Security Trends in Cloud Computing Part 1: Financial Services

In 2012, Microsoft Trustworthy Computing launched the Cloud Security Readiness Tool (CSRT) to help organizations understand their current IT infrastructure, identify relevant industry regulations, and evaluate whether cloud adoption will meet their business needs.

The CSRT includes a survey with 27 questions and provides a free, customized assessment based on the answers. You can access the tool and related information at http://www.microsoft.com/trustedcloud.

The aggregate data from the survey have also provided some interesting insights, and we’ll be sharing some of those findings in a four-part blog series beginning today. We’ll take a closer look at four specific industries – financial services, healthcare, retail and public sector (government), and examine how cloud adoption could reduce security risks in those industries.

We begin our series with a look at the financial services industry–one of the world’s largest by monetary value, with direct impact on the lives of billions of people around the world. Financial services organizations handle trillions of transactions each year, and many of their customers expect cutting edge technology and services to manage those transactions efficiently.

Financial firms also handle sensitive information about individuals, companies, and other parties. Protecting that information is a critical component in building trust with customers.

Hiring a cloud service provider (CSP) can help financial organizations improve their data security profile. Experienced CSPs typically employ large teams of IT security and compliance experts who can manage their customers’ systems more efficiently and troubleshoot when something goes wrong.

A good example is disaster recovery. In the event of an earthquake, civil unrest, or other unexpected calamity, a disaster recovery plan can help ensure services continue to operate. Yet in one of the more interesting findings from the CSRT data, 38 percent of financial institutions say they have not budgeted for a disaster recovery plan.

Cloud computing can help reduce risk exposure through shared responsibility of disaster recovery plans.  Many larger cloud providers have the appropriate infrastructure to help ensure customers’ data is protected in the event of an unforeseen challenge.

Some financial services providers may also face regulatory requirements regarding disaster recovery. In the United States, for example, the Securities and Exchange Commission has indicated that a disaster recovery plan is required as a fiduciary responsibility.

The CSRT data contain many other interesting findings.  If you work in the financial services industry and are considering cloud adoption, I encourage you to download the full report, “Security Trends in the Financial Industry” to see how the cloud can benefit your organization.

About the study
The results are based on aggregated and anonymized data, collected from more than 12,000 respondents who have used the CSRT. The tool includes a survey for organizations considering cloud services, and provides guidance on whether cloud adoption will meet their business needs.

About the Author
Adrienne Hall

General Manager, Trustworthy Computing

Adrienne Hall is a General Manager in the Microsoft Trustworthy Computing group, where she leads a team of information technology (IT) professionals who are focused on the security, privacy, reliability, and accessibility of devices and services built on Microsoft technology. Read more »