Cloud Security – EQ Bank

ebook

digital defence

Ready, Secure, Cloud

In today’s world of cyber-attacks and breaches, the need to understand security in the cloud has never been more important.

We produced this eBook to share a wealth of knowledge about cloud migration and security. Specifically, we review how EQ Bank, an innovative and leading player in the consumer banking industry, partnered with Long View and Microsoft to ensure they were laser-focused on protecting their customers’ data as the first Canadian bank to shift their core banking systems to Microsoft Azure. This eBook also covers cloud security trends, best practices and disaster recovery and backup. Long View is here to support your business as you embark on your digital transformation journey to a secure cloud.

Preview Chapters 1 & 2

Chapter 1: How Secure Are You?
Chapter 2: Cloud Security Trends – The misalignment between serious need and execution

Please enjoy the first two chapters of this eBook.

INTRODUCTION

With many organizations looking to become more agile, more cost-effective and more focused on business innovation, we are seeing “cloud-first” become a common technology strategy.

This means that large-scale cloud migrations are part of the fabric of many customer engagements here at Long View. Our goal is to help our clients realize the benefits of their cloud choices while ensuring that solid security practices are woven in, from the first strategy discussion through to deployment. Public cloud, hybrid, multi-cloud, private, governance, modernization and optimization: Customers want deep expertise to ensure that their infrastructure is secure, managed and agile, and their business protected.

We all see the news: 2019 was on track to be the the worst year on record for data breaches, with a 54% increase in the first 6 months. Yet recent research states that only 49% of organizations are encrypting sensitive data in the cloud and only 17% of companies are increasing their information security budgets. So, while more enterprises are spending money on off-premises cloud, to the tune of a 79% increase year over year, there is a disconnect in the security requirements from a focus and budget perspective.

We produced this eBook to share a wealth of knowledge about cloud migration and security. In particular, we review how our customer, EQ Bank, a new player in the consumer banking industry, ensured that they were laser-focused on protecting their customers’ data as the first Canadian bank to shift their core banking systems to Microsoft Azure.

Long View recently celebrated our 20th year in business, and I couldn’t be prouder of the growth and success that our company has achieved. Partners, employees and customers have all been instrumental in our journey since Long View started in 1999. We look forward to another 20+ years ahead of providing the best service and results that our partners and customers have come to experience with Long View.

Dave Frederickson
EVP Sales, Long View


“Cyber threats continue to grow but the response is not keeping pace. Security budget increases are averaging near the inflation rate but still only account for 10% of overall IT spend. And it’s not just about the money – many organizations continue to operate with “informal” security programs and roadmaps that have not been tested or updated to reflect the many changes (i.e., moves to the cloud) that are underway.”
– Garry Hawkings, Chief Information Security Officer, Long View


CHAPTER 1: How Secure Are You?

Only 50% of companies have defined roles & accountability for safeguarding
sensitive information stored in the cloud.

• Are you the other 50%?

48% of all corporate data is stored in the cloud, yet only 49% of companies are
encrypting sensitive data in the cloud.

• Are you the other 51%?

Only 32% deploy a ‘security-first’ approach to storing data in the cloud.

• Are you the other 68%?

Based on these statistics and what the public data breaches tell us, we have to assume that many companies believe that once they push that magic cloud button, their security requirements are taken care of. It just isn’t the case, and companies, independent of their cloud provider, need to be accountable for the security of their data, especially customer data. A recent study revealed that 46% of them stated that storing customer data in the cloud increased their compliance and security risks by 56%.

There are very broad transformations that IT teams are undertaking within their environments that are moving faster than we have ever seen from a legacy approach to modern IT. With the compliance, regulatory requirements and overall risk, where does security fit in the midst of all of this?

More people are spending more money on off-premises cloud. It is the highest category of spend, to the tune of 79% increase YoY. The median budget increase for security is only 20%.

Capital One breach that impacted 106M people
July 2019 – Capital One had been breached, spilling hundreds of thousands of social security numbers and account details into public view. The New York Attorney General is investigating whether Capital One is negligent, but the broader story is familiar: A big company let a lot of sensitive data go missing, and customers bore most of the risk.

Only 10% of IT Professionals stated that security was built into DevOps implementations with security elements.

IT Transformations

IT Transformations

“Ninety per cent of the data that we have today was created in the last two years. That’s the explosion of compute and data.”
– Satya Nadella, CEO Microsoft


CHAPTER 2: Cloud Security Trends – The misalignment between serious need and execution

Misconfigurations of cloud migrations or internal systems have opened the doors for attackers who are taking aim at companies’ lack of security. We have to remember, there is big money in the hacking game, and only prestige for some. This is costing companies in excess of $3M USD in direct costs alone, and for the more public companies, the legalities are endless, as customers’ personal information is being compromised. Even those organizations that are under regulatory bodies are not safe if all eyes are not on their security requirements.

At the recent 2019 SecTor Conference held in Toronto, Canada, several of the sessions discussed the misalignment between serious need and execution when it came to security in the cloud.

Data Protection & Security is the greatest issue enterprises are facing with regard to workloads

research 1

Companies rated security expertise as their top requirement for IT leaders, yet the same survey showed that having the right security expertise was their biggest gap. Thirty-six per cent felt that they had a gap in security expertise within their teams.

research 2

Don’t waste someone else’s crisis waiting for your own to take place

Now is the right time to learn and discuss not if a security breach is going to happen to your company, but when that security issue or crisis will arise.

Cloud Adoption Trends:

With all this fear, uncertainty and lack of preparedness from even the largest organizations, why are companies shifting to the cloud? Here are some of the top business benefits that organizations reap with Digital Transformation:

  • Customer experience, with greatly improved satisfaction and reduced churn rates
  • Faster time-to-market for new products
  • Improved employee productivity due to data-driven business intelligence and analytics
  • Reduced operating expenses, by 36% on average
  • Fewer security or data breach situations when leveraging the expertise of partners and experts
  • New digital business revenue streams that were not possible with legacy systems
  • Automation, optimization and innovation, all downstream benefits

Organizations are not getting what they need to react when or if a security breach happens. Only 52% are inviting their CISO to the table when making public cloud spending decisions.

  • Who are the 48% that are not?
  • Are you one?

An alarming factor is that cyber attacks and security breaches seem to exploit a different vulnerability of the cloud network. The target organizations belong to different industries and are of different sizes, from small to large.

This also defeats the argument that as large organizations spend more on cyber security, they are bound to be immune from cyber threats.

Don’t plan for IF a cyber security breach is going to happen, plan for WHEN.

Ready for more?

Chapter 3: A Case Study – EQ Bank Securely Moves to the Cloud
Chapter 4: There is no silver bullet to cloud; there are best practices
Chapter 5: Disaster Recovery and Backup

Fill in the form to access the rest of the eBook.