Organizations have to adopt a holistic security hygiene approach to cloud security
This is an exclusive interview conducted by the Editor Team of CIO News with Shaik J Ahmed, Vice President, Head of Information Security – Risk and Governance from the banking industry
The banking industry plays a significant role in economic well-being. It is expected that the industry will grow by $124.3 billion USD by the end of 2025. To keep up with challenging and changing times, to acquire new business and to retain existing customers, and to adhere to customised regulatory and legal requirements, the industry has to constantly undergo modernization to keep up and exceed expectations.
Cloud computing (on-demand access to compute resources) has been an advantage for the banking industry to show impactful financial numbers and has given an opportunity for massive growth.
Ever increasing digital adoption by customers and consumers demands the banking sector ensure 24/7 access to their services, scalable storage to record voluminous digital transactions, speed, reliability, and secure availability of data. And cloud computing provides these services to the banking industry, allowing it to focus on its core competencies. Banks can access redundant data centres and anything as a service, such as infrastructure, platform, software, applications, databases, AI, ML, NLP, cognitive services, automations, RPA, and disaster services, with the click of a mouse.
Clouds are not free from risk. We have to consider all the risks and ensure appropriate controls are in place to manage them. Risks like data security, privacy, shared responsibility, and data residency are the key ones. Data portability, labelling, classification, and dynamic information protection services like DLP and CASB, data architecture standards, training and awareness, cloud service detection, and visibility tracking are some of the controls that should be put in place to improve the security posture. The network is an important consideration when reaping the benefits of the cloud. Network-as-a-service (NaaS) is a cloud service model in which customers rent networking services from a cloud vendor instead of setting up their own network infrastructure. Large NaaS providers include major CSPs, including Amazon and Rackspace, as well as global service providers such as AT&T, Level 3 Communications, Telefonica, and Verizon.
The key trends in cloud security are industry-specific, devsecops, data security, and vendor risk management. For banking, the cloud providers are customising their offerings to ensure standards like PCI DSS, EU GDPR, and UAE CPR are by default met for cloud customers. Few experts are calling devsecops “secdevops” to emphasise security’s importance. With the proliferation of AI, ML, NLP, and DL, the business now has the capabilities to extract in-depth insights from the data. Data security mechanisms such as strong encryption for use, transit, and at rest, zero trust architecture, and tokenization will help businesses secure their data. Ensuring robust vendor risk management is key to providing secure services and achieving a secure outcome for the business.
As cloud services evolve, so does their security. Organizations have to adopt a holistic security hygiene approach to cloud security so that their in-house and cloud data workloads, processes, and services are managed with acceptable risk.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics