Global financial institutions are putting personally identifiable data, such as names, addresses and phone numbers, in the cloud, according a global study – but companies in the Asean region are treading with more caution.
While CipherCloud’s recent Global Cloud Data Security revealed that banks across the world are putting customer data in the cloud, Asean finance firms are using the cloud for specific business lines and functions, say regional analysts.
The CipherCloud report surveyed more than 50 global banking and financial services firms, including some in the Asia-Pacific region. One-third of those surveyed use the cloud to store highly sensitive personally identifiable information, such as social security numbers, birth dates and tax IDs. The survey showed 47% use the cloud to process personal finance data and 53% have business confidential data in the cloud.
But Asean firms prefer to focus on internal functions. For instance, Thailand’s TMB Bank allows its staff to use Microsoft Office 365 as a cloud-based productivity system for communications and collaboration, Philippines Business Bank (PBB) has implemented a private cloud strategy for datacentre and virtual disaster recovery, and Hong Leong Bank in Malaysia has decided to deploy a private cloud strategy.
The CipherCloud findings debunk the notion that financial institutions shy away from the cloud and show that these firms are increasingly mature in their cloud data protection practices.
But Ho Sui-Jon, market analyst at IDC Financial Insights Asia/Pacific, says these figures may not apply to the Asean region. Ho says the maturity of cloud technology adoption among financial institutions in the region varies by country and by sector.
“Financial services is one of the leading industries that continues to champion the cloud agenda, surpassed only by the communications and media sector for most of the Asia-Pacific region,” he said.
As regards financial services' use of cloud, the issue has never been about security, as is often cited as holding back adoption, said Ho. “It is likely that the fragmentation of policies and regulation have done more to hold back forays into the cloud than actual breaches,” he added.
Read more about enterprise IT in the Asean region
Although financial institutions are venturing into the cloud arena, it will be a while before an Asean bank embraces the cloud as fully as Australia's ING Direct, one of the first banks in the Apac region to fully migrate its core systems onto a (private) cloud, said Ho.
“Financial institutions [in Asean] are likely to continue pursuing their cloud agenda in specific business lines or functions – social analytics, prospect management, data management and internal shared services, and will continue to do so opportunistically until market-wide structural reforms are seen,” he said.
Structural reforms that could encourage cloud adoption include regulatory requirements and major infrastructure investments, such as a national high-speed broadband initiative.
The CipherCloud report pointed to security challenges as the main reason why organisations might miss early opportunities in the cloud. “Today, organisations struggle to extend their on-premises data protection practices into the cloud,” the report said.
“The result is inconsistent security practices, data protection gaps and security blind spots. This may slow down firms’ cloud migration journey and impede the business from fully capturing the potential of cloud computing.”
