By Sanjai Gangadharan, Regional Director, SAARC, A10 Networks
Changing customer needs and preferences are driving the evolution of a new financial services industry. As established incumbents compete head-to-head with digital-native competitors to deliver differentiated digital experiences, the speed, agility, and quality of service delivery has become critical for success. To support rapid innovation and digital transformation, financial services organizations are turning to public cloud, private cloud, and hybrid cloud environments—a move that can bring both powerful benefits and considerable challenges.
A recent survey by A10 Networks and Gatepoint Research explored this trend in depth, asking senior decision-makers at leading financial institutions about their current plans, concerns, and priorities for their hybrid cloud and public cloud environments. Participants offered their views on topics from cloud form factors, to regulatory compliance and governance, to securing web applications against threats including ransomware, data theft, and DDoS attacks. The results show decision-makers are seeking to balance the agility and scalability of the cloud with requirements for cyber security, compliance, and operational consistency.
Making the Switch to—and from—Hybrid Cloud and Multi-Cloud
Under half of respondents reported hosting applications primarily in the cloud—but the financial services industry has not abandoned its legacy roots just yet. The majority of survey participants still rely primarily on their private on-premises data center for application delivery. However just over a third also described their environment as hybrid cloud, a model in which public cloud services complement private cloud resources—as distinct from a multi-cloud strategy, in which organizations use multiple cloud services within the same enterprise architecture, with or without integration to on-premises resources.
The willingness of financial services IT leaders to pick the right environment for their applications can also be seen in the five percent of respondents who planned to repatriate applications from private cloud environments to their on-premises data center, indicating not every financial application may be suited for certain clouds. While some verticals show a full-speed-ahead attitude toward the cloud, financial services organizations are paying close attention to form factors, architectures, and deployment methods to make sure their cloud strategy truly fits their business needs.
Ransomware, Data Theft, and DDoS Attacks Raise Security Concerns
Storing and processing vast amounts of sensitive personal and financial data, financial services firms are a rich target for cybercriminals. Top concerns cited in the survey included ransomware, the theft of personal identifiable information (PII), and phishing or fake sites. The impact of such incidents on a company’s reputation can be severe—especially in an industry built on trust. Indeed, more than a third of respondents expressed worries about the kind of incidents that can erode a company’s public image, citing hacking, cyber defacement, and brand damage or loss of confidence. DDoS attacks, which can degrade service and customer experience, represent a significant risk as well in the highly competitive financial services space.
As public cloud, private cloud, hybrid cloud, and multi-cloud reshape IT architectures—and erode the effectiveness of traditional network cyber security strategies—financial services IT leaders are taking new approaches to protection. More than two-fifths of respondents had already established a timeline to introduce a Zero Trust cyber security model, in which access controls are extended throughout the environment rather than being limited to a hardened network perimeter, and users both inside and outside the organization must be authenticated and authorized prior to connection.
Technical countermeasures are proceeding as well. As cybercrime groups continue to target financial firms with DDoS attacks, nearly a third of respondents plan to deploy or replace an existing web application firewall or DDoS protection solution. But progress is not always swift; 29 percent of organizations are working to upgrade their TLS capabilities to support modern PFS/ECC encryption standards to meet consumer and organizational expectations around privacy and security, while meeting the performance impact of the more advanced standards.
Investing in Hybrid Cloud Cyber Security and Management
As financial IT decision makers set their budget priorities, cyber security comes first—by a large margin. Nearly three-quarters of respondents said that security was the most likely driver for new technology investments. Operational improvements and cost savings were each named by nearly two-thirds or participants, while regulatory compliance rated nearly as high.
Perhaps surprisingly, innovations keyed to business considerations received much less emphasis than operational benefits. Roughly one-third of respondents named such factors as revenue generation, customer satisfaction, and business advantage from new technology. Even fewer were motivated by the ability to accelerate development speed.
Just as the changing perimeter has spurred interest in Zero Trust security, the rise of public cloud, private cloud, and hybrid cloud has brought new focus on polynimbus management for unified cross-cloud and on-premises control. Asked about the most important capabilities for financial platforms running in hybrid cloud environments, top responses included regulatory compliance, redundancy and disaster recovery, comprehensive application security, and centralized management and analytics.