How should banks and financial services companies fine-tune their security policies to account for multi-cloud scenario, ie have complete security control when using cloud applications like O365 cloud, Salesforce, Cornerstone, etc?
Three CISO have responded to the query by Banking Frontiers in the cover story. Nabankur Sen of Bandhan Bank says he would recommend that logs be shared by the cloud service providers with individual companies to enable them to integrate these logs with their SIEM so that any untoward incident can be identified first hand and suitable alerts generated. “This practice, if established, will go a long way in companies adopting cloud services more and more,” he adds.
Allahabad Bank CISO Vivek Gupta feels use of strong public and private encryption mechanism, ensuring data at rest, in motion and in process to highly secure, cloud computing can be explored. Without this, the cloud computing may not be secure, says he. “Similarly, DLP, ISO certification, frequent security audits, compartmentalization of resources and support, strong localization of data etc in cloud computing would leverage proper use of vast potential and comfort of installation, migration and usage, in addition to being very cost effective in shorter run,” he adds.
Prateek Mishra of IDBI Federal Life Insurance Co is categoric: “Cloud Access Security Broker (CASB), which is on-premises or cloud-based software, must be appropriately implemented by assessing each cloud scenario.”
– Manoj Agrawal, Group Editor, [email protected]
