Cloud adoption increases FS’s vulnerability to data attacks, research reveals
By Puja Sharma
Organisations in the FS are falling short when addressing new challenges to protect data in the cloud
New research launched today by Blancco Technology Group, the industry standard in data erasure and mobile lifecycle solutions, reveals the extent to which financial services have embraced cloud, as well as the effects the cloud adoption has had on data classification, minimisation, and end-of-life (EOL) data disposal.
Based on a global survey of 1,800 respondents, the study, Data at a Distance, found extensive cloud adoption, thanks to the ease of managing increasing volumes of data. However, 65% say the switch has increased the volume of redundant, obsolete or trivial (ROT) data they collect.
Increasing volumes of stored data brings with it many issues bring growing concern for organisations operating in heavily regulated markets. In addition to regulatory noncompliance risks, there are the cost and sustainability impacts of storing this data, as well as security concerns—more data means a greater attack surface and more liability in case of a breach.
Data management best practices indicate that organisations need to know what data they have collected, including its value, where it’s stored and when it needs to be permanently erased. Yet just over half of organizations (55%) can boast a mature data classification model that determines when data has reached EOL—meaning that nearly half fall short when it comes to determining when to dispose of cloud-stored data.
When asked about their cloud approaches, 60% of respondents said that their cloud provider handles EOL data for them. However, more than a third (35%) do not trust their cloud provider to appropriately manage EOL data on their behalf.
“Financial services providers handle some of the most confidential and sensitive information possible. While they have made the move to cloud for better connectivity, digital transformation, and ease of managing data, many of them are still falling short when it comes to knowing how to reduce risk and maintain compliance when that data is no longer serving a business function,” said Jon Mellon, President Global Sales, Marketing and Field Operations at Blancco.
Regular assessment of data and setting retention periods is a critical and growing concern as regulatory requirements increase for the financial services industry. The study found that 57% of organizations have a data schedule where they review different data types to determine whether data has reached end of life. But just over a quarter (28%) use the blunt approach of automatically setting a data expiration date, which is simple but ineffective: it does not consider what the data is, what it’s worth, or the risk of it getting into the wrong hands.
Financial services are, however, aware of the new challenges for managing EOL data in the cloud. In fact, 65% have found it necessary to reassess how they determine what data is no longer needed since making the switch from analog to digital. But in addition to falling short when it comes to data classification and minimization, a worrying 59% of respondents reported using processes without verified data destruction at least some of the time to deal with at least some of their EOL data. This can leave data intact and retrievable without a proper audit trail to prove proper EOL data disposal.
Best practice that may have been in place in on-premises data centers can be left behind when organizations migrate their data to the cloud. While it is standard for cloud providers to refer to data deletion or destruction processes within user agreements, the practice of receiving clear assurances that specific sensitive data has been removed for good is still in its infancy, leaving highly regulated industries vulnerable to both regulatory noncompliance and unauthorized data access threats.
Key Highlights:
- Around 65% of organizations feel that they can better manage EOL data on premises than in the cloud
- Over 63% use software-based erasure with an audit trail for managing all data – both on-premises and cloud, but a worrying 38% carry out erasure without an audit trail
- Almost 91% of those surveyed recognize data classification as an important first step for achieving data security
- About 36% are just beginning to implement a policy for data classification and minimization, with nearly one in ten yet to implement any such process.
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage
Other Related News
December 11, 2024