COVID-19 has driven some fundamental shifts for financial institutions and further accelerated industry-wide digital transformation to enhance customer experience and resiliency to crisis.
While Gartner expected the financial industry to quickly move to public cloud and to see 36% of financial enterprises using cloud to support more than half of their transactional systems of record by 2020, how to migrate this sensitive personal information remains a security challenge to CIOs and CISOs of financial institutions.
Unfortunately, research finds the shift to remote work has intensified data protection challenge.
Many IT buyers assume that because they effectively outsource the running of their infrastructure to a trusted third party, the provider will take care of everything.
As revealed by a new report by Barracuda, 70% of APAC organisations relied solely on capabilities built in Office 365 to backup and recover Office 365 data. This simply isn’t the case.
In fact, Microsoft recommends customers use third-party backup, as the company only guarantees the availability of its services, not the retention of the data.
Earlier this March, Asia Securities Industry & Financial Markets Association (ASIFMA) proposed the principles for public cloud regulations and reminded its industry fellow that the responsibility of data protection are held by the financial institutions, not cloud service providers.
The root cause of many public cloud misperception is a lack of clarity over the shared responsibility model.
Shared responsibility in the cloud
Microsoft offers reliable and resilient services to ensure its Office 365 environment is always on. With its reliability and dependability, organizations sometimes overlook the part about disaster recovery.
Stated in the section 6B of its Managed Services Agreement, Microsoft recommends its customers to regularly backup their content and data and do so on a third-party applications or services.
Microsoft is responsible for the Office 365 infrastructure, but not the data. The responsibility of data disaster recovery belongs to the organizations producing it.
O365 data explosion and increased risks
As Microsoft does include some native retention, customers might not realize the limitations until there is a problem.
The same Barracuda research indicated that 58% of the APAC respondents said their organizations have experienced a ransomware attack and the new reality of remote workforce further intensified data protection challenges as businesses quickly adopt collaboration tools such as Exchange, SharePoint, OneDrive.
The tremendous growth of Office 365 data has created new attack surfaces and that is something financial institutions should worry about.
According to the Allianz Risk Barometer 2020, the average organisational cost of a data breach in ASEAN is a hefty US$2.62 million. The average number of records per breach is 22,500.
Data compliance and GDPR
Equally important to data protection is meeting the requirements of compliance. As organizations grow from local presence to regional and international, there are data compliance regulations like GDPR, PDPC and PCI-DSS for organizations to be aware of. Organizations will be in breach of the data compliance regulations if they lose it. They should realize that data in the cloud should be protected the same way as the data on-premises.
Plot a cloud-native backup strategy for data protection
Many organisations are discovering that relying on native retention services within the platform is not an effective option. The lack of granular restoration capabilities makes restoration complex and difficult to manage. They’re looking for a solution that is easy to use and streamlines the challenge of achieving effective data protection.
While remote working is here to stay, taking the time to locate and deploy an effective, cloud-based data protection solution is critical. The combination of rising cybersecurity threats and compliance issue should put this task at the top of the IT team’s to-do list for 2021.