Other parts of this series:
This blog series has been examining why financial services institutions are reluctant to adopt various public cloud solutions even though these firms stand to benefit significantly from doing so.
This week, I’ll examine why questions over a couple of data-related issues are needlessly troubling decision makers.
One fear that many firms have about the cloud is that there is no secure way to store data on it. Data security is a legitimate concern for Financial Services businesses, since their reputations depend on their ability to protect clients’ personal information from cyber criminals. But there are services firms can retain to:
- Encrypt all of the information that is stored in the cloud.
- Provide additional layers of encryption for related applications that cloud service providers do not control.
These services—independent entities that hold the data-encryption certificates and sit between the end-user and the cloud application—keep data continuously secure. These services encrypt information while it is in transit, and only the resulting ciphertext is stored in the cloud application. This means that data is secure both in transit and at rest, since the cloud provider cannot decrypt it.
Another major concern for firms about migrating data to the cloud is that they will have no way of knowing where that data will actually reside. Businesses do need to keep tabs on the location of data for regulatory compliance purposes. However, many cloud service providers guarantee that data will be retained in locations pursuant to the laws and regulations their clients must comply with. For example, many cloud service providers assure their U.K. clients that their data will remain in either the United Kingdom or the European Union. That meets with the U.K. Information Commissioner’s Office’s data residency requirement and complies with the Data Protection Act.1
As we deepen this discussion, next time we’ll look at why moving to the cloud isn’t complicated, and how companies have more control over cloud providers than many realize.
1 “Sending personal data outside the European Economic Area (Principle 8),” Information Commissioner’s Office. Access at: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-8-international/