmly believe hybrid cloud architecture is the way to go by placing the right kind of data in the right architecture,” Srinivas Rao, Senior Director, System Engineering, Dell Technologies India, said to  The Hindu.

Our code of editorial values

This article is closed for comments.
Please Email the Editor

Printable version | Aug 5, 2022 5:57:44 am |