• Jim Finnerty

Is "cloud" a four letter word?

This seems to be a matter of perspective. Plucky startups have benefited from low cost cloud resources but also have little to risk in contrast with high capital industries like banking. Compound those risks with the regulatory scrutiny that can shutter doors and it becomes clear why bringing up cloud services at community banks and credit unions may have you putting a dollar in the “swear” jar. What controls are in place to secure data and what assurances are there that these policies are followed? How quickly can data be recovered in a disaster? What about connection risks that could separate data owners from business critical information? As a backdrop to all these questions, will a cloud service hold up to regulatory scrutiny in an examination?

These questions are among those most commonly asked by technology leaders from banks and credit unions considering moving ancillary network data services to outside cloud service providers. Over the past several months we interviewed over a hundred such organizations to discover the present state and direction of data storage practices by these security minded and highly regulated businesses. Participating organizations ranged in size from under $200 million in assets up to several tens of billions in assets and spread across 32 U.S. states plus the District of Columbia. They were also representative of organizations that regularly answer to examiners from some combination of state agencies, the OCC, FDIC, and Federal Reserve. What we learned has guided our design for a cloud storage concept that addresses the aforementioned questions and provides greater confidence to technology leaders and regulators while maintaining a cost effective solution coveted by boards and members.

It takes tremendous trust to move data services to outside providers and fears stem from the loss of control inherent in outsourced technology. Recent notable vulnerabilities like #spectre and #meltdown remind us that no system, however sophisticated or widely used, is guaranteed to be free from flaws. A resilient design, therefore, must prevent concentrations in risk to ensure that failure of any single part does not compromise the system. With this principle in mind data architects have designed “zero trust” networks that contain threats by preventing unfettered lateral movement within a network. The Myriad Cloud employs this principal to create “zero trust” cloud storage to contain vendor risks. This allows data owners to retain greater control and security of their information while utilizing outside vendors to satisfy an on demand need for simple, scalable, and affordable storage.

In recent months we have moved beyond concept into practice with the first version of our storage portal being used by a small but growing number of financial institutions. This storage portal is designed specifically to address the trepidations of technology leaders looking for scalable cloud and includes diligence support that appeals to examiners.

And this is just the start.

From these conversations we’ve also developed a product road map that will incorporate features and design specifically being asked for by the banking community. Ideas ranged from encryption management designs to performance enhancements that improve data recovery time and would allow for broader use of cloud storage for high performance applications. We hope you’ll check back in to follow our progress here. If you are interested in learning more about how our technology can work for your organization, please drop us a line at [email protected].

11 views0 comments