FinTechCyber Security & FraudGet off my cloud: protecting sensitive cloud environments from cyber threats

Get off my cloud: protecting sensitive cloud environments from cyber threats

As cloud adoption in the financial services sector continues to grow, so do the number of cyber threats targeting it. Anurag Kahol, CTO of Bitglass, discusses some of the most common cloud vulnerabilities and what security measures financial organizations can put in place to keep highly sensitive data safe.

The rise of cloud services throughout the business world has been well documented for several years, and while the financial services industry initially proved somewhat resistant, that’s no longer the case. This is because the flexibility and efficiency gains that are offered by cloud services, which are simply becoming too beneficial to ignore. Recent research by Gartner suggests that by 2020, a “no-cloud” policy will be as rare as “no-internet” policy is today.

However, embracing the cloud isn’t always straightforward and security is often cited as the number one concern and a barrier to adoption of cloud. The interconnected nature of it means that if effective security measures aren’t in place, threats such as malware can rapidly spread throughout an entire environment.

Cybersecurity is a major issue in every industry, but in strictly regulated sectors like financial services – it is critical. Heavy fines and sanctions await any organization that suffers a breach, meaning there is no room for errors.

Effective defense starts with understanding weaknesses

Unfortunately, most IaaS offerings and SaaS apps lack built-in protection against malware. Financial organizations looking to make the transition must understand what the top vulnerabilities are and how they can effectively defend their data from persistent cyber threats.

The following are three of the most common cloud vulnerabilities encountered:

  1. Inter-app communication: Connected cloud apps can significantly boost productivity, but automated communication and data sharing can inadvertently spread infections between apps at a staggering pace. Due to the lack of built-in malware protection, these apps can quickly become a point of distribution for potent threats.
  2. Compromised endpoints: The larger the organization, the more endpoints there are. Even in a tightly controlled environment, it can be very difficult to enforce security policies and regular malware scans. Subsequently, if files are not properly scrutinized before being uploaded, infections originating from the endpoint can easily be transferred as part of the process.
  3. Infected downloads: Infected files laying dormant in the cloud are typically the result of the compromised endpoints described above. Without robust threat detection at download, employees may accidentally pull malware from trusted applications onto their devices, further spreading the infection and compromising any future uploads made from the device.


Three components of strong defense strategies

While the dangers posed by malware and other cyber threats are very real, a careful and considered approach to security can mitigate many threats. While technology plays a key role, many security measures are more straightforward:


  • Go beyond endpoint security: Endpoint protection is a key component of cloud security strategy. Focusing solely on this will leave an organization vulnerable to a wide range of other attack vectors. Fortunately, smarter malware defense technologies are now available that can actively monitor for threats and mitigate vulnerabilities. Machine-learning based products are even able to analyze file behaviors and identify new, zero-day malware that would otherwise be difficult for conventional AV engines to detect.


  • Education: Like so many fundamental business practices, effective cloud security begins with employee education. Careless employees can pose the greatest risk to an organization’s Consistent education can keep security at the forefront and make employees less prone to simple mistakes that allow malware into the network. Furthermore, it makes workers aware of the signs to look for if something is amiss.


  • Stay on top of software updates: Many employees ignore software and system updates if they are inconvenient or disrupt their work schedule. However, these updates often contain critical security patches based on the latest research and testing. Failure to install them immediately could leave institutions vulnerable to well-known cyber threats.

Staying one step ahead

With cloud adoption starting to overtake traditional on-premise applications throughout financial services, institutions need to be more committed than ever to protect their highly sensitive data.

While the overall strategies behind most cyber-attacks remain the same, the way in which they are executed is continually changing, making it harder to stay one step ahead. Fortunately, advances in technology and training mean that a robust cloud-security strategy is attainable. The right combination of strategic cybersecurity investments, employee education, and constant vigilance can keep even the most sensitive financial information safe in the cloud.


Whitepapers & Resources

Transaction Banking Survey 2019

Transaction Banking Survey 2019

TIS Sanction Screening Survey Report

Payments TIS Sanction Screening Survey Report

Enhancing your strategic position: Digitalization in Treasury

Payments Enhancing your strategic position: Digitalization in Treasury

Netting: An Immersive Guide to Global Reconciliation

Netting: An Immersive Guide to Global Reconciliation