Banking in the Cloud: A CIOs Perspective on Adoption, Security and Financial Prudence

According to the Vision 2023 Report on Digital Acceleration Insights for Asia Pacific by StrategINK, over 82% professionals in the BFSI industry believe that cloud computing is a key technology driving digital transformation. Furthermore, 83% of financial services companies already use cloud infrastructure in some capacity. Cost optimization, enhanced security, increased agility and flexibility, ability to innovate faster are some of the top reasons for increasing cloud adoption in BFSI.

To further understand the current landscape and future trends of banking and financial services in the cloud, we have insights from Mr. Bhagwati Dubey, Chief Information Security Officer (CISO), Axis Mutual Fund.

What are the most common cloud applications, which currently are dominating BFSI and are any new applications expected to transition to cloud?

The most common application of BSFI that are on cloud as learning management, attendance, ITSM- IT support and ticketing, IVR Bot for customer support. In the near future, applications that require computation power and do not have any regulatory compliance requirements will see a transition to the cloud. However, the cloud journey of banking is more peculiar than other industries due to a lot of regulatory binding and compliance.

Would you agree that cloud computing has delivered on its promise of reduced costs and financial savings by justifying the investments?

Cloud investment is justifiable for compute and automation requirement. Though it’s easy to move on cloud but not easy to come out of cloud. Invariably, the cost effectiveness is demonstrated by the ease and flexibility for scale up and down, which is difficult to achieve with an on-prem solution.

However, cloud investments keep on increasing once you have adopted the cloud. You can’t control automation and customer expectation; at the same time your data keeps growing in the cloud. Nevertheless, cloud adoption cost is justified with increase in customer adoption and experience and finally increase in market share. The cost effectiveness or ROI with customer experience can be improved and achieved with cloud adoption due to scalable environment that is part of cloud services.

At the same time, there are indirect ways in which cloud computing facilitates cost savings in terms of property cost, energy, human resource, management of IT infrastructure, E-waste management and carbon emission management.

Invariably, there are certain factors which are preventing companies in BFSI from realizing the financial prudence with cloud, including:

  • Lack of local regulatory compliance
  • Lack of visibility of assets and cost calculation
  • Lack of skilled resources

Furthermore, cloud cost exploitation is more in terms of capital investments of data that is stored and processed over there.

Do you believe the nature of attacks is changing in cloud for BFSI and are you rethinking your security strategy to address new attacks or will the on-premise approach continue to dominate mitigation?

So far, the attack faced by BFSI with respect to cloud is due to miss configuration and lack clarity on roles and responsibility of CSP and the customers. At the same time, since the attacks are becoming increasingly automated, it is integral that the response and protection also scales up to that level. Here is a list of Cloud Security Standards theta BFSI organizations can adopt for better security and resilience:

  • ISO-27001 / ISO-27002
  • ISO-27017 / ISO-27018
  • General Data Protection Regulation (GDPR)
  • System and Organisation Controls (SOC) Reporting (SOC 1, SOC 2, SOC 2+ and SOC 3)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • CIS AWS Foundations v1.2
  • CIS Controls Top 20
  • NIST cloud security framework

Overall, by adopting managed services and with right hiring or upskilling to manage the organization, cloud adoption can be enabler to create value to businesses, while mitigating the security threats for BFSI.

Will 2023 be the year of public cloud repatriation?

Considering the cyber-attack, hacker targeting the cloud environment, lot of regulatory imposition across the world, cloud adoption in BFSI will see a limited growth. Some of the factors that might pose as a challenge leading to anticipated public cloud repatriation include:

  • Increase in cyber-attacks.
  • Increase in regulatory adversaries with regards to cloud
  • Lack of skill sets

With regulatory interventions, the visibility and security management has improved. With such awareness, risk of public cloud is more visible and that can lead to challenge is public cloud adoption. Overall, there will be a transition to hybrid cloud adoption that I can see based on the requirements of customers and regulators.

About Author

Prateek Tokas
Bhagwati Dubey
Chief Information Security Officer (CISO)
Axis Mutual Fund
Bhagwati Prasad Dubey is currently the CISO at Axis Mutual Fund. He has more than 10 years of experience in the IT and information security domain. Before Axis, Bhagwatiprasad served in leadership roles in HDFC Life as Senior Manager Information Security, Tata AIG General Insurance Company Limited, and SBI Life Insurance Co. Ltd. driving technology controls and leading the Infosec practices.

Disclaimer: The views expressed in this feature article are of the author. This is not meant to be an advisory to purchase or invest in products, services or solutions of a particular type or, those promoted and sold by a particular company, their legal subsidiary in India or their channel partners. No warranty or any other liability is either expressed or implied.
Reproduction or Copying in part or whole is not permitted unless approved by author.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Sign Up for CXO Digital Pulse Newsletters

Sign Up for CXO Digital Pulse Newsletters to Download the Research Report

Sign Up for CXO Digital Pulse Newsletters to Download the Coffee Table Book

Sign Up for CXO Digital Pulse Newsletters to Download the Vision 2023 Research Report

Download 8 Key Insights for Manufacturing for 2023 Report

Sign Up for CISO Handbook 2023

Download India’s Cybersecurity Outlook 2023 Report