BSA blog

BSA blog

News and views on topical issues from BSA staff and guests.

Sign up to receive blogs

By subscribing you consent to us sending you blogs

Blog

Guest blog: Safety in numbers: Security in the Public Cloud

Guest blog by Guy Griffin, Client Partner, Banking & Capital Markets, DXC Technology

In his latest guest blog, Guy Griffin, Client Partner, Banking & Capital Markets, DXC Technology, lays out the key critical elements banks and building societies should consider to become best-in-class public cloud-first companies.

The convention of security as a building surrounded by barbed wire and dogs with big teeth is a well-founded one. It is natural to consider something secure if you can see it, lock it, and direct a camera at it, safe in the knowledge you’ve paid for the right security people and chosen somewhere unlikely to be hit by a meteorite or an earthquake.

However, there is also the convention of safety in numbers. We know that being part of a large herd makes you statistically safer than going alone. Nobody wants to be the lone wildebeest.

The trouble is that if you’re in a competitive market then you may not wish to share the same safe patch of ground with your competitors, including customer data. For banks and building societies, there is the added complication of operating in a highly regulated industry with customers who wish to consume products and services in an ever-increasing number of ways.

One possible answer to the dilemma is to return to the well-worn adage that ‘banks (and building societies) do banking’ and ‘tech companies do tech’. There’s a lot of truth in these statements, however, if that means handing over infrastructure operations up to and including processing sensitive data, it’s easy to see why there could be hesitation.

To help make sense of this is to consider not just one’s own organisation but the market in total. Even the largest tier-one banks are not able to invest in security at the same level of the hyperscalers of this world and they do so for dozens of sectors, not just financial services.

With this kind of scale, it’s not only investment cloud attracts, but also talent. The diversity of challenge and dynamism of strategy that comes with working for a hyperscaler has brought some of the best in the business to the fore.

Despite the obvious benefits of herd mentality, journeying to the cloud needs to have a clear strategy. Without proper modernisation, the widely advertised cost advantages can sometimes fail to materialise and flaws in connectors emerge. These can impact customer and colleague interactions and put the security of the operation at risk.

Further, there are risks associated with handing over too much data over to a third-party entity to safely house and process. This must be strongly considered by all regulated entities, and clients must always have command and control over any critical infrastructure in the organisation, regardless of where and how it is hosted.

Getting the balance right enables organisations to reap the benefits of security in the cloud, with its leading resilience protocols and top-flight talent, without losing sight of the criticality of the customer journey.

The challenge is to understand how making an organisation more secure might mean not knowing precisely where parts of the operation is housed and handing it over to a third-party company who many not even have the keys to it themselves. In that scenario, it’s easy to see why the forces behind security threats find the cloud a less attractive target.

DXC works with more than 60 financial services organisations in the UK, helping them get the most out of their journey to the cloud from managing cost to ensuring resilience.

For more information visit www.dxc.com


The views, opinions and positions expressed within guest blogs are those of the authors and do not necessarily represent those of the BSA.

Posted by Guy Griffin on 13 September 2021