Security & Compliance
Fintech and Security: How Much is Too Much?
June 24, 2016
Financial services firms are reluctant to take their operations to the cloud – will their fears and the reality about security in the cloud ever align?
It’s no secret that security is always top of mind for financial firms, and a growing number of major data breaches in the past few years are not making CIOS and IT Directors sleep better at night. Financial firms deal with some of the most highly sensitive data in the world, and a breach could instantly ruin the operation and reputation of their business.
Needless to say, banks and financial services firms aren’t exactly rushing to hand over some of their most important and confidential information to a third party technology vendor. The fact that many fintech solutions also operate with a foundation in the cloud only adds to the hesitation.
This reluctance by financial firms has many asking: How much is too much when it comes to security?
Trick question – you can never be too secure. According to a recent article from securityintelligence.com, the financial sector is one of the most targeted industries in the world, and breaches lead to considerable liabilities, dropped stock prices, and customers exposed to identity theft; no financial institution should be complacent when it comes to security. Firms should approach adoption of fintech with the understanding that most fintech providers are often even more prepared to deal with security threats than the financial institutions themselves.
Many fintech providers utilize a cloud service, like Amazon Web Services (AWS), to host and scale their technology using public servers. Despite the initial fear around a word like “public,” a reliable provider like AWS is designed to face numerous issues specific to the financial marketplace including security threats, technology disruption, and disaster recovery. Security, in particular, is an inherent component of AWS and many other cloud services.
“The financial services industry attracts some of the worst cyber criminals,” says Rob Alexander, CIO of Capital One, in a quote form AWS’ own web site. “We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers.”
Although the cloud has built-in security capabilities, fintech firms ensure protection of financial institutions by creating infrastructures that secure data at every point, from origin to destination, as well as architecture for compliance. They put effort into developing integrated and adaptive solutions as well as developing a relationship with IT professionals through exceptional service and support.
Financial institutions have the most to gain by finding a trusted partner to support their key business operations in the cloud, versus hosting the product or service on-premises.
It would take far too much time for a bank to build the kind of high-level security that fintech firms are building on their own, supported by the knowledge gained from working with hundreds of organizations. The right partner can not only provide economies of scale in terms of building a robust set of security capabilities, but they have the resources and knowledge to nearly eliminate security threats in relation to a specific service or application.
Companies like Cloud9 Technologies, a trader voice cloud-based communications provider designed to replace telephone-based trading hardware (turrets), are a great example of this advantage in action. Built on the Amazon Web Services cloud, we’ve enabled our service with two factor authentication and advanced voice encryption that secures calls in transit and also restricts unauthorized users from accessing recorded calls. These specific security measures take the unique needs of voice traders into account and provide financial institutions with a solution that is safer and more effective than legacy hardware or an on-premise system.
However, financial institutions should be cautious when considering technology solutions designed for the general enterprise. Taken from our own space in collaboration, for example, thousands of Slack access tokens were recently posted on Github, making it simple for hackers or automated scripts to access account details, some of which belong to Fortune 500 companies.
Using these tokens it would be possible to eavesdrop on a company, easily access internal chat conversations, and protected files. Bugs recently discovered in the Microsoft 365 system by two security researchers could have given hackers unrestricted access to any account under the system– including Skype for Business.
It’s a dangerous world out there for financial institutions, but the right partner can provide the best defense against security breaches. Fintech providers that fully understand and support the niche requirements of the industry will ultimately prove to be the best asset to financial institutions as they transition to the cloud. There is no such thing as too much security, and when it comes to safeguarding information in the financial services space, finding the right technology partner can make all the difference.