Page 214 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 214
Information Security and Privacy
Notes to retain customers and attract new consumers. Front-end bank offices connected to
cloud-based back-end computing and analytics save substantial cost on licensing, energy
and space.
Cloud based e-invoicing provides dynamic invoices, making payments when exchange
rates are most favourable, and enabling the banks to network constantly with postal and
telecommunications companies. It improves access to social network profiles to help
reach out to new consumers in new markets.
Security Concerns
The banking industry is not so enthusiastic to embrace cloud computing in spite of its vast
potential, because of the industry’s concern on security, privacy, confidentiality, data
integrity, and authentication requirements, along with location of data, availability, and
recoverability.
Moreover, the industry has unique and dynamic regulatory, legal and compliance issues
to address before switching to cloud services. Bankers apprehend that computing in “the
cloud” is risky, as it involves outsourcing the data of its customers to third-party cloud
service operators.
In order to take advantage of the emerging powerful Internet-based business solutions,
what is needed is an IT technology architecture that combines the merits of the public
cloud with the security and data-privacy of the private cloud.
The appropriate business strategy seems to be to outsource relatively less sensitive data to
the public cloud infrastructure service with cryptography and simple password access,
along with dedicated servers with firewalls and intrusion detection devices and other
updated safety features for housing ultra-secure critical data centres that demand strong
authentication for access.
Strategic Policy
There should be a clear strategic policy for cloud computing and management, prioritising
data that can be entrusted to the cloud operator, with clearly defined service level
agreements (SLA) with milestones and a set time-frame, backed by a comprehensive
governance structure.
While choosing the cloud service provider, it is important to look into the firm’s financial
stability, ability to improve functionality and service levels and integrate data across
different technology platforms and cloud services.
The policy-based key management, with industry-standard encryption, is emerging as
the cryptography model for better control on data in the cloud as the common encryption
key management techniques are susceptible to vulnerability.
Cloud security services are emerging to address data security, privacy and compliance
risks, as well as prevention of data theft, ensuring disaster management, and detecting
compliance violations with robust server security for virtualised data centres.
Source: http://www.thehindubusinessline.com/features/mentor/article2484918.ece
14.4 Summary
Privacy over the Internet has increased some ethical issues, which is required to be dealt
with.
Privacy can signify ambiguity in case a person would like to remain anonymous. Privacy
can also be associated to the security aspect of an individual or information.
208 LOVELY PROFESSIONAL UNIVERSITY
