We recently caught up with Ofir Shabtai, CTO of Shield, an Israel-based Regtech firm.
Banks are crawling toward hybrid cloud solutions. Given this key trend, Ofir Shabtai from Shield talked abut how to balance the modern need for the cloud with the security of on-premise solutions.
Shabtai explained that banks have traditionally resisted a shift to the cloud due to the extremely sensitive nature of customer data, which results in only 79% of banks still being in the “foundational stages” of their transition to the hybrid cloud (compared to 80% of enterprise orgs that are benefiting from fully deployed solutions).
The team at Shield has helped deploy the first banking cloud solution across AWS, and claim to have worked with the world’s premier banks to deploy safe, efficient cloud solutions.
Our discussion with Ofir Shabtai is shared below.
Crowdfund Insider: How can banks balance the modern need for the cloud with the security of on-premise solutions? Why are banks finally moving towards cloud adoption?
Ofir Shabtai: Banks have historically hesitated to adopt modern cloud solutions due to fear of disruption to productivity, costs and most importantly, the security risks associated with integrating into the cloud. Data that banks are responsible for hold extremely sensitive information and with just one accidental leak or breach, personal information from customers and other data can be compromised, ruining a bank’s operations and reputation.
However, in the past year, global regulators have entered a strict enforcement period by continuously introducing new laws and regulations that banks are now required to comply with, specifically around how financial employees communicate. Since 2020, banks – similar to all other industries – have had to introduce new communication channels (i.e. WhatsApp, Slack, Zoom, etc.) to continue operations as the workforce became more remote.
While these channels ensured banks were able to continue business operations, a lack of surveillance and monitoring around these communications provided the perfect foundation for market abuse and manipulation. Three years later, regulators are now heavily enforcing new measures to investigate and properly monitor these channels and the information they possess.
In the past, banks relied upon on-premise data archives to meet compliance requirements, however, now that there is such an increase in the amount of data and number of communication channels, banks are no longer able to keep up as legacy archiving solutions are now overwhelmed and lack the agility needed to maintain compliance. Today, financial institutions are now finally looking towards modern solutions to meet industry demands, with the most prominent being cloud adoption.
Crowdfund Insider: What cloud solution is best for banks without compromising their security?
Ofir Shabtai: The biggest challenge banks face is understanding how to maintain security when transferring data from an on-premise application to being in the cloud, due to their on-premise applications being complex and the type of legacy infrastructure they’re made from. To ensure banks receive the flexibility and scalability of the public cloud without compromising their security and control of the private cloud, banks will need to look towards a hybrid cloud solution and approach.
Hybrid solutions allow banks to essentially have the best of the both worlds, providing them the ability to maintain a secure, controlled archiving application on-premise while simultaneously allowing the flexibility and cost savings of cloud deployment.
By utilizing hybrid cloud solutions, banks will have the speed to access human-readable data, without sacrificing the security concerns of on-premise, legacy technology that they are currently facing. With a hybrid cloud infrastructure, banks will also be able to quickly adopt the latest technological advancements that are essential to today’s day-to-day operations and allow banks to quickly adapt to new regulations.
Crowdfund Insider: How can banks securely transition to the cloud?
Ofir Shabtai: Integrating any type of cloud solution involves a multi-step process that keeps security, costs and efficiency at the forefront. Due to the complexity of on-premise applications and the overhaul needed to integrate a hybrid cloud, banks will need to put together some form of integration strategy that focuses on security and implements visibility for all parties involved.
Strategies must also be prepared for different scenarios and risks that are associated with integration. Adopting a hybrid solution also provides the perfect opportunity for banks to get rid of operation systems that are no longer necessary.
Most banks have also integrated multiple different tools and software to ensure business continuity as the work-from-anywhere environment began a few years ago. Now, banks must analyze and decide which tools and processes will be most effective and efficient before they adopt hybrid cloud solutions. Additionally, banks must also test all systems and ensure no glitches before full cloud integration takes place. Failure to do so can result in security breaches or lost data because systems are not operating cohesively.
After banks deploy their hybrid cloud solution, they will need to prioritize educating employees on the newest technologies and protocols. Banks will need to define clear roles for both internal employees and also all outside vendors to avoid any day-to-day disruptions or security risks. After everyone is up-to-date and systems are running smoothly, banks will then need to conduct frequent monitoring to gain insights into whether the hybrid cloud is meeting organization expectations.
Crowdfund Insider: What regulations do banks need to know about when moving to the cloud?
Ofir Shabtai: Thanks to the work-from-anywhere trend that has been popularized these past few years, new compliance regulations for banks have emerged, specifically around the cloud and data privacy. Regulators are increasingly introducing new standards and compliance laws. For example, California announced in February 2023 it will begin enforcement of a strict data privacy regulation called the California Privacy Rights Act (CPRA).
However, with banks operating in multiple states and countries, keeping tabs on singular privacy and cloud laws will obviously not be sufficient. Banks must be educated on the latest regulations and cloud compliance requirements across borders or face the large fees and industry scrutiny that are sure to follow.
Working and keeping a relationship with your cloud service provider will be key to keeping up with the amount of cloud requirements and differences between states and countries. On top of ensuring internal compliance, banks are also required to maintain that all vendors are also complying with regulatory standards, as well.