Cloud computing offers great flexible and scalable benefits for financial institutions, but those same benefits can turn around and bite a firm if it does not put the proper cloud governance in place.
"The real challenge with cloud resources is that they are so simple to provision," Viktor Tadijanovic, chief strategy officer at Abacus Group, told Markets Media. "If you are a developer or an internal department that wants to spin up a server, it is a very easy thing to do: Hit next, next, and next and you have a new server."
However, the danger starts once the original project is over and that server instance is forgotten.
It is not about paying for an idle resource, but what data that idle resource might house, noted Tadijanovic.
"The General Data Protection Regulation goes into great length about making sure that there is good governance around data," he said. "The governance around the systems that store the data is the starting point in governing the data."
If a firm does not have a governance framework in place for its cloud resources and spins servers up left and right, it has little chance of reining in its data, according to Tadijanovic.
"You are creating opportunities for data leaks, opportunities for access to the data as well as creating vulnerabilities," he said. "If development or test servers are not maintained such that security patches have not been applied or the latest security configuration has not been added, or not monitored through logs that have not been set up, those systems can be hacked and become an attack vector for the rest of the network."
Tadijanovic also noted that is nigh impossible to handle resource governance manually.
"It is critical that organizations develop good DevOps practices around asset lifecycle and that there is a system for checking balances for reconciliations of what the system is, what it does, and who is it for, and that it is configured for all the things it needs to be configured."
In other news, Abacus has promoted Paul Ponzeka to chief technology officer; a position made vacant by Tadijanovic's promotion to chief strategy officer.
Ponzeka, who has been with the firm since 2011, will manage the all of the company's technology teams as well as continue to build and maintain the firm's platforms.