The adoption rates have been slower than that of other industries, but financial institutions are finally starting to leverage the cloud in greater numbers. But they have some real concerns. Let's take a look at the explicit and implicit concerns financial firms have in the cloud.
The adoption rates have been slower than that of other industries, but financial institutions are finally starting to leverage the cloud in greater numbers. But the real story isn’t that they’re adopting it—it’s what they are adopting it for. As we discussed in a recent post, financial firms are more concerned about the security risks of cloud-based file sharing than most MSPs would like to hear.
CRM, application development, email and back-end services—these are the functions that most financial firms are prioritizing. Why is file-sharing noticeably absent? In an interview with eWeek, Luciano Santos, vice president of research and member services at the Cloud Security Alliance alluded to the reason:
"Primarily the top security concerns were more focused around data protection. Data confidentiality, data governance and data breach were the top-ranked security concerns identified by the financial institutions that participated."
So should MSPs in the cloud-based file sharing space focus on other industries? Not necessarily. With the right solution—and the proper amount of education—they can help this sector adopt the cloud for all use cases. With that in mind, let’s take a closer look at each of these concerns, both explicit and implicit:
- Data Security: Data breaches are not created equally. A breach for a small business, however damaging, pales in comparison to that of one in the financial services sector. The average cost of a data breach was around $500,000 in 2014 for all companies, but in the finance space, it’s not uncommon to see the costs reach into the tens of millions. With so much at stake, it’s not surprising why they would be reluctant to put files in the cloud.
- Compliance: PCI-DSS requirements have become more stringent, not less, in recent years, and there’s nothing to indicate that this will reverse anytime soon. Financial institutions have a hard enough demonstrating compliance—the last thing they need is to bog themselves down with the cost of a violation. In terms of data/file security, PCI might be the strictest of regulations.
- Third-party Access: With millions of files changing hands everyday—nearly all of them containing highly sensitive financial information—these companies are hesitant to grant access on anything but a need-to-know basis. As such, they tend to view cloud-based file sharing as an unnecessary risk, where files could be accessed and leaked by those who don’t truly need access to them.
It should be obvious by now that, in some ways, the typical cloud solution is not an ideal fit for financial institutions. A business-grade file sharing solution, on the other, most certainly is. If the financial industry is going to implement a comprehensive cloud strategy—one that makes full use of its key capabilities—then file sharing must be included. For MSPs, this means championing a solution that enables greater data security with features like:
- Encryption of files in-transit and at-rest
- Encryption keys modes on the server
- File and folder locking
- Remote wipes of any device
- Strict, third-party access controls & monitoring
As MSPs, we’re interested in getting your take on the matter. What are some other reasons why financial institutions aren’t adopting the cloud? And what have you done to point them in the right direction? Be sure to let us know in the comments section below.