Most finance firms are multicloud, but many are unprepared for public cloud cyber attacks

A large majority (87%) of financial services businesses have their software deployed over a mix of private and public cloud, but nearly two-thirds are unprepared if cyber attackers target applications in the public cloud.

In the financial services edition of its 2020 State of application services report, F5 found that 60% of finance firms believe public cloud platforms will be strategically important for them in the next two to five years. This is a significant increase from 49% in last year’s survey and reflects accelerating digital transformations in the sector.

But the survey, which questioned about 500 financial services firms, found that 60% of them were unprepared for an attack on public cloud-based applications, largely because of a shortage of security skills. By contrast, two-thirds of organisations are confident in their ability to withstand an application attack against on-premise applications.

“The idea that financial services applications would be the slowest to move into the cloud has been clearly disproven,” said Lori MacVittie, principal technical evangelist at F5. “Instead, we are seeing the industry go all-in on multicloud adoption as organisations seek to increase the pace of their digital transformation and more quickly to deploy the applications that will deliver a high-quality customer experience.”

Competition from fintechs in the sector has forced banks to move into the cloud rapidly. During a cloud discussion at SIBOS in London last year, a snap poll of an audience comprising hundreds of bank executives revealed that 44% were already in the public cloud, 35% were catching up, 19% were considering it for the future, and only 2% did not have it on their radar.

The snap survey also revealed that 37% were using the public cloud to complement on-premise systems with artificial intelligence and machine learning capabilities, 35% as an alternative to non-critical on-premise applications, and 28% for on-premise mission-critical applications.

As cloud adoption increases, financial services organisations need to balance innovation with security needs, but the survey found that 72% of respondents were experiencing a security skills shortage.

“Financial services organisations need to move as quickly as other industries to deliver new products and services, while meeting a higher bar on security and customer trust,” said MacVittie.

One senior IT executive in the finance sector said large finance firms go through huge due diligence exercises before deploying anything with a supplier, and he would be surprised if so many are unprepared for an attack on an application in the public cloud.

“Public cloud is increasingly popular and, in my experience, at big finance firms, any systems that are not on-premise require a huge amount of due diligence, IT security tests, they do penetration testing, data protection testing,” said the executive. “They know very well that they will be in huge trouble if something goes wrong.

“I would be very surprised if a bank, for example, would say it was unprepared for an attack on a public cloud application. Suppliers have to jump through lots of hoops to prove they are safe.”