Cloud Providers Need to Do More on Security
I wholeheartedly agree with John Rostern’s argument that credit unions need to be intently focused on security when outsourcing sensitive enterprise data [“Audit Specialist Raises Concerns in the Cloud,” cutimes.com, Sept. 26.]
However, Rostern’s concerns are mostly based on the use of large, public clouds that outsource to fourth- or fifth-party repositories. In my view, financial institutions need more than what a public cloud can offer.
Institutions should not accept anything less than a provider that stores subscriber data directly on its own redundant servers located in geographically disparate venues and offers automatic disaster recovery as part of its core service. These should be considered mandatory characteristics of the provider’s core offering, not add-on features. It also helps to work with a provider that has successful experience working with financial institutions and understanding their unique needs.
Another important consideration: Service level agreements become critical when forming a relationship with a cloud services provider. Credit unions should look for clearly defined terms in security, privacy and data accessibility. It is also key to have a transparent termination clause to help protect the institution in the event it wants to move to another provider.
Credit unions need more than what large, public clouds can offer. Instead of investing additional capital in extra security for outsourced data storage, credit unions should look to a cloud provider with a proven history of reliable, secure service.