Is Cloud Computing Secure for Financial Services Industry?

My recent article for Seeking Alpha predicts a significant uptick in cloud adoption in financial services, thanks to the arrival of industry-focused cloud providers,  improving trust in cloud security, and a bunch of other factors.  Not everyone agrees. Dissenters argue that cloud security cannot be trusted.

Here is an excerpt from one of the comments on the article:

“As a communications programmer, I tell you that most customers have not fully realized the risks inherent in the current implementations of multi-tenant cloud computing. Those can be cleaned up eventually, but they CAN NOT BE CLEANED UP COST EFFECTIVELY. The encryption required means non-trivial CPU usage. So, you’re faced with either doing whatever you’re doing insecurely, or doing it with dedicated hardware. The multi-tenant, elastic model is simply broken from a security and efficiency perspective.”

This is a typical argument we hear from old school IT or legacy vendors such as Oracle. They tell you multitenancy is bad for you, either because they haven’t upgraded their skills (and are fighting to save their jobs) or because they want to sell you dedicated hardware.  CPU power is commoditized and getting cheaper every day, so the “non-trivial CPU usage” claim doesn’t hold water.

In fact, I realized that the case against cloud security now rests heavily on the recent hacking incidents, as some of these comments suggest:

“Target and others are just beginning to learn how difficult it is to do security correctly even on dedicated closed systems.”

“… the most critical data needs to be kept inhouse. The recent string of hacking cases against Target, Niemen-Marcus, and Michael’s should demonstrate that to everybody.”

Clearly, Target’s data was kept inhouse and secured by their internal IT.  Turned out that wasn’t the best security, after all.  Another person, who commented on the article, highlighted the irony:

“The irony here, regarding financial services organizations, is that they are breached constantly. I’ve had every major credit card I own compromised in the past 18 months. These banks also have more down time due to weather, outages, failed upgrades, etc than would never be accepted in the public cloud.

If you understand how public clouds like Amazon Web Services handle availability, you wouldn’t be concerned about outages. For an in house or on premise service to have the same type of capabilities related to availability is cost prohibitive. Banks are already severely wasteful with their data center resources.

The primary reasons banks haven’t moved to public cloud yet is more around Public Relations, sunk investments in under-utilized, owned infrastructure, and, well, complacency.”

Security arguments notwithstanding, Gartner asserts more than 60 percent of banks worldwide will process the majority of their transactions in the cloud by 2016.  Ovum claims capital markets will accelerate their adoption of cloud services this year.  And Oracle’s CEO declares that its main rivals are no longer IBM and SAP, but instead they’re Amazon and Salesforce .

All of this suggests that despite the security concerns, the cloud is gathering momentum within the industry. If you are seeing a different trend, would love to hear from you.

Alok Misra