It’s impossible to escape the cloud today, regardless of if we’re talking business or personal. There’s a reason your phone’s local storage hasn’t skyrocketed along with storage technology itself. There are a lot of people who stand to benefit from forcing more and more of the world’s most important data into the cloud, and now even the world’s most successful fintech companies are feeling the pressure to conform.
Some of the most convenient (and potentially money-saving) new innovations for fintech companies do require the freedom of the cloud. Unfortunately, some of the most devastating cyber attacks require that freedom as well.
Companies crave the universal access and easy recovery times cloud can offer, as well as the feeling that some sort of insurance policy protects them from losses associated with data breaches. First: This often untrue. Second: Dissociating IT and cybersecurity from the company’s overall structures of accountability can turn short-term savings into long-term problems. Cloud can be an attractive option to many—but think carefully before embracing a solution too new for the unique demands of the fintech industry.
Accountability breeds security
You just never know what calibre of IT professional lives on the other end of a cloud connection. The security workers at cloud service companies are often very good—but they’re just as often terrible. To a cloud services company, your security is exactly as important as that of every other client they have. Your account might see work from only the best of the best, but it might just as easily get assigned a slacker destined for an abrupt termination. Financial cybercrime threats are at an all-time high, so even a small increase in risk can mean loss of data—and funds.
The point is, you won’t know whether or not you’ve gotten a good or a bad cloud team until a real problem arises. It’s not just a matter of leaving obvious security holes—it’s that you have no way to enforce the proper security procedures. Everything from browsing history to social media habits can offer an inroad to attackers, and there’s absolutely no way to verify the diligence of some faceless server tech at a company you don’t control.
No borders mean no border guards
The core promise of the cloud is to create a “borderless” IT environment, where all employees and even customers have access to the same, high standards of IT service. The problem is, everyone doesn’t bring the same level of diligence to the table on the user side. In an office, IT security procedures can control the types of devices or even the individual machines that connect to the company network, and protect against intrusion through a vulnerable or infected personal device. In the wild, it’s impossible to control anything like that. A lazy password on one social media account could allow access to a ton of information—and provide a foothold to the cloud.
Once in, attackers are mostly free to do anything. It’s harder to detect an intrusion when the physical location of a connection is no longer an important signal of legitimacy. Modern attackers can often find ways to jump from one compromised cloud-client to the next one hosted on the same service—meaning it’s not just your company’s security that affects your company’s safety. Cyber border guards are all that stand between attackers and your company’s most sensitive data. We don’t want to get rid of them all, just yet.
The thing about the cutting edge of technology is that it’s very new, and that means it’s often full of bugs and obvious security holes. Remember that by putting information in the cloud, you’re making access to that information remote by its very definition. As remote access becomes the norm, it becomes much easier for attackers to automate connections for large-scale testing of a system for weaknesses. Hackers can now even create distributed botnets, sometimes even made up of the defending company’s own hardware.
Take, for instance, the blockchain. This distributed ledger technology could revolutionize how the financial world does business, greatly increasing the speed and profitability of the average trade—but the newness of the blockchain led to incredible security breaches and some of the largest monetary losses of all time. Blockchain may very well be the future of the industry, but you don’t want your company to fall victim to one of the many errors that will occur as it slowly self-corrects its way to dominance of the market. Maybe blockchain will be a big part of fintech’s future—but unless you work for one of the biggest corporations in the world, the inherent risks of the blockchain mean it still shouldn’t be fintech’s present, either.
Financial companies are given an unparalleled amount of trust by their clients. If something goes wrong, nobody wants to hear that someone else is really responsible. More than just about any other type of business, financial services companies take extreme, direct heat from customers when they suffer a security breach—even if the responsibility to protect against it was technically farmed out to a third party. The cloud and its many splinter technologies will almost certainly find a way to appeal to fintech’s need for unparalleled security, but that day’s not today.
Don’t look too jealously at the cloud services used by less vitally important companies than yours. For anyone with real value on the line, the cloud can still function as little more than a huge, enticing trap.