Cloud Sprawl in Financial Institutions

Leaking Data to the Cloud

Bob Lund, chairman and CEO

According to Computer Business Review, Cloud Sprawl is defined as the uncontrolled use of public cloud services in an organization with little or no input from management or IT.  It is especially problematic in the financial industry where rapidly growing amounts and variety of data have surpassed the IT department’s ability to provide adequate data management solutions.

Here’s a common scenario: one bank department uses Amazon Cloud Drive while another uses SkyDrive, and other employees use Apple iCloud or DropBox for collaboration.  None of the solutions are compliant with banking regulation, nor under the supervision of the IT group.

The growth of Cloud Sprawl is being driven by complex and lengthy IT provisioning processes, an unmet need for flexible, available document management solutions, the low price point of public cloud services and applications (easy to charge to a p-card), and the familiarity of employees with public cloud services.

The key concern for financial institutions is that uncontrolled public cloud deployment models are leading to security and compliance risks.

Some of the specific problems that Cloud Sprawl poses for financial institutions include:

• Data resident in accounts that don’t meet the bank’s security or compliance standards
• Unauthorized access to regulated data, including customer data
• Employees forgetting to delete data in cloud accounts that they set up
• Potential of data loss if the owner of a cloud account leaves the bank
• No corporate ability to audit usage and content of disparate cloud accounts and resulting inability to identify data risk and compliance problems

Not surprisingly, 67 percent of IT executives at companies with over 1,000 employees are worried about Cloud Sprawl, according to a 2012 study by Vanson Bourne.  Fifty-four percent of these IT executives admit they are unsure how many cloud services their employees use.  Worse, 20 percent of IT executives say it is “impossible” to manage disparate cloud services, finds Kelton Research.

eGistics provides applications for financial services that help control Cloud Sprawl, and delivers them on a highly secure, highly scalable cloud platform that offers:

• Tight user security 
• Activity audit reporting
• Data management procedures focused on banking compliance
• Centralized administrative control over secured data and its access
• Standardized workflows and processes 

The eGistics Cloud Sprawl solution builds on our:

• Fourteen-year track record in delivering cloud solutions
• Footprint in the largest financial institutions
• World-class infrastructure designed for data security and 7/24/365 access
• PCI certification and compliance with HIPAA, SSAE 16, SOC 1 & 2, and FFIEC

Feedback
If you are in a financial institution, and are seeing the effects of cloud sprawl, share your ideas and experiences!

90% of Businesses Think They Are Inefficient. So What?

Randy Davis, Vice President Sales and Marketing Operations

A competitor recently came out with a "press release" based on a survey of 5,500 company records managers that claimed "Ninety Percent of Businesses Believe They Are Inefficient."

I'd like to know who the 10% of businesses that believe they are efficient are.

This is a bit like saying, "90% of all people think they don't exercise enough." OK, now what? According to the survey results, most of the companies already have in place "formal programs for how their companies should manage information," which, I suppose, includes eliminating obstacles, removing paper, idling back the copier, etc.

This news release seems a bit like motherhood and apple pie.

I would imagine that most people would settle for bringing more efficiency to a single, departmental process rather than to an entire company.

How about this for capturing and eliminating paper, automatically organizing it, and then quickly finding it:

• Use bar codes to identify form document types and identify account holders. You can inexpensively create label sheets of bar codes, or forms that automatically print with bar codes, that contain simple information such as:
  
  
• Account ID
• Document Type

One of our customers uses this simple technique to seamlessly and automatically process documents during the scanning process. 

• Scan documents using a system that can automatically ID the documents, separate them, index and organize them, route them to the required work queue, and securely store them.
  
  
• Shred any documents that do not need to be physically stored by law, regulation, or company policy
  
  
• Use a cloud service provider to eliminate capital and reduce the need for IT maintenance.

If you have any other practical advice on how to bring efficiency to a business process burdened with paper, let us hear from you.

Security in the Cloud: Don't Let It Stop You

by Randy Davis, Vice President, eGistics

The primary reason companies cite for not taking advantage of Cloud services is concern about security. So it comes as a bit of a surprise when security analysts say, "Don't let security concerns stop you from migrating appropriate pieces of your IT operations to cloud-based services," as they did in a recent InformationWeek Analytics report of Cloud Security (5 April 2011). Of course this advice comes with fair warning about doing your homework, and hinges on the word "appropriate."

The authors of the report point out that better security is not a reason to move to the Cloud, but undue concerns about security is not a reason (in many cases) not to, either. Still, in a recent survey, 53% of 208 respondents not planning to move to the Cloud cite security as a primary reason for not doing so. The InformationWeek Analytics report suggests that their concerns may be misplaced, and based on old data.

The fact is, remote hosted services have been around for years, hosting billions of items of data for highly security-sensitive companies (like financial services companies processing check and credit card transactions) and doing so in a proven, secure environment. If financial processors trust your transactional payment data to the cloud, why wouldn't you trust, say, your business forms to the cloud?

Some Cloud providers can provide better security than you can, believe it or not. They've already addressed, through extensive cost, time and effort, the requirements of the Payment Card Industry, or SAS70, or HIPAA.

So the report concludes, it's not a matter of whether the Cloud is secure, it's a matter of (as in any business environment) whether your chosen partner has adequately addressed your specific security concerns. You may be pleasantly surprised to learn that they have.

Let us know if you agree, or whether you have security concerns that cannot be addressed by Cloud service providers.