Back to Blog

Demand for cloud services is growing; the focus now needs to be on cloud security.

The appetite for cloud-based services is increasing exponentially among financial institutions as organisations look to capture cost synergies, obtain scalability and ensure better business continuity in their operations.
Ewelina Obrzut
divider round bottom

The appetite for cloud-based services is increasing exponentially among financial institutions as organisations look to capture cost synergies, obtain scalability and ensure better business continuity in their operations.  

Analysis by McKinsey found that Fortune 500 financial institutions could generate between $60 billion and $80 billion in run-rate EBITA (earnings before interest, tax, depreciation and amortisation) by 2030 through leveraging cloud-based solutions . Unsurprisingly, 54% of financial institutions said they expected to shift half of their workloads to public clouds within the next five years.  

Although the cloud can unlock huge amounts of potential, organisations need to be aware of some of its risks.  

Cyber-security is perhaps one of the most potent threats facing financial institutions nowadays, with experts predicting that cyber-crime could cost the global economy up to $10.5 trillion by 2025, up from $3 trillion in 2015. While cyber-crime soared during the pandemic for a variety of reasons, there is a growing realisation that companies are becoming more susceptible to attacks because of their software supply chains.

According to one study, 82% of Chief Information Officers acknowledged their organisations were vulnerable to cyber-attacks targeting their software supply chain.  As firms increasingly transition more of their operations to the cloud, managing software supply chain risks will become more complex.

As larger volumes of company data is held on the cloud, the scope for disruption through a successful cyber-attack or the illicit behaviour of a rogue employee has also increased.

So how are firms responding to this? There are tools available for companies looking to insulate themselves from cloud-based risks, most notably Microsoft Defender for Cloud Apps. Microsoft Defender for Cloud Apps provides visibility, control over data travel and sophisticated analytics to identify and combat cyber-threats or internal threats across Microsoft and other third party cloud services.

The tool has three main use cases, which are:

  • To Discover and control the use of Shadow IT: The technology can identify the cloud apps, IaaS, and PaaS services used by your organisation. It investigates usage patterns, assesses the risk levels and business readiness of more than 16,000 SaaS apps against more than 80 risks.
  • To Protect against cyber-threats and anomalies: The tool can detect unusual behaviour across cloud apps to identify ransomware, compromised users or rogue applications, analyse high-risk usage and remediate automatically to limit the risk to your organisation. These may include things like unusual volume of file deletions or anomalous activity involving the sharing of information to a personal email address.
  • To Assess the compliance of your cloud apps: The tool assesses if your cloud apps meet the relevant compliance requirements including regulatory compliance and industry standards. It can prevent data leaks to non-compliant apps, and limit access to regulated data.

With more information being stored on the cloud, it is vital organisations take cloud security seriously if they are to minimise the risk of devastating cyber-attacks. This can be facilitated by utilising best in class industry tools, such as Microsoft Defender for Cloud Apps.

Share on social media: 

More from the Blog

Good Data Hygiene Supports the new SEC Marketing Rules

The Securities and Exchange Commission (SEC) has upgraded forty-year-old rules that affect investment advisors’ (RIAs’) marketing communications to help prevent fraud. The aim of the new rules is to adapt them to modern digital advertising media and clarifying relationships.

Read Story

The SEC Proposes New Oversight Requirements for Third Parties

The Securities and Exchange Commission (SEC) unveiled protective new proposals in October 2022 which would affect all investment firms that outsource certain functions or services to third party contractors.

Read Story

ESG data reporting: SEC continue to provide guidance to firms

The SEC have continued to report that the regulatory landscape for ESG disclosure may face significant changes in order to create consistent and comparable data for investors.

Read Story