As bank executives continue to debate, hesitate and worry over the security issues related to using applications that connect to the cloud, their employees are using cloud-based apps by the hundreds — often without banks’ knowledge.
The average bank had 844 cloud services in use throughout its network in the third quarter of this year, according to an analysis conducted by Skyhigh Networks, far higher than bank IT departments estimated.
“If you did a survey where you asked the financial services companies themselves [how many cloud services they use], the answer would be somewhere between 32 and 34, because you approved those,” said Rajiv Gupta, CEO of Skyhigh, which provides cloud security software.
The gap is because many employees are quietly downloading cloud services like Dropbox and Gmail, in the interest of being more productive, while a bank’s IT department is not even aware it’s happening or the potential security problems that could result. Indeed, many IT departments distrust cloud services because they do not view them as secure.
“There’s a big disconnect, and it’s frightening,” said David Albertazzi, who is senior analyst, retail banking and payments at the Aite Group. “It’s not so much about cloud computing. It’s about a failure in vendor risk management programs and overall risk assessment of the institution.”
Vendor management can often be overwhelming. Many banks deal with 500 to 1,000 venders, but only a handful are considered mission critical. But Albertazzi said it’s important that all vendors be included in the vendor risk program so that nothing falls between the cracks.
A recent Cloud Security Alliance survey found that 52% of IT professionals in financial services have been pressured to approve an app they did not think met the company’s security or compliance requirements. And IT executives themselves break the rules at times.
“I was talking to the CISO of a bank, he was nodding and taking notes, and he stopped and realized he was taking notes in Evernote, which is not an approved service at the bank,” Gupta said. “He was using a service that makes him efficient.”
Financial services companies do approve the use of some cloud services. The Cloud Security Alliance survey found that 24% of financial services companies have a “full steam ahead” attitude toward the cloud and another 62% of these companies are moving with caution.
But 76% of IT professionals at financial services companies said they did not know the scope of shadow IT at their companies, but wanted to know.
Author: Penny Crosman
Source
- The Customer Edge Drives the Need for NaaS - June 25, 2023
- Blockchain Evolves And Secures - January 13, 2019
- Bessemer Ventures’ 2018 Cloud Computing Trends - February 25, 2018