Securing cloud environments for financial services: Challenges brought on by emerging tech and how to address them

Digitisation and the rapid influx of new emerging technologies are driving a tectonic shift in the Indian financial sector. Many financial institutions are embracing the cloud for its agility, scalability, and cost-effectiveness; however, this migration of sensitive financial data introduces an entirely new set of challenges—especially concerning emerging technology adoption.

AI, blockchain, Internet of Things (IoT), and edge computing—these emerging technologies inherently harbour unique risks that necessitate safeguarding sensitive financial data.

Take AI-powered systems for instance; while they offer numerous benefits, we must not overlook their potential to introduce new security vulnerabilities like adversarial attacks or issues with model explainability and data poisoning. Safeguarding AI and ML algorithms in the cloud demands robust data governance: it calls for thorough model validation—a process that should be continuous—along with persistent monitoring to detect any potential threats promptly and mitigate them effectively.

Securing blockchain networks and smart contracts in the cloud similarly confronts unique challenges: consensus protocol vulnerabilities, bugs within smart contracts, and privacy issues. To address these challenges, organisations should adopt rigorous security measures such as regular audits, cryptographic controls, and privacy-enhancing technologies to ensure the integrity and confidentiality of blockchain transactions and smart contract executions.

We have also noted an escalation of IoT device utilisation within financial services for asset tracking and customer engagement applications. The rapid expansion of IoT devices incurs security risks such as device vulnerabilities, data privacy concerns, and network attacks. Securing IoT deployments in the cloud requires robust device authentication, data encryption, and network segmentation to protect against unauthorised access and data breaches.

Also, many financial services firms employ edge devices for processing and analysing data in proximity to the source. However, when they deploy edge computing alongside cloud environments, it presents security challenges. These include vulnerabilities within the edge devices themselves, data integrity risks, and regulatory compliance issues. To mitigate these risks, financial institutions should prioritise implementing robust device authentication mechanisms, encrypting data both in transit and at rest, and implementing network segmentation to prevent unauthorised access and data breaches.

Also Read

The future of network architecture: balancing connectivity and security in a multi-cloud world

Security risks in the cloud

Multifaceted security risks in cloud environments necessitate financial services firms to mitigate potential threats effectively and proactively. One significant challenge presents itself as dormant users or inactive accounts with retained access privileges; these act as concealed threats within the expansive cloud environment. Often disregarded, such accounts can furnish backdoor entries for malicious actors—a factor that makes it critical for companies to automate access revocation or account deactivation following a defined period of inactivity.

Credentials embedded within application code and throughout the software supply chain are also increasingly becoming prime cyberattack targets. This can be mitigated with the help of a secrets manager. Organisations can use an effective secrets manager, to combat these threats by centrally rotating and managing credentials, thereby eliminating vault sprawl and minimising disruptions to developer workflows.

Another case in point is IIFL, which faced significant challenges with their developers having standing administrative rights on their endpoints, rendering them lucrative targets for threat actors. A breach in even a single developer's identity could lead to severe consequences, including confidential data loss, injection of vulnerabilities, and malicious software installations, posing a grave threat to the developmental platform.

To mitigate these risks without compromising productivity, IIFL implemented CyberArk Endpoint Privilege Manager (EPM), a comprehensive endpoint privilege security solution. This strategic implementation allowed IIFL to regain control and manage access to sensitive data and applications, prevent unauthorised software installation, and fortify its development platform against malware, including ransomware. By interlocking core capabilities such as endpoint privilege management, application control, and credential theft detection and blocking, the solution provided IIFL with dynamic access provisioning, enhanced visibility into access levels, and robust security against credential theft and malicious activities.

As we can see from the above examples, organisations can successfully identify and eliminate dormant accounts by regularly auditing user activity and conducting access reviews. This action significantly decreases the risk surface for potential attackers. Equally crucial is addressing misconfigurations, as they not only create an identity blind spot but also expose organisations to a multitude of risks. The complexity inherent in modern cloud architectures often allows for undetected misconfigured settings. Adversaries can exploit this oversight—thus underlining the criticality of vigilant monitoring and maintenance procedures.

Firms must actively tackle this challenge by regularly reviewing and auditing cloud configurations. They should also enforce multi-factor authentication (MFA), and implement just-in-time (JIT) access models to limit standing privileges; these steps are crucial.

Moreover, we cannot overlook the threat of persistent access to the cloud functioning as a backdoor. If attackers compromise credentials, they could gain indefinite entry. To mitigate such risks, a shift towards JIT access, regular review of users' rights over accessibility, along with strict enforcement of MFA for high-privilege users is necessary.

Cloud environments compound security risks through excessive permissions and unrotated secrets, and emphasise the criticality of role-based access control (RBAC) along with regular permission reviews and compulsory secret rotation policies. Non-vaulted admin accounts ultimately represent exposed crown jewels, thus necessitating secure management practices to safeguard privileged access. This action is crucial in protecting against unauthorised actions.

In conclusion, financial services firms, through proactive addressing of these security challenges and implementation of robust measures, can not only enhance the resilience in their cloud environments but also safeguard sensitive data from evolving threats.

(Sumit Srivastava is Solutions Engineering Director - India at CyberArk, heading solutions and pre-sales.)