Credit unions moving to cloud computing for its countless business benefits often are surprised with an advantage they didn’t fully see coming: their institution’s information is more secure than ever.
Rather than security and compliance becoming an added cost and trade-off for their numerous cloud gains, these institutions are delighted that their information is far more secure than it was on their in-house network.
How can this be? And how could it be overlooked when it is so clear cut? Because so much myth and fear dominate the topic of cloud computing, it is often challenging to see the forest from the trees.
First, while “cloud” is a ubiquitous term, not all clouds are created equal. If interested parties interpret the term to mean public clouds, there is good reason to doubt the control structure is sufficient to meet NCUA’s stringent standards.
A community cloud built exclusively for financial institutions, however, is a different story. This type of cloud, specifically built for our industry, has vast information security protections built into its very design, and it is this type of cloud on which this perspective focuses.
The second challenge in gauging the improvement in information security is based on the due diligence process itself. In evaluating the cloud’s suitability, financial institutions have followed Federal Financial Institutions Examination Council guidance carefully—but that approach doesn’t involve comparing relative control strength.
In advocating the cloud’s control sufficiency, credit unions typically won’t want to disparage current information security because they don’t want to publicize current weaknesses, particularly to the management and board.
And so, a proposal is delivered reflecting a solution that meets the regulator’s strict guidance while omitting an answer to the question, “why will our information be more secure?”
As credit unions migrate to the cloud, however, it becomes unmistakable the extent and ways their information security improves. With the options of multi-factor authentication and at-rest data encryption, credit unions gain choices that were either not available or affordable before.
They also gain ways to lock down information with far greater control than they have ever exercised, with the ability to allow, restrict, or prevent:
- Saving files to a local hard drive or external device;
- Access by IP address;
- Access by time of day; and
- Access through a combination of the above.
Beyond protecting sensitive information with greater, more granular access control, there are several other ways credit unions have increased information security in the community cloud:
- Increased protection from viruses, worms, and malware;
- Improved resiliency from threats by mobile devices and bring your own device;
- Improved insulation from DDoS threats; and
- Increased system availability and improved, actionable disaster recovery.
These are not just “paper-based” advantages—they are real-world. In 2014, credit unions experienced one of the worst winters in a long time.
Those using cloud computing, however, fared considerably better than those with in-house networks in recovering and restoring operations at their secondary sites.