- Security TWENTY
- Women in Security Awards
In conversations with banking and finance customers around the world, I hear the same message again and again: we must embrace digital disruption to get an edge, writes Mark Johnson, Head of EMEA at Symphony, a security and compliance product company.
But I also hear another message: can we trust software providers with our most sensitive information?
Studies from the World Economic Forum (WEF) and Harvard, to EY and PwC all point to evidence that digital trust is declining just when we need it most. Who could forget the large scale data breach that hit Equifax, compromising the personal information of 150 million people? The sad reality is that a breach of this scale no longer shocks us, but the result is a decline in overall trust. For highly regulated industries like finance, this means questioning the strength and security of new digital platforms.
Take, for example, the proliferation of new communication platforms within the financial services sector. Many banks use collaboration or chat apps to instantly find and share data, connect with colleagues and customers, or automate routine tasks to help them do their jobs better and faster. This is just the kind of innovation the financial sector needs to adopt. Time is money – and these apps save both.
However, these communication platforms may also pose security, regulatory or compliance risks to companies whose employees use them. These are powerful tools but they are not as trustworthy as you think they are. This is because they rely on the public cloud to store and process all of the data shared on them. No amount of internal security processes at your company can change that. The risk is inherent in the architecture of traditional cloud-based collaboration solutions. You could take the trust fall – close your eyes, lean back and have faith that these platforms will ward off all the efforts to assault them.
But you might want to think twice. Cyber-criminals are expected to steal 12 billion digital records this year, according to Jupiter Research. When you add in the 430 million types of malware that Forrester has identified online, and the assault on banks, government agencies, and tech giants every day, safeguarding every piece of data could be a tough promise to keep.
Luckily, there are alternative ways to share sensitive data that enable collaboration and lead to innovation and don’t require the proverbial “trust fall”. With careful planning, businesses can still leverage the public cloud while protecting their data. They way forward is to return control of data back into the hands of the companies that own it by securing it with true end-to-end encryption, providing customers full control of the keys, and processing data only within the customer premises.
Using a combination of end-to-end encryption and on-premise key storage, data can be more safely stored and moved in the cloud. Keeping data encrypted means that even if a hack occurs, the data is unreadable. And storing keys on-premise (and not in the cloud, like many services do) limits the possible attack radius.
The ultimate result of this model? Businesses can make the most of digital transformation with minimal risk. This means the ability to more quickly drive forward technological initiatives that add real business value and help you make or save time and money.
Financial services companies must digitally disrupt themselves, not just to remain competitive, but to remain in the game at all. Many are already doing so and those that wait too long to move will be left behind. But those that will truly succeed are those that can do so all the while earning and maintaining trust.