Ensuring infrastructure and data security is critical to any investment firm, regardless of whether its infrastructure lives on-premise or in a cloud environment. But there have been lingering concerns throughout the industry about security in the cloud for quite some time, particularly for hedge funds and other financial services firms who rely so heavily on the safety and security of their data.
The reality is that there are security concerns with any type of technology infrastructure. Doing comprehensive due diligence around cloud architecture, management, security policies and service providers will go a long way in satisfying those concerns.
Threats in the Cloud
The Cloud Security Alliance had identified some key threats for both infrastructure and application services in the cloud. They include:
Shared technology issues: At the heart of cloud computing is the premise of sharing underlying infrastructure components. If security requirements and protocols are not integrated into the shared infrastructure at multiple levels (i.e. computing resources, storage, and networking) then vulnerabilities could exist. This is particularly crucial to keep in mind when evaluating public cloud environments, through which there can be limited isolation.
Data loss or leakage: This is a real, yet unacceptable risk for any investment management firm, and the impact is far-reaching. Just as with traditional on-premise environments, threats in the cloud can include accidental deletion of data, unauthorized access or database corruption. It is essential to have strong controls in place, as well as data encryption and data protection processes.
Unknown risk profile: Another threat, which may cause a firm to accept unknown risks, is lack of knowledge of a cloud provider’s security protocols and policies. It is important to inquire about a cloud service provider’s security software, update and patch procedures, intrusion detection and alerting and overall security design.
Next week, we’ll take a closer look at some specific security considerations for evaluating a cloud services provider, including multi-tenancy concerns, physical security, and virtualization and server security. In the meantime, click here for more information on Eze Private Cloud Services.
Photo Credit: Flickr