Safety nets on the Cloud Highway

Safety nets on the Cloud Highway

Whatever could be the reason, worldwide cloud enabled banking transformations has picked pace at an unprecedented speed. Evidence is everywhere like the raise of Opex models, higher share of SAAS offerings, Digital only branches, and usage of Multi tenancy etc. So is also the raise of leakages and the attacks on the cloud. Hence banks accelerating on this super cloud highway also needs be vary of when to apply brakes and where to place the safety nets

Cloudified & Security?

On the outer side cloud security refers to protecting data on cloud but then there is so much complexity behind this seemingly simple word. It makes me wonder how innovative can the breachers and hackers be. To just name a few are, the threat of DDOS (Distributed Denial of service attack), undercover attacks through IOT devices, hijacking at service as well as account level, Phishing, or ransomware attacks not just on customer side but also through bankers’ systems.

To protect a system, one needs to know how to break the system. Going in the same way, if we must protect the offering on cloud, we also need to know what the hackers do. To put in a nutshell: they first try to gather the footprints of the target either by passively checking on social website or actively hinging on to an insider using social engineering attack. Next, they try to do a port scanning – wherein they identify where is the application hosted on the network. Third the hackers try to get access or control on the OS using some vulnerability could be password or injections etc. Hacking does not stop here, now it is time to maintain access by way of backdoors, trojans and other type of malwares. I thought this was the end but no there is one last thing they do, which is clearing their tracks – which means hackers will ensure that the owner does not know that they have gained access, so they clear the logs and other proofs. I could not believe that there is so much engineering in this too!!!

Where are your Parachutes?  Qualitative & Quantitative intelligent safety nets

“Every problem contains within itself the seeds of its own solution” – Stanley Arnold

• The first and foremost is to prevent a social engineering attack. Now this is tricky because it does not target technology but instead targets a person. Ex: one could be tricked to open a seemingly genuine email – like phishing emails to collect your reward or attend to court etc. Here is where training and educating employees, conducting mock social engineering tests, virus email filters will help.
• Next is to safeguard our network and prevent unauthorized access to servers. Here is where appropriate firewalls & Identity access management comes in handy.
• Moreover, we can step up our security with Three Factor authentication i.e. password(1FA), OTP or ATM/Card Pin(2FA) and then the fingerprint or retina scan(3FA).
• Inaddition to above we need to have appropriate Intrusion detection and prevention systems in place to inhibit the malwares like computer worms or Trojans.
• Anomaly based intrusion detection system (ex: Wireshark) which can sniff the network traffic and logs the same. These logs can be analyzed offline and use them to prevent DDOS type of attacks.
• Unsupervised Machine learning can be used to study the network traffic and further train it to detect network attackers either from internally or externally.
• We can also try diverting the attackers using Honey pots and networks. These are set with intentional vulnerabilities and invite attacks. This keeps us aware of new attacking techniques. 
• Incase if hackers could cross the network security stage and reach the OS and systems using vulnerabilities then end point security likes blocking malwares can be used.
• Even if the hackers reach to a stage of stolen credentials, they should not be able to read what is stored. Here comes the need of encrypting data both during transit and at rest.

Conclusion: My way is the highway with safety nets in place

There is no seeing back on the cloud highway, banks need to steadfast. While the security risk is real on cloud, but the benefits that bank gets on cloud migration overtake these risks. Hence the way forward is to have a basic but a robust framework in place to safeguard as listed below:

1)    Initially assess how much secure is the cloud infra in comparison with security benchmarks

2)    Use Automation and Machine learning to constantly detect the security threats

3)    Have a stringent access management. There needs to be a BCP (business contingency plan) by regularly backing up data – so that downtime can be minimized even if there is an attack.

4)    Ensure that critical digital assets are cryptographically encrypted

5)    Last but not the least, securely protect and manage the keys