Treasury in the Cloud: Mitigating Cyber Risk

Cyber-attacks have become all too common over the past several years. Headlines related to the latest high-profile hacks, security breaches and data thefts are seemingly inescapable for anyone paying attention to the news. Recent bank connectivity network and merchant card processing hacks as well as transaction processing fraud reports have been especially concerning for treasurers. Due to these ever-present cyberthreats, treasurers have been tasked with playing a greater role, in cooperation with the CTO, in understanding and mitigating cyber risks.

The growth in cloud-based treasury management system deployments has, not accidentally, coincided with the frequency and severity of cyber-attacks. Perceptions of security within the cloud have strengthened considerably as of late and it is now seen as more secure than ever. In a recent FIS market study, Corporate Treasury – Rising to the Cloud, 88 percent of treasury and financial professionals consider the cloud secure today, and 95 percent said they expected it would become more secure in the next three years. Treasurers and CTOs are comfortable entrusting mission-critical technological hosting ownership to providers with a proven track record of successfully protecting customer assets.

What should treasurers look for when evaluating cloud vendors and their approach to security? There are several questions treasurers should be asking but here are a few of the most important:

• How is customer data protected in the cloud? Treasurers should understand and be comfortable with how their data is segregated from other clients in the cloud, so that it stays that way. Understanding key differences in vendor cloud security, from authentication to encryption, is also critical.
• What type of cloud is offered (SaaS, private or both)? The term ‘cloud’ is often used to describe any web-enabled, hosted technology. Treasurers should understand the unique differences in hosting models, specifically related to how technology is upgraded and maintained by the vendor.
• What security experience does the provider represent? Treasurers should be confident in how well vendors stay ahead of the cyberthreat curve - partnerships, security certifications and experience are important indicators of how well assets will be protected.
• Where is data hosted and how secure are hosting centers? Treasurers should work with their IT counterparts to understand best practices in hosting, and go through that check-list with each prospective vendor.
• How is the vendor keeping up to date on the latest cyberthreats? Do they work with leading industry and government security and enforcement agencies to capture, analyze and assess threat intelligence? Unfortunately, not every vendor has the resources or ability to collaborate with these types of agencies.

Treasurers should expect the cyber-security environment to remain dynamic, and partner with technology providers who can stay ahead of the cyberthreat curve, to successfully protect their assets.