Nearly two out of three financial service firms in Malaysia are developing a cloud strategy. However, not all have a security plan in place. The lack of data security and compliance management continues to be a pressing issue. This is according to the Malaysia Financial Sector Cloud Adoption Report by the Cloud Security Alliance (CSA).
According to the report, 64.7 per cent of the country’s financial service companies claim to be developing a cloud strategy, while 17.6 per cent already have on. As for the remaining 17.6 per cent, they have a strict no-cloud policy.
Security Leadership is yet to be Established
Despite their growing affinity with the cloud, 23.5 per cent of respondents said that their organisations have not established any cloud service data security and compliance regulations. Only 11.7 per cent of organisations has some form of cloud service data security and compliance management.
The CSA said this implied that over half of the respondents feel that there is no need for a strategy to be defined to address cloud service data and compliance regulations.
Lee Hing-Yan, executive vice-president at CSA Asia-Pacific, urged the government to further accelerate cloud adoption by bringing cloud guidelines. He believes this will help financial companies reap the benefits of cloud while keeping compliance with regulations.
Efforts by Bank Negara Malaysia to put together these guidelines are proceeding. In September 2017, the bank published a draft of proposed regulatory requirements on outsourcing arrangements by financial institutions. These cover the use of cloud and data centre hosting services.
With the guidelines are the need for financial institutions to guarantee that proprietary and information on customers that is shared with service providers stay safe at all times. They must also ensure that strict controls are present to avert unauthorised access.
There should also be business continuity plans in place to guarantee that the outsourced activities can still be performed in the event of a disruption of operation or failure of the service provider. This is according to the bank.
A Lack of Security Leadership
It appears that lack of security leadership is also a key issue in Malaysia’s financial sector. 52.9 per cent of respondents cited it as the top hindrance to cloud adoption within their organisations. According to the CSA, there is an apparent gap in knowledge that is necessary for addressing cloud security challenges. Senior executives who are tasked with security responsibilities are often oblivious to the occurrence of cloud security threats.
When an organisation lacks emphasis on cloud service regulations and requirements, it almost directly demonstrates that C-level management will do very little to make related initiatives a priority, the CSA said. This lack of senior-level commitment has a declining impact. Almost 60 per cent of professionals in cloud and cybers security within the study claimed to have not taken part in or organised any training initiatives to cloud application development or cloud security.
In response, the CSA have expressed the importance of having certifications in cloud security as well as having loud security skills. Only when this is prioritised and initiated in a top-down manner can this become effective.
Saying this, when choosing a provider for cloud services, most respondents addressed the importance of the need for cloud suppliers to adhere to international standards and certifications such as the ISO 27001.
“Malaysia’s shift towards becoming a developed, sustainable digital economy requires the transformative use of a secure and robust cloud ecosystem,” said Wan Murdani Wan Mohamad, director for enabling ecosystem at the Malaysia Digital Economy Corporation.
“As indicated by the study, a vital aspect of Malaysia’s transformation encompasses successful cloud adoption, which means that we must prioritise the future-proofing of our cybersecurity sector as an important aspect of our drive to build on the growth of cloud adoption by the financial industry and, indeed, all sectors of our economy.”
Join us for ECC UK
Join us for the UK’s leading Enterprise Cloud Computing, DevOps and Data Management Conference this September. This is a must-attend for senior technologists including CIOs, CTOs, directors of infrastructure, VPs of technology, IT directors and managers, network and storage managers, network engineers, enterprise architects and communications and networking specialists.