By Kacy Zurkus
Sept. 20, 2016
Well, it's 2016, and a few years ago Gartner reported that "By 2016, poor return on equity will drive more than 60 percent of banks worldwide to process the majority of their transactions in the cloud."
Enterprises across all sectors are either in the cloud, transitioning to the cloud, or thinking about making the idea of cloud a reality.
For those who are preparing to make the move, there are a variety of concerns to consider and plan for in order to make for a smooth transition. In addition to deciding on the right cloud provider and whether to go with a private or a public cloud, CISOs also need to think about implementing solutions for controls on access, encryption, legal and compliance issues.
Russell Stern, CEO of Solarflare, said that many financial institutions are building private clouds because they buy so many computers that going to Amazon or Microsoft doesn’t save them any money.
Of greater concern than cost, though, is putting client data out into a public cloud. "The security of that has not been solved. A lot of companies talk about hybrid cloud, and they can put the less sensitive data in the public cloud infrastructure," Stern said.
Whether they choose public or private clouds, the decision to move to a cloud must be centered around security. "We are being attacked so hard from nation states that the public cloud is not sufficient in security for the kind of protection these institutions need. With the public cloud, they are not exactly sure where it is," Stern said.
Many agree that the public cloud environment has too many unknowns, especially for those enterprises that have to worry about compliance issues. For financial institutions, "The biggest concern is having a third party, which doesn’t have to be an outsider, capture your transactions in a place that is separate from the environment running the application so that you can forensically look backwards," Stern said.
Another question that should be considered before making the idea of cloud a reality is whether the cloud is a better alternative to the current IT system infrastructure. If the answer is yes, the question to follow should be how organizations can integrate their current systems with the cloud.
For most legacy systems, cloud is a worse alternative, Stern said. "For modern applications, moving into cloud is easier. But there are companies that have five to 10,000 legacy applications that were written 20+ years ago."
Is your head in the clouds?
Five questions companies should ask a cloud service or hosting company.
- Will all of the applications run in the cloud, and if they will do they need additional licensing to run them?
- What are the security benefits of moving to the cloud?
- Where is the data physically stored?
- Do we need an enterprise-wide encryption strategy?
- Will we be on our own instances, or will anyone else have access to our data?