Enterprises have truly embraced cloud computing, with a recent survey showing more than 88% of corporates indicating they not only use cloud, but are likely to increase their usage in coming months. In the same survey, nearly one-quarter indicated that they plan to move all applications to the cloud by next year [1] .
It’s clear there has been a paradigm shift over the past decade in how companies run software applications and process the associated data. It’s also clear cloud computing is increasingly the backbone of modern IT systems.
This shift has exposed new challenges that enterprises must now contend with — first among these is data security and privacy. Another recent survey revealed two-thirds of corporates regard security as the greatest concern in their enterprise cloud computing strategy [2]. These concerns are warranted, as using a third party cloud service involves entrusting the provider with sensitive corporate and client information.
This concern is especially valid in financial services, where data security and governance are intrinsically linked with a firm’s viability and success. Yet IHS Markit reveals a growing adoption of cloud computing in asset management, where cloud adoption has reached a tipping point, with 80% of firms saying they’ll use cloud for data management by the end of 2020 [3].
These trends confirm that modern enterprise data security requires robust cloud security. Bond180 have carefully considered the design of our cloud-based suite of applications to follow industry leading guidelines around cloud security. Today, we want to share a few of our best practices:
Choosing the right provider: When designing cloud applications, selecting the right provider is key for supporting application features and security protocols. One of the great advantages of a cloud application is that the application designer can leverage the maturity and experience of the underlying infrastructure provider. In our case, we utilize a host of AWS services which are battle tested and hardened to adhere to the highest standards of enterprise security. We also use AWS storage services like S3, DynamoDB and AWS-managed infrastructure for our ElasticSearch cluster and relational databases. These come with out of the box configurations to encrypt stored data and robust sharing and access frameworks linked to AWS Identity and Access Management (IAM).
Principle of Least Privilege: Most major cloud providers offer identity and access control frameworks to allow users to fine tune access and sharing of resources both inside and outside the organisation. Configuring and managing necessary security controls for cloud resources is critical for successful cloud operations. Further, most cloud security issues are centered around access control, as many shared responsibility models in cloud computing services leave these aspects configurable by the customer [4]. Thus, having a well maintained and documented access control policy that accounts for varying levels of permission configurations and user types is key to avoiding unwanted scenarios in application and data access. Bond180 have a robust set of roles and privileges defined using the AWS IAM service, with several different tiers of user access control to cater for access across multiple applications and shared resources in a multi-environment architecture. Generally, these permissions and user types are defined with the principle of least privilege, where permissions enable operations on a narrowly defined set of resources. Additionally, these permissions definitions are closely monitored and reviewed.
Avoiding misconfiguration and automating infrastructure: Human beings are prone to error. Unfortunately, this also applies to software architects (😉), and therefore the most secure mechanism of operating cloud resources is to automate the whole process as carefully reviewed code. As such, tools like terraform and serverless have sprung up in the cloud community to allow developers to consistently manage complex cloud configurations that span multiple inter-related resources across several tiers of environments. Bond180 use both terraform and serverless to provision all cloud resources and store our entire configuration as code in our repositories. This allows for detailed review and analysis of configurations prior to deployment on production environments, ensuring there are no access or security surprises.
Flexibility with client needs: At Bond180 we understand our clients have varying degrees of cloud adoption that will be dictated by client specific IT and compliance frameworks. We are flexible around defining bespoke configurations for our clients to ease their onboarding and use of our cloud applications. Our use of infrastructure as code patterns allows for such client specific customizability to be easily achieved.
Other measures: There are many other best practices worth noting, ranging from multi-factor-authentication for cloud console access and data encryption configurations on resources storing client data to regular cloud architecture audits and penetration testing.
The journey to the cloud is not just ongoing but accelerating. The powerful and secure fintech applications of the future are being developed on the cloud today. And many financial institutions are already well advanced on their journeys towards being cloud native for the many processes and workflows. Bond180 have designed our cutting edge DMS, IAN and 180Match products as cloud native tools with the standards of enterprise security and data management our client expects .
[1] Swoyer, R. M., Steve (2020) Cloud Adoption in 2020, O’Reilly Media. Available at: https://www.oreilly.com/radar/cloud-adoption-in-2020
[2] Columbus, L. (2018) 83% Of Enterprise Workloads Will Be In The Cloud By 2020, Forbes. Available at: https://www.forbes.com/sites/louiscolumbus/2018/01/07/83-of-enterprise-workloads-will-be-in-the-cloud-by-2020
[3] McDowell, H. (2019) Buy-side ramps up cloud adoption for data management. Available at: https://www.thetradenews.com/buy-side-ramps-cloud-adoption-data-management
[4] AWS (2020) Security and Compliance — Overview of Amazon Web Services. Available at: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html
