Banks unaware of cloud computing risks
New research shows that while financial services organisations are adopting cloud computing products, many are unaware of the security risks involved in using the technology.
According to a new report from Skyhigh Networks, the average bank was using 844 cloud services throughout its network during the third quarter of this year.
Skyhigh's chief executive Rajiv Gupta explained that this number is much higher than organisations would have estimated they are using.
Speaking to American Banker, he said: "If you did a survey where you asked the financial services companies themselves [how many cloud services they use], the answer would be somewhere between 32 and 34, because you approved those."
The disconnect between how many cloud services an organisation is using and how many it thinks it is comes as cloud services like Dropbox and Gmail are being downloaded by members of staff in a bid to be more productive at work.
Mr Gupta explained that he was recently talking to a bank's chief information security officer, who realised during the course of the conversation that he was using Evernote to record notes. Evernote is not a security approved app at his organisation.
David Albertazzi, senior analyst of retail banking and payments at the Aite Group, stated that it is "frightening" how little companies know about cloud security needs. He said: "It's not so much about cloud computing. It's about a failure in vendor risk management programs and overall risk assessment of the institution."
Director of information security at Western Union David Levin stated that Facebook is another cloud app that flies under the radar and potentially poses a security concern for companies.
"Your data is in the cloud, you don't know how it's being used. The users don't realise the risks, they just see it as a productivity improvement product," he said.
Businesses looking to move services into the cloud should evaluate the performance of their existing network and consider setting up a leased line or MPLS network.