Quick Stat

How many banks and insurance companies are in the cloud?

91%

2023

37%

2020

Source: Capgemini

Once a lofty-sounding dream, cloud banking is now a reality. Most institutions, even smaller community banks, have begun migrating to the cloud. According to Capgemini Research, in 2023, 91% of banks and insurance companies had initiated a cloud journey, up from 2020, when only 37% of organizations could say the same.

While bankers are migrating to the cloud, many still harbor concerns about security. As Scott Anchin, ICBA’s vice president, operational risk and payments policy, observes: “You give up some control when moving to the cloud.”  

“Cloud adoption” comes in various shapes and sizes. As the Department of the Treasury points out in its comprehensive report, The Financial Services Sector’s Adoption of Cloud Services, many approaches to cloud banking are “hybrid”—meaning they use both public and private cloud services.

Navigating a new ecosystem

What’s more, many community banks have moved to the cloud because fintech partners are there, says Anchin. He explains that in such cases, an enormous part of securing cloud data comes down to devoting sufficient time to “understanding third parties’ risk appetites, and the way they handle resilience and business continuity.”

In addition to relying on fintech partners, banks migrating to the cloud are placing enormous trust in cloud providers, such as Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform, says Anchin.

There are benefits to choosing a cloud provider. “Cloud providers know they’re massive targets, and so they’re investing hundreds of millions of dollars in their security programs,” says Anchin. “They have expertise and human capital that’s not available at scale for most community banks.”

Cloud banking accounts for other security dilemmas, as well. For instance, once data is housed in a centralized location, it’s easier to track, versus housing it in “disparate locations across various bits of hardware,” says Tracy Kitten, director, fraud and security, for Javelin Strategy & Research, a financial consultant company.

Kitten also points out that some nightmare scenarios of the past are no longer relevant. “If you have a natural disaster where your networks are wiped out, you have a backup in the cloud,” she says.

Protecting cloud data

Even though cloud banking represents a whole new reality, community bankers are beginning to understand what matters most when it comes to securing a cloud banking network:

Anand Naik
Anand Naik

Identity and access management is more important than ever. Anand Naik, CEO and cofounder of Sequretek, a cybersecurity company that offers an AI-powered security monitoring platform, maintains that the biggest security challenge in the cloud is managing identity. “In the cloud, people can access from anywhere and through any system, so managing identity becomes the biggest risk,” he says.

To manage identity, community banks must segment data, making strategic decisions about which employees need access to which types of data, says Kitten. And to do this well, community banks should establish a regular schedule for updating employee profiles, assessing access rights and making sure that the credentials of employees who leave an organization are expunged from the system.

Data can be easily anonymized or tokenized in the cloud. Encrypting the identities of customers and employees can make it far more difficult for criminal actors to gain personally identifiable information that resides in the cloud, says Kitten. She suggests that bankers also encrypt intellectual property stored in the cloud.

Vendors with cloud security expertise can be a gamechanger. Kitten emphasizes that securing a cloud banking network is rarely something a bank can accomplish on its own. Vendors such as Sequretek can provide visibility into the security concerns surrounding the digital transformation journey. Through its dashboard, says Naik, a community bank sees the threats it faces and react in real time.

Artificial intelligence can assist in detecting anomalies. AI-based systems can zero in on suspicious patterns in the cloud. As an example, Naik says that if a user logs in from New York at 12:00, and then at 12:05 that same user logs in from China, the system would flag this aberration, which might indicate personal information has been compromised. 

Educating employees about fintechs matters more than ever. Anchin urges banks to educate employees on what fintech providers are doing in terms of security, so nothing important falls through the cracks. He suggests creating a feedback loop with vendors, rather than viewing their services as “set it and forget it.”

So as your community bank shifts—or considers the switch—to cloud banking, ensure you’ve covered your bases. Because as its popularity continues to grow, cloud data and customer information will need extra protection from fraudsters lurking in the shadows.