Hamit says that Altra began its move to the cloud in 2019, just before the pandemic hit. “We just started down that path in 2019, something that teed us up for the pandemic,” he says. “We wanted to ensure we had a solid posture, so we started using CSPM tools,” including a Microsoft solution that “gives you this pipeline of different security settings and configurations.”
Key benefits of CSPM include:
• Visibility. Inventories for all assets and instances in the cloud provide banks with the big picture when it comes to resource management.
• Compliance. Assessing current practices against key frameworks such as the Payment Card Industry Data Security Standard helps firms pinpoint potential misconfigurations before they cause regulatory concerns.
• Network security. Identification of nonencrypted instances and evaluation of network policies help reduce total risk.
• Identity access management. Ongoing assessment of user access and privileges reduces the risk of unauthorized data use or transfer.
What’s Next for Banks in the Cloud?
According to the 2022 Enterprise Cloud Index survey, 82 percent of financial firms say that a reliable, interoperable multicloud cloud model is ideal, so most banks and credit unions will continue their journeys to multicloud environments.
At the same time, the survey also found that half of banks cited challenges with cloud security, while 46 percent pointed to difficulties integrating data across multiple clouds.
“You can’t go out there and make assumptions that standard controls will work in the cloud,” says Hamit. “For example, you have to consider user access. Who has access, and how much can you lock that down? Can you adopt a least-privilege methodology? Multifactor authentication?”
CSPM tools make it possible for banks to manage and monitor misconfigurations across any cloud at any time, in turn setting the stage for better security that doesn’t derail productivity.
Hamit puts it simply: “You can’t transfer responsibility to cloud vendors for data. You can hold them accountable for certifications and qualifications, but at the end of the day, we’re accountable for that information in the cloud. CSPM tools offer fast, actionable data that you can address quickly to reduce security risk.”
Bookmark this page for more stories during Cybersecurity Awareness Month.