Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:04 PM
Connect Directly

Changing The Cloud Security Conversation

What are the pertinent questions banks should ask about security in the cloud?
2 of 5

Chris Rezek, Consultant
McKinsey & Company

Cloud computing is being rapidly adopted by enterprise IT, but concerns about trust are still inhibiting the rate of that adoption, particularly for financial services and public cloud.

To enable prudent cloud adoption, enterprises should expand scope beyond technology-focused security questions to include key risk management issues, such as transparency, governance, and compliance.

Bank executives should ask themselves four questions: How much value do we leave on the table if we do not adopt cloud? How pervasive is unofficial cloud adoption already, across the organization? What concentration risks do we create or avoid through managing distribution of data? Can we achieve cloud scale with in-house demand alone (i.e., private cloud)?

In addition, they should also ask vendors four questions: What level of transparency and control will the provider deliver? What third-party inspections and certifications are available? How will our compliance requirements be met for each jurisdiction? What level of access to physical and logical systems do we retain?

Instead of making binary, enterprise-wide decisions about cloud, organizations should understand and balance the benefits and risks of available cloud offerings. Adoption decisions should be structured around individual workloads and data and avoid enterprise-wide blanket cloud bans.

Banks should reduce legal exposure through a prudent contracting approach, while at the same time recognizing the essential novelty of the legal environment and unavoidable uncertainty. Key contract elements include the right to audit, right to transparency and reporting, coverage of compliance requirements, and visibility and consideration of the full supply chain (i.e., the cloud provider's service providers).

Cloud can deliver new benefits, along with new risks. Cloud solutions can improve transparency, simplify log and event management and enable more centralized planning. A business- and risk management-focused approach can enable banks to take advantage of efficient, flexible cloud solutions while still protecting data and delivering security.


Peggy Bresnick Kendler has been a writer for 30 years. She has worked as an editor, publicist and school district technology coordinator. During the past decade, Bresnick Kendler has worked for UBM TechWeb on special financialservices technology-centered ... View Full Bio

2 of 5
Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.