In the Pursuit to Modernize, a Risk-Based Approach to Security Matters
By Nataraj Nagaratnam | CTO, IBM Cloud Security, IBM
In the pursuit to modernize, financial institutions are finding themselves in an arms race against cybercriminals to defend their digital frontlines from much more bolder and sophisticated schemes. We know the impact of a security breach can be severe in terms of financial cost, reputational damage, and loss of customer trust. However, innovation cannot be stalled with increased market competition as consumers demand faster, more efficient digital experiences. Now the addition of a shifting matrix of regulatory rules that vary across geographies can potentially further slow any progress in the digital transformation journey.
In this age of technological disruption, how can financial institutions balance cloud security, industry compliance, and innovation to securely modernize?
The answer is simple: getting people, process, and technology to work together. This can work through timely and accurate management of security and compliance requirements from the onset. At the end of the day, maintaining trust and privacy remains paramount for the world's top banks and exchanges.
Landesbank Baden-Württemberg (LBBW), one of the largest public banks in Germany, has embarked on a holistic digital transformation to improve the quality of customer service, securely and seamlessly, through making greater use of services from both public and private clouds. The bank leverages IBM’s Unified Key Orchestrator, a multi-cloud encryption technology that helps enterprises manage their data encryption keys across multiple key stores across multiple clouds environments – ultimately giving the bank a single point of control for the keys that in turn enables access to their data.
The effort required to generate, secure and manage keys is seamless and helps the bank’s IT team to protect critical corporate data using keys whether the data is in a third-party cloud or in an on-premises environment. Available as a Cloud service, it can improve productivity and reduce operational complexity and skills needed by banks to host and manage their key management hardware and software.
As financial institutions move away from the single-vendor approach to cloud in favor of a hybrid multicloud strategy to best match their business needs, they may risk heightened levels of operational complexity around data encryption. Having IT teams manage cryptographic keys in silos on-premises and across multiple clouds can bring up challenges around demonstrating compliance and therefore, a holistic cloud and security strategy should be considered to mitigate risk of malicious actors to manipulate workflows, prevent access to confidential data, and more importantly, maintain data governance and sovereignty. According to IBM analysis, an overall fragmented approach to cloud can potentially open enterprises up to risk with the average data breach expected to cost a company $4.35 million this year, up 13% from 2020.
Third- and fourth-party dependencies in cloud services can also potentially introduce new levels of risk that need to be managed before they become a problem. To help financial institutions overcome these challenges, industry cloud platforms can also help clients within financial services reduce risk and address compliance requirements - all while driving innovation. It’s essential to take a data centric and risk-based approach as part of a successful hybrid cloud and security strategy.
Within financial services, we have established the IBM Financial Services Cloud Advisory Council which brings together CIOs, CTOs, CISCOs and Compliance and Risk Officers to help address regulatory compliance challenges and drive cloud adoption for mission-critical workloads across the entire industry. This council helps inform the built-in security and compliance controls included in our cloud designed to meet the specific needs of financial institutions across the globe.
Financial institutions will continue to face unique security, regulatory, and compliance obligations in today’s complex digital world. Data resiliency, privacy, and sovereignty will always need to be at the forefront of their decision-making and IT strategy. Customer satisfaction is at the heart of the banking sector and it is critical to pave secure paths in a multicloud world that enables room to build and sustain innovation and trust.
댓글