ECB warns banks on public cloud data security as hackers circle
The Capital One hack in the US came after Amazon’s operations were looked at by the Fed, so the financial industry worldwide can expect to be under even greater scrutiny.
The European Central Bank (ECB) has warned banks using external cloud services that they are a “juicy target” for hackers, as they increasingly move data from their own data centres into the public cloud.
Korbinian Ibel, a director general at the ECB’s supervisory arm, told Bloomberg: “There will be accidents, especially in the cloud. It’s not that clouds are more vulnerable, they’re actually often better protected than in-house systems, but they’re seen as juicy targets.”
European banks are stepping up their use of cloud services from the likes of Amazon, Microsoft and Google. Germany’s Deutsche Bank says it eventually wants to move the majority of its applications to the cloud from what it has called “expensive and inflexible physical servers”.
Up to now, Ibel told Bloomberg, big banks have tended to avoid putting “highly confidential data” into public clouds, but that may well change in the future as smaller challenger banks with little of their own infrastructure adopt wider cloud operations – enjoying lower costs and greater data flexibility as a result.
This is when greater risk comes in. Ibel said: “We see the benefits of cloud computing. [But] the rule is that the banker is always responsible for their data and services.
In the US, the Federal Reserve is already taking an increased interest in the data security and backup reliability of the leading cloud service providers. It recently paid a visit to an Amazon data centre in Virginia to check out its operations.
The Richmond, Virginia visit came before the recent Capital One data breach, which reportedly exposed the personal information of over 100m US and Canadian citizens. The compromised data in question was stored on servers operated by Amazon Web Services.
With hacks of this nature having the potential to dent confidence in the financial sector, it can be expected that the likes of the ECB, the Fed and other national regulators will step up their activities around the data compliance and security of cloud service providers.