There is no stopping the move to the cloud. Adoption of the public cloud is expected to hit $236 billion by 2020, up from $114 billion in 2016, according to Forrester Research. The Microsoft Azure platform is at the forefront of this trend, assisting countless organisations to move either to the public or hybrid cloud.
But the move to the Cloud has to be done smartly. Legislation such as the EU’s General Data Protection Regulation (GDPR) has to be carefully considered in the design of any cloud-based application. And hand in hand with that comes the need for integrated security. In a recent blog post, Forrester analyst Jennifer Adams wrote that “this rapid shift to the cloud raises new issues and challenges for security and risk professionals.”
Some organisations that rushed to the Cloud without proper planning are struggling to secure systems and information. Without experienced Azure and SQL developers at the helm, basic security best practices have been omitted. In a recent report, the Cloud Security Intelligence researchers at RedLock found that 31% of databases in the public cloud were accepting inbound connection requests from the Internet and 93% of public cloud resources allowed any and all outbound traffic.
Financial Security and The Cloud
Financial services are perhaps under more pressure on cloud security than any other sector. On the one hand, there is a great demand to move there. However, there are unique security requirements to fulfil and they demand a higher level of due diligence. After all, the confidentiality and integrity of customer information are at stake, not to mention vast amounts of money. The stakes are so high that developments on the regulatory front could see banks and other financial firms facing fines of up to 2% of global turnover for serious breaches. With the GDPR becoming enforceable in 2018, financial organisations providing cloud-based systems must do everything possible to ensure they are well designed, secure and compliant.
Ballard Chalmers has deep experience in designing secure and (going forward) GDPR-compliant cloud-based systems for the financial sector. Security best practices are incorporated into cloud systems from the outset, backed up by thorough penetration testing before anything goes online.
IPES Capital Tracker
As the software development partner for Ipes, for example, we designed, built and delivered Capital Tracker a cloud enterprise application to manage private equity funds. Truly ahead of its time, this fully bespoke system complies with all aspects of the Data Protection Act and passed banking level penetration testing with flying colours prior to its launch. This project entailed a user interface based on ASP.NET controls, Microsoft .NET Server-side security to ensure that each user could request specific pages and financial applications, as well as the abundant use of SQL Server and T-SQL development tools.
The resulting system achieved several firsts. It provided investors with real-time views of investment activity, transfers, and multi-national transactions. It achieved web-based access to live banking information without the need for upload to a presentation system. Ipes became the first private equity fund services provider to directly access the same information as banks. This has enabled the firm to negotiate favourable rates for its clients.
While the software was developed by Ballard Chalmers, it was done in tight coordination with Ipes. In fact, an embedded team worked side by side with Ipes development personnel to ensure the system met exacting specifications. “Capital Tracker now controls every aspect of our business,” said Tim Andrews, Director of Development at Ipes. “It’s our software, we have the flexibility to add enhancements when we want, and we are well supported by Ballard Chalmers.”
It takes the right partner to find the correct balance between cloud development and security best practices. Ballard Chalmers has decades of experience assisting the financial sector and other regulated industries in bespoke software development on the Microsoft platform. Get in touch for an initial no-charge informal discussion to find out how we can help you.