Recently, several potential cloud security gaps have been identified that could impact organizations in the financial services industry. These cloud security gaps cannot be resolved by human intervention alone, but businesses can use a financial services cloud management platform to mitigate threats from cyberspace.
Nobody really knows how much of a target the financial services industry is for cybercriminals. Every cybersecurity blog you read tells you the financial services industry features in the top three industries targeted by cybercriminals (along with healthcare and utilities), but these blogs are compiled using reported attacks; and, when you operate in a regulated industry, you have to report attacks by law.
By comparison, organizations operating in the pharmaceutical, entertainment, and gambling industries are not required to report cyber attacks, even though data breaches in these industries could result in a much higher level of identity theft. Obviously some organizations do (Sony for example), but stating that the financial services industry is a top target for cybercriminals is misleading. Nobody really knows.
The exposure to risk when you operate in the cloud
Undoubtedly every organization that operates in the cloud has greater exposure to risk. It’s not that cloud services are insecure. They´re not. The greater exposure to risk is attributable to there being more attack vectors and because organizations—used to operating behind the protection of a firewall—deploy assets in the cloud without appropriate security safeguards.
One security review in 2017 found 35% of S3 storage buckets on Amazon’s AWS cloud were unencrypted, and that 7% of the storage buckets had unrestricted public access. Effectively anyone with knowledge of the storage buckets´ URLs could access their content, view it, and download it. In one high-profile case, the personal details of 198 million voters were left exposed for eight years.
It’s not just data stored in cloud storage volumes that are at risk. The IBM X-Force Threat Intelligence Index 2018 reports more than 566 million records were breached due to misconfigured databases, with a further 393 million records accessed without authorization due to misconfigured directories, programs, and backups—all of which could have been avoided with appropriate security safeguards.
How do you know the status of your assets in the cloud?
There are two ways of determining the status of your assets in the cloud. You can use a configuration security monitoring tool to identify misconfigured assets and make corrections, or you can use a financial services cloud management platform. Both solutions do the same thing in terms of identifying and correcting misconfigured assets, and applying policies to prevent future misconfigurations.
However, a financial services cloud management platform offers several other security mechanisms that can further enhance the protection of assets in the cloud. For example, with a financial services cloud management solution you can apply policies to identify and alert you to:
- Users with misconfigured access controls.
- Users with too broad a span of control.
- Accounts not compliant with password policies.
- Disabled multi-factor authentication.
- Encryption keys in need of rotation.
- Assets with unauthorized open ports.
- Unauthorized changes to security groups.
- Logins from unrecognized IP addresses.
- Unencrypted storage volumes.
- Storage volumes with public access.
This list is really no more than the tip of the iceberg. A financial services cloud management platform can alert you to any potential security event, application vulnerability, insecure interface, or suspicious behavior on your network. In many circumstances, the platform can be configured to do more than just send alerts. For example it can execute Lambda functions or terminate non-conforming assets.
Further benefits of a financial services cloud management platform
Inasmuch as a financial services cloud management platform is an effective tool for mitigating the threats from cyberspace, its primary purpose is to enhance the management of your cloud environment. In this respect, the platform can be used to optimize asset cost and performance, analyze relationships within your IT infrastructure, and enable “hands-free” governance via policy-driven automation.
A comprehensive reporting suite helps you identify trends and inefficiencies, cost gaps, and opportunities to respond quickly to changing market conditions. A financial services cloud management platform gives you complete visibility into your IT operations, a secure environment in which to operate, and a competitive advantage in a rapidly-evolving industry.
Please note: the capabilities listed above are based on the CloudHealth financial services cloud management platform. Not all cloud management platforms share the same capabilities.
