Cloud Computing in Finance Industry

Introduction

Cloud computing is one of the latest technologies being embraced in the finance industry. It largely denotes the scalable network infrastructure in which the consumers are believed to enjoy the IT services that are not limited to data and software storage. Most of the banks in United Kingdom are increasingly embracing cloud computing services. However, the most disturbing issue includes the cloud security and legal, ethical, social and professional issues cited as critical while using the cloud services. One such bank that has had such an experience is Barclays PLC. In its efforts to move to the AWS, the bank experienced a botched migration following poor IT services. The incident led to most of customers being defrauded thereby losing millions of money. Barclays came to learn that the cyberspace is almost ruined with little left to be enjoyed in the public cloud. The cyber fraud threats are still on the rise despite storing information in the cloud. Based on this, the discussion aims at establishing proposed recommendations that would help boost cyber security in the finance industry. This can further be aligned to the objective research into the current status of cloud computing, the benefits and security issues linked to cloud computing.

Research Methodology

The research on the status of cloud security and LSEP issues takes the dimension of the qualitative research method. The latter is regarded as a scientific approach of observation meant to collect the non-numerical data while keeping an eye on the meaning of a phenomenon. The approach covers the personal experience, case study, introspection, cultural texts and even interviews among others. In this context, the method plays a fundamental role in terms of producing descriptive data which is subject to interpretation with the help of more systematic methods. Qualitative methods lend themselves to the development of new theories with the help of the inductive method (Chow et al. 2009). Alongside this method, the research finds it useful to make use of secondary data with the help of a case study. The case study approach is known for analyzing specific issues that could be noticed within the perimeters of the specific organization, situation and even environment. The approach is of use in the light of the cloud security and LSEP issue facing Barclays PLC and the entire finance industry in the United Kingdom. This point out the need to evaluate the evidence in line with the components highlighted in the research objectives.

Literature Review

In the light of cloud services and the growing scope of cloud computing, the research finds it necessary to review some of the findings tapped from other materials in relation to the research topic. The essence of literature review resides behind the needful methodological and theoretical contributions other sources make towards the area of interest under research. The notable areas include the current status linked to cloud computing, benefits of cloud and the security issues associated to cloud computing.

Current Status of cloud computing

According to Mcheick et al. (2011), cloud computing has increasingly grown into a model that has paved way for the convenient, enabling and on-demand network access with the help of configurable computing resources. However, the current status of cloud computing, based on the arguments raised by Mcheick et al. (2011), is the most worrying. Issues of trust, feasibility, loss of control and the bandwidth perception have been cited as part of the challenges facing CC services. However, it is again confirmed that most of the challenges have already been handled with the help of the new technologies. At the same time, flexibility and whole idea of cost reduction is believed to have made cloud computing to receive attention across most of the organizations. Other findings produced by Khan et al. (2017) noted that the current status of cloud computing is crowded with more issues compared to what have already been solved. One of such issues is the migration, in which the IDC survey conducted in the year 2008 noted that privacy and security issues have consistently emerged when shifting data from the database to cloud. This has made most of organizations to be reluctant in making a move from IAAS to the SAAS cloud due to the fact that most of the marginal functions are outsourced. Again, Khan and Alam (2017) noted that organizations are experiencing both the unpredictable and predictable workloads, which can still be managed with the help of the virtualized resources. However, the worrying issue is not the workload the system has but the security and the SLA issue. The first security concern takes note of the physical security which can be lost due to share resources (Chen et al. 2017). The second concern revolves around violation of laws, which is something that puts the company at the risk of data seizure while the last concern settles on the storage incompatibility across the cloud service vendors.

Potential benefits of cloud computing

Müller et al. (2015) noted that despite cloud computing facing a number of challenges, it remains beneficial to organizations and businesses. The first benefit is aligned to business efficiency in which cloud computing focuses on minimizing both the costs and disruptions. The IT demand keeps an eye on the efficiency while considering the business units as platforms for automating transactions. According to findings established by Muller et al. (2015), business effectiveness is essentially aligned to enterprise process awareness instead of just focusing on cost reduction. Business effectiveness can be attained through an increase in terms of business integration and implementation of the enterprise wide systems. Same attention is given to business process improvement, establishment of common IT infrastructure and consideration of the reengineering initiatives. Cloud services would equally foster business growth through business transformation. This is accompanied by collaborations, innovation and the IT-enabled business growth. Such efforts have been aligned to enabling the business agility, managing the portfolio and establishing a flexible platform. Mcheick et al. (2011) aligned the benefits to non-functional capabilities, economic aspects and technological aspects. The economic aspects linked to cloud computing include reduction of cost, which takes into consideration the pay per use. Again, the economic side has been aligned to reduction of time across the medium and large enterprises, as well as an increase in terms of the operational expenditure as preferred over the capital expenditure. The technological aspects are aligned to virtualization or the virtual infrastructure, which increases the operational space for the organization. Matters of multi-tenancy and Security, Privacy and Compliance are equally given attention as far as cloud services are given attention. Some of the non-functional capabilities have been linked to reliability, quality of service and elasticity as far as flexibility of the system is concerned (Chow et al. 2009). Cloud services are known for making the organization more adaptable as most of the services are made available.

Potential security issues associated with cloud computing

Jathanna and Jagli (2017) asserted that cloud service models do not only facilitate a range of services to the clients but also end up displaying critical information, which may add to the security risks and issues. Data across the cloud models can easily be attacked or accessed by external hackers and the unauthorized internal employees. Some of the external hackers would get into the system with the help of hacking techniques such as network channel eavesdropping and session hijacking among others. Tripathi and Suaib (2014) believe that critical issues that bungle the cloud security include broken authentication and compromised credentials. Companies would at some point forget to essentially remove the user access especially when there are changes in terms of the job function, or even when the user quits the position. It is worth noting that the Anthem breach is believed to have exposed around 80 million customer records, which led to the stolen user credentials. According to the findings established by Jathanna and Jagli (2017), Anthem could not implement the multi-factor authentication and this allowed the attackers to obtain and expose the critical credential. At some point, developers would end up making the mistake of carelessly embedding the cryptographic keys and credentials in the source code. This would make the credentials to surface in the public-facing repositories. The second issue revolves around data breaches. Most of the cloud environments would face threats regarding the traditional corporate networks. However, given that a large amount of data is believed to be stored in the cloud servers, it follows that providers end up becoming the attractive target. When data is more sensitive, then the damage becomes more severe (Ko et al. 2011). In the financial industry, this would touch on the personal financial details and even passwords in the worst case scenario. Another danger lies with hacked interfaces as well as the APIs. It has become among the common practices that IT teams would make use of the APIs in managing as well as interacting with most of the cloud services.

Case Study

The research considered the case study of Barclays PLC, which is one of the significant players in the UK finance industry. In the year 2016, the bank declared that in two years’ time, it would have clear structures for the digital transformation project that would see the bank close the datacenters and move into Amazon Web Services (AWS) public cloud. The move to the AWS cloud commenced in spring 2016 which saw the bank employ 3000 people who would be in charge of the technological infrastructure that ranged from laptops to the established datacenters (Donnelly 2018). In April 2017, the work became immense and therefore paved way for the incorporation of the security consultants who became part of the team. Bastin noted that amid the legacy IT, the increase in the number of the outages in the finance sector has been historical. Banks would then look for a more robust system that is equally more reliable. Does the migration to the AWS mean that everything is perfect for Barclays PLC and other players in the finance industry? The truth of the matter is that banking sector in UK has been hit by several outages in the year 2018. It is worth noting that Barclays became the worst offender after reporting a total of 41 major incidents. The bank went ahead apologizing to its customers over the online services borkage which left most of the unable to access and run their accounts (Hall 2019). The event was succeeded by another outage of Visa that interfered with millions of the transactions across Europe. TSB equally lamented that 1300 customers were defrauded due to a botched migration. IT and even cloud failures among banks has been astonishing over the recent years. A chain of events and attacks are believed to have been directed at RBS, Cashplus, Equifax, Visa, TSB and Barclays as well. The question is why Barclays PLC would complain about outages and problems with cloud services in 2018 when it had already incorporated the AWS cloud in 2016.

Discussion of findings

Network and cloud security is a critical component in the finance industry. It is worth noting that most of the cloud services have made banks to quit or discard the datacenters as they move their services to cloud. However, things have never been smooth in the cloud environment due to subsequent violation of the legal terms as reflected in the SLA agreements among other challenges. Findings from the case study have noted the issue of outages as the most critical challenge across the network and cloud services (Ko et al. 2011). Barclays and other banks in the UK finance industry recorded losses due to the fact that most of the clients could not access and operate their own accounts. It is evident that such an event is a breach of the legal terms that pile blame on the AWS downtime. The same case can still happen with Microsoft and Google, which are also dominant cloud service providers in the finance and other industries in UK and the rest of the world. It is also evident that there is a professional challenge when it comes to moving a database to cloud environment. At one point, Barclays and TSB blamed poor IT services in terms of migrating the database into the AWS cloud. The incident led to clients being defrauded and some had their personal information stolen (Chow et al. 2009). This is a clear sign of data breach that is partly blamed on the IT personnel for failing to observe the security measures while moving the database. Again, the issue of data breach can be blamed on the exposed network that leaves the credentials open for the attackers. Therefore, moving to cloud does not imply or does not mark the end of cyber threats because the cloud environment offers little in terms of protecting its clients.

Ethical Issues

The case of Barclays PLC and the idea of moving the services to cloud environment has attracted a number of security, legal, social and ethical issues. First, the security issue is a notable challenge. It is evident that there was a case of data breach that led to loss of financial and personal information. This means that the system is not resilient to attacks (Pauley 2010). The issue of professional ethics is also evident with IT personnel accused of failing to take necessary measures while migrating the database to the AWS cloud. The social aspect touches on the community and the trust people have towards cloud services. It is evident that people have an idea of the possible failures of the cloud services, which sends a negative attitude across the community. The notion that outages would happen and therefore stop clients from accessing their accounts denotes violation of the SLA agreements that points out the necessary terms.

Implications, Recommendations and Limitations

Cases of data breach, cloud outages and violation of security protocols may have a bad impact on the firms in the finance sector and the clients. It is worth noting that in the light of any mentioned incident; the customers do not only lose their information but also their resources. This may affect the normal running of the banks that would be perceived to be lazy or careless in handling security matters. The same blame would be extended to cloud service providers. Therefore, a number of recommendations have been floated to improve the perception of the cloud services. Data encryption has been surfaced as the appropriate approach towards ensuring data security. This demands that any data being send to cloud need to be encrypted through a process known as the multistage encryption. Legal jurisdiction should be observed in the light of legal aspects needed for virtualization, outages, internet presence and dynamically distributed data. The implementation of all these measures might be limited by affordability.

Recommendations for Further Improvements

Further improvements on the security measures should focus on the study and implementation of the digital signatures. This goes alongside the AES encryption algorithm and the Diffie Hellman key exchange. Cloud service providers should further consider Internet of Things and what it offers as far as security is put into consideration.

Conclusion

The research has focused on discussing cloud security and the LSEP issues linked to cloud environment. With the help of qualitative research and the case study on Barclays PLC, it could be established that the finance sector is highly affected by cloud outages and data breaches among other security challenges. The implication of these challenges point at the loss of personal information, loss of resource and reputation. Some of the recommendations that have been surfaced include data encryption and legal jurisdiction among others.

References

Chen, L.L., Rendahl, R.A., Zhu, X.Y. and Zou, L.Z., International Business Machines Corp, 2017. Deploying a virtual machine in a computing environment. U.S. Patent 9,846,590.

Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R. and Molina, J., 2009, November. Controlling data in the cloud: outsourcing computation without outsourcing control. In Proceedings of the 2009 ACM workshop on Cloud computing security (pp. 85- 90).

Jathanna, R. and Jagli, D., 2017. Cloud Computing and Security Issues. International Journal of Engineering Research and Applications, 7(6), pp.31-38.

Khan, S., Shakil, K.A. and Alam, M., 2017. Cloud-based big data analytics—a survey of current research and future directions. In Big Data Analytics (pp. 595-604). Springer, Singapore.

Ko, R.K., Kirchberg, M. and Lee, B.S., 2011, August. From system-centric to data-centric logging-accountability, trust & security in cloud computing. In 2011 Defense Science Research Conference and Expo (DSR) (pp. 1-4). IEEE.

Mcheick, H., Obaid, F. and Safa, H., 2011. Cloud Computing: Past, Current and Future. In Proceedings of the International Conference on Software Engineering Research and Practice (SERP) (p. 1). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).

Müller, S.D., Holm, S.R. and Søndergaard, J., 2015. Benefits of cloud computing: Literature review in a maturity model perspective. Communications of the Association for Information Systems, 37(1), p.42.

Pauley, W., 2010. Cloud provider transparency: an empirical evaluation. IEEE Security & Privacy, 8(6), pp.32-39.

Sabir, S., 2018. Security Issues in Cloud Computing and their Solutions: A Review. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 9(11), pp.343-346.

Tripathi, P. and Suaib, M., 2014. Security Issues On Cloud Computing. International Journal of Engineering Technology, Management and Applied Sciences, 2(6).