Security

03:00 PM
Todd Gottula
Todd Gottula
Commentary
100%
0%

Navigating Cloud Security: 3 Questions to Ask

Are you considering a cloud solution but not convinced? Be sure to ask providers about their investments in regulations and security.

As the cloud more frequently makes its way into discussion, clients are not shy to raise questions about security. Despite increased adoption of cloud across the highly regulated investment management industry, this deeper questioning shouldn't be surprising as many have long been accustomed to onsite installation and have a fiduciary duty to their own clients.

The benefits of the cloud are hard to ignore. The cloud provides the opportunity to enhance solutions for the investment management community without having to rebuild core system infrastructures. It allows for more direct, anytime-anywhere access and flexibility in onboarding, deployment, and scalability. The cloud can reduce investment costs in space and money for onsite infrastructure. In short, there are potentially enormous benefits to be realized from cloud solutions as they are by nature agile and we can expect to see them evolve over time with the rapidly changing market demands for investment management firms.

We certainly understand when our clients question how secure it can really be. If you're considering a cloud solution but aren't convinced quite yet, be sure to talk to your provider about the following three things:

1. Cloud security regulation
The investment industry's relatively slow adoption of cloud services can in part be explained by concerns about compliance with regulations requiring the protection of confidential client data.

Why? Regulation and security standards are still evolving when it comes to the cloud because technologies are being developed much faster than legislative bodies can regulate. The cloud and our businesses transcend jurisdictional boundaries, but cloud services providers need to be able to adapt to the regulatory requirements of any jurisdiction.

2. The safety of security
Generally accepted practices in cloud security and reliability have begun to form. Cloud data center providers are taking countless tangible measures to assure data safety like surveillance cameras, limited onsite personnel, and strict authentication. Similarly, your solutions provider should be adding its own layers of security, such as hard isolation, secure sockets layer (SSL) communication, and more.

3. Private versus public cloud
Many firms hear the words public and private in conversations about the cloud and automatically assume private is better. In the public cloud, multiple users access computing services and data via the internet. As a result, you would notice that the sharing of resources and infrastructures enables efficiencies not otherwise possible in the private cloud setup. There are benefits and drawbacks to both public and private clouds. To learn more, talk to your solutions provider about the public, private, and hybrid options available to you.

Cloud computing will likely become more mainstream for the investment management industry before we know it. The aura of novelty will eventually fade, so now is the time to ask the right questions about security.

Todd is EVP and CTO at Advent Software. He sets the company's long-term technology and solution vision. It's his job to make sure our solutions incorporate the best technology innovations to meet our clients' needs and are easy to adopt, own and use. Before taking ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Becca L
50%
50%
Becca L,
User Rank: Author
6/30/2014 | 1:02:07 AM
Re: Compliance for the financial industry
Agreed, questions of security should be the foundation for any conversation with cloud providers. But I wonder if the bigger hurdle for companies making the leap into the cloud could is knowing what detailed questions to ask about security, and how to interpret the answers. New hires or consultants may have to be brought in to get the conversation up to speed for the firm.

Becca L
50%
50%
Becca L,
User Rank: Author
6/30/2014 | 1:01:24 AM
Re: Compliance for the financial industry
Great point, Greg. For example, Nasdaq partnered with AWS to offer FinQloud, a private cloud aimed at financial services firms. Their focus on the space helps them streamline processes to meet reg compliances at a cost savings. The specialization appealed to a lot of finserv companies, bringing them onboard even in the infancy of the industry's trust in cloud.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
6/25/2014 | 10:22:25 AM
Re: Compliance for the financial industry
Today, it seems, most financial firms are opting to go with cloud providers that offer some sort of financial-services specialization. These FS specialized cloud offerings often address some of the regulations that you mentioned and it helps in 2 areas: getting over internal cloud skepticism and compliance concerns; and also addressing regulators questions about cloud security.
ToddGottula
50%
50%
ToddGottula,
User Rank: Apprentice
6/25/2014 | 9:35:31 AM
Re: Compliance for the financial industry
Thank you for your response, Laurie.  I completely agree that audited compliance is the right place to start when evaluating providers.
anon9571238483
100%
0%
anon9571238483,
User Rank: Apprentice
6/16/2014 | 8:28:54 PM
Compliance for the financial industry
Thoughtful post, Todd.  Thanks for that.  For the financial industry, it's important that businesses contemplating moving to the cloud first ask their prospective cloud provider about their certified compliances (SOX, PCI, GLBA, SSAE-16, ISO27002, etc.) and demonstrate that an independent auditor routinely audits their processes. Compliance should be the baseline and that question should precede any initial questions about security.  Not every cloud provider has specialized compliances; if they do, they typically would then have the security that a financial services company would need. Of course, it's always a good idea to ask lots of questions before engaging with a provider.  - Laurie Head, AIS Network Cloud Hosting     
More Commentary
Surviving & Thriving in the Current Risk Management & Regulatory Environment
How financial institutions can leverage compliance initiatives to improve their business with a 360-degree view of the customer.
Markets Looking Forward to Earnings
Geopolitical risks are increasing as the markets chug through the summer months, and investors are watching their risk profiles very closely.
5 Red Hot Summer Market Predictions
With the summer starting to heat up, here are five things we will see in the financial markets in the second half of 2014.
So Much Data, So Little Time
How fast does data need to be used in order to be beneficial?
Understanding the Value of Big Data
Winning investors are embracing new technologies to make better allocation decisions.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video