The best way to ensure the security of the data your organisation holds is to keep all IT systems in house and on site, right?
Well, no. This actually isn’t the case. The number of high-profile data security breaches we have seen in recent years go to show just how difficult it is to protect against a determined hacker. With the focus moving to ransomware, there are all kinds of threats to be dealt with at once. Storing your data and hosting your mission-critical software platforms on premise actually makes you into a juicy target for the cybercriminals.
The threat landscape is highly dynamic and it is asking a lot of an in-house IT team – certainly in a Tier 2 organisation – to keep everything safe. After all, they could be working 24/7 to install software patches, keep anti-malware programs and firewalls watertight yet still be undone by the carelessness of an employee working in a different department altogether.
The truth is, an organisation’s cybersecurity defences are only as strong as the weakest link in the chain. Very often, this weak link is a human who uses an easily guessable password, or loses their laptop, or fails to follow other basic procedures. While password good practice should be something all employees are regularly reminded about, by moving operations to the cloud and protecting everything with two-factor authentication, asset managers can cure many data protection and security headaches at a stroke.
A laptop with sensitive information stored on its hard drive is a much greater risk than one that doesn’t have the information stored on it. If all staff are accessing mission-critical systems and documents via the cloud – protected by two-factor authentication – then a stolen device needn’t be a worry.
While the benefits of working in the cloud in terms of flexibility, scalability, and cost of ownership are well known in most industries, many asset management firms have resisted making the move to the cloud. The major stumbling block seems to be the myth that using a third party for hosting critical systems or storing data is less secure than doing it all yourself. While there is always an element of risk involved, it’s clear to me that in the vast majority of cases that asset management firms would be safer moving their operations to the cloud.
Of course, there is a lot of due diligence to be done when it comes to choosing cloud partners. You should look at their existing reputation when it comes to security, as well as their flexibility and willingness to work in close partnership with you to get the best deal. You need to be sure that the finer details of the Service-Level Agreement are understood when it comes to liability.
There are a lot of changes to how data can be used and stored coming next year in the shape of the GDPR regulations, so a good cloud provider will also be able to help you find a compliant solution. Thinking in the even shorter term, with MiFID II due to come in effect in January, cloud-based systems will enable asset managers to carry out a number of processes that had traditionally been done in a very analogue way but now require a digital approach. Again, a detailed assessment of the options will enable asset managers to find compliant and secure services.
One of the key considerations in MiFID II revolves around the secure distribution of the correct documents to the correct people, and cloud-based services provide a great solution here. Working in the cloud has many other advantages that will enable an organisation to be more efficient too. For example, multiple people can work on documents collaboratively and everyone will still see the latest version – you won’t end up with a situation where two people make edits offline to a single document at the same time, effectively turning it into two separate, different documents.
The beauty of cloud computing is that you are putting your data in the hands of experts. They live and breathe cloud services; their entire business is built upon providing an efficient, secure and trustworthy platform for their customers. They will be just as keen to protect your data as you are.
While it is still important to have an in-house IT team with the right cybersecurity skills – who are constantly being trained so these skills are up to date – by using a third-party cloud provider you are also getting additional expertise and protection. Again, these companies are actively protecting their customers from all kinds of threats every day, and have some of the best brains in the business working for them.