Integrate Cloud Solutions With Caution

We have been monitoring cloud offerings for a while now, and when I stepped down as CIO in December, we were planning to get our toes wet by moving our Microsoft Exchange email services to the cloud. We’re still very cautious about moving any customer financial service systems to the cloud or integrating our offerings into legacy financial services systems that house customer data.

However, we have integrated outside portal solutions for leads and sales automation into our Microsoft CRM system, which can also display customer data from our back-end legacy systems. To do this, we hardened our MS CRM servers and placed controls around the ports that communicate with these outside portals. Now we use our MS CRM system and gateway as the go-between between anything in the cloud and our back-end legacy systems.

I believe financial firms are still cautious around cloud computing in relation to customer data. For one thing, we are still responsible for compliance with laws and regulations around information privacy, regardless of who is housing the data. So some fear loss of control around this data and believe it can be controlled best internally, where we can touch it and where we have our own physical, logical and other controls. We also control staffing and determine who can and can’t have access to the data. And we can monitor activities and do the forensics in the event something does happen to sensitive data.

A cloud vendor, in a relatively immature industry, may not have the same sensitivities and responsiveness to these issues as we do -- or that we think they should. Segregation of sensitive data with enhanced controls is also a concern with cloud vendors. I do believe cloud computing will succeed and continue to gain market share across all industries as it matures and the serious providers survive. In time, there will be a meeting of minds and a level of mutual trust built around the security and controls needed by various industries and information types.