According to Right Scale’s annual State of the Cloud Report for 2019, 94 percent of technology companies use the cloud. Amazon Web Services (AWS), Microsoft Azure, and Google Cloud are the most popular.
InformationAge found that 70% of financial services companies are still in the early stages of cloud adoption. Most FinTechs have identified “gaps in skills” as the main reason for poor cloud adoption. The most needed skills are the following:
- Cloud platform expertise (named by 46% of firms)
- Information security (42%)
- Cloud platform functions (37%)
The State of the Cloud Report names security as one of the top cloud challenges. For the financial industry, information security is crucial. Even a single data leak can cost billions, not to mention lost resources on fixing the flaw and the company’s reputation.
See our “Customer-Side Security on AWS” white paper for our accumulated cutting-edge expertise in helping FinTech businesses adopt AWS cloud.
As a matter of fact, cloud service providers (CSPs) cannot be responsible for all the data, applications, and activities that take place in the cloud. This is why they established a high-level delineation of security responsibilities between the customer and the CSP, called the Shared Responsibility Model.
In sum, CSPs state that they are responsible for infrastructure security, whereas customers are responsible for security measures in managing access to instances and applications, as well as firewall and database configurations.
Without exact determination of who is responsible for what, FinTech business stakeholders are exposed to an array of security risks related to permissions, logging, data encryption, and so on. We analyze these issues in our white paper.
How is security provided in AWS?
As one of the leading providers of cloud services, AWS offers manifold services, such as storage, computing, analytics, machine learning, security and compliance, and many more.
It is important for FinTech executives to understand the high-level aspects that may pose threats to their businesses. In our “Customer-Side Security on AWS” white paper, we introduce best practices to help FinTech firms meet their security needs.
When it comes to security, Amazon Virtual Private Cloud (Amazon VPC) and AWS Identity and Access Management (IAM) are worth mentioning as security pillars that any FinTech executive should be aware of. Amazon VPC enables customers to select the desired level of security, whereas IAM organizes user and credential management.
AWS provides customers with detective controls designed for monitoring events, auditing, analysis, and alarming. Our white paper discusses AWS detective tools and logging solutions.
To ensure data security, encryption is widely used. Investor PII, cardholder data, and investment portfolios are examples of sensitive data that should be encrypted, even in the lab environment. AWS customers should consider in-transit encryption, as well as encryption of data at-rest.
Detailed information about AWS services for protecting data in-transit and server-side and client-side options for encrypting data at-rest can be found in our “Customer-Side Security on AWS” white paper.
When FinTech firms plan to adopt AWS, security is often their number one issue. How can they set up an AWS account securely? How can they control access to instances? What are the recommended baseline configurations to protect data on AWS? These and more questions are discussed in our free white paper, “Customer-Side Security on AWS.” It can help FinTech firm stakeholders understand what security aspects to consider when they decide to move to AWS cloud.