Banks and Cloud Adoption — Why we’re exploring Cloud Security Posture Management (CSPM)
Banks are large and primary targets for some of the worst cyber criminals in the world. In 2019, Capital One suffered one of the largest ever thefts of personal data (100 million customer records) and was fined $80million for inappropriate risk assessment in their cloud migration.
Recent security breaches show that unfortunately there is a security tradeoff that comes with cloud adoption. It’s understandable that David Solomon GS CEO is of the view: “you’ve got to go slowly and you’ve got to go cautiously,”
What is CSPM and why is it important?
- Security posture refers to an organization’s overall cybersecurity strength and how well it can predict, prevent and respond to cyber threats.
- Cloud Security Posture Management (CSPM) is the process and set of tools to understand and manage the cyber security strength (security posture) of your cloud and cloud applications such as to monitor it and enforce security.
CSPM tools are increasingly important as enterprises move to cloud, given a firm’s attack surface grows significantly (the different ways an adversary can breach/enter their network) as a result of running 1000s of SaaS applications and Cloud services off premises.
CSPM and enterprise cyber-resilience — You cannot protect what you cannot see and do not know!
CSPM tools help enterprises continuously track what’s going on and where to ensure compliance and remediate the risk of a breach. Through these tools a firm can understand and monitor:
- What services are we using? → what IT assets does my firm have?
- What data is being accessed? → is mission critical data secured?
- Who is using these services? Who is accessing what data? → user management & entitlements
- How much are they using them? → legacy applications can be a source of malware
- Are there any misconfigurations? → the biggest issue in cloud security: 65–70% of all security issues in the cloud start with a misconfiguration according to Trend Micro, Gartner estimates up to 99% of breaches in 2023.
- Are we compliant with security best practices and regulation? → e.g adhering to the requirements of ISO standards
Why we’re exploring CSPM
Illuminate Financial is an early investor (Seed & Series A) in Enterprise Tech that will shape the future of Financial Services. Cloud Migration is key to digital innovation, but we recognize the security challenges it presents.
We are helping solve this problem by investing in companies like Profian, that bring confidential computing to enterprises enabling firms to secure their workloads in the cloud.
“ Banks’ spending on cloud computing services is forecast to grow more than 16% a year through 2024 to $77 billion, compared with 4.5% annual increases in their overall IT budgets” — IDC market research
We think CSPM is going to be an important segment of that tech spend as it can help catalyze bank cloud adoption.
So, if you are building a CSPM solution to help Financial Institutions:
- Analyze their current security posture
- Identify protection gaps that are increasing their risk
- Take action to eliminate those gaps and risks
We would like to talk to you!
