The average financial services company has more than 1,000 cloud services in use, yet 93% of those services aren’t considered ‘enterprise ready’. That’s just one of the trends highlighted by Netskope’s latest Cloud Report for Financial Services.
Security is a key concern in every industry, but in financial services it’s absolutely crucial. In an industry where so much is at stake, both for corporates and consumers, there are huge responsibilities in terms of IT security and data loss prevention (DLP) – not to mention regulation and compliance.
That’s something that EveryCloud, as a specialist in tailored cloud security, is keenly aware of. We invest a lot of time and energy in tracking the security trends affecting specific industries, and in working with providers who can meet their changing needs. That’s why we want to share the findings of Netskope’s report, which details many of the challenges financial services companies face as they navigate the shift towards the cloud.
It certainly makes interesting reading. Cloud services are clearly flourishing within financial services, yet the overwhelming majority of those in use don’t meet Netskope’s criteria for ‘enterprise-ready’. What’s more, the report notes the continuing proliferation of unsanctioned ‘Shadow IT’ services, where employees and even whole teams start using free or cheap, widely available consumer cloud services as a quick-and-dirty solution for their IT needs. That’s something that should worry any CIO in financial services. How can you ensure compliance when you can’t control where and how data is being stored and used?
Here’s more reason to be nervous: the report highlights the emergence of a new class of hybrid Internet threat, combining cloud services and more traditional web-based threats as a vehicle for malware. The initial attack comes through a phishing email or a compromised website, but then calls back to command and control services hosted on Infrastructure as a Service (IaaS) platforms, cloud storage services and other Web platforms. This doesn’t just make the malware brutally effective, but also very difficult for conventional security solutions to detect.
The report notes that 3.3% of enterprises are seeing these hybrid threats in their environments, and it’s a figure that looks set to rise. In any case, with backdoor vulnerabilities, mobile malware and Macro-borne ransomware still going strong, financial services companies didn’t really need anything more to worry about.
The insights don’t end there, with information on the reach of specific cloud services within financial services, and on the challenges facing users of many services when it comes to readiness for the upcoming GDPR regulations, which apply from May next year. It also looks at the growing impact of collaborative cloud services on DLP violations, as employees misuse them in ways that don’t exactly demonstrate compliance – or common sense. The report even makes three simple recommendations that could result in quick security wins.
As the provider of a leading cloud-scale security platform, Netskope knows what it’s talking about. Our partnership is a core relationship for EveryCloud, helping us deliver technologies that can help financial companies block DLP violations, apply robust, compliant security policies and detect and deal with emerging threats. That gives us a platform we can build on with technologies from other vendors, plus our own industry-specific knowledge and training expertise. We can help financial services companies secure their data, but also help them raise awareness and change employee behaviour, closing down the vulnerabilities that leave them open to attack.
If you want to know more about the state of play on cloud security for financial services, we’d urge you to download and read Netskope’s report. You can find it to download here.