South Africa’s banking, financial services, and insurance (BFSI) landscape is diverse, comprising well-established players, new entrants, as well as unbanked and under-banked populations. Going digital is a surefire way to bridge gaps in access to financial services and meet customers’ digital demands. Consequently, digital transformation tops the agenda of most BFSI firms.
Successful digital transformation, however, demands agile, scalable, and cost-effective IT infrastructure. Coupled with the increasing integration of artificial intelligence (AI) into business solutions, this is driving a rapid cloud shift in South Africa—the market is expected to touch $7,5-billion by 2028. Global hyperscale providers such as AWS, Google Cloud, and Azure are contributing to this growth by investing in cloud regions.
In the South African financial services industry, multi-cloud strategies are on the rise – in one survey, 59% said they use multiple cloud environments and expect an increase of 19% in the next three years.
“Using multi-cloud data centers allows South African BFSI firms greater scalability and the ability to consolidate diverse data, ensuring continuous availability, and enabling wide-ranging analytics as well as cost control. However, it also poses security risks, highlighting the need for robust data security and access control frameworks,” says Vinay Singhvi, vice-president and head: BFSI Africa, UK & Ireland at TCS.
BFSI firms are strategically shifting to multi-cloud to meet specific operational requirements. At the same time, they need to act against the security vulnerabilities that come with using multiple cloud platforms.
Multi-cloud or multi-risk?
For banks and insurers, multi-cloud offers several benefits: compliance with jurisdiction-specific regulations, innovative product design, personalized customer experience, AI integration to reimagine business and customer applications, and prevention of operational disruption.
Additionally, data stored on multiple cloud platforms form the basis of diverse analytics, risk modelling, customer engagement, fraud prevention, and compliance monitoring. An added advantage is the ability to leverage the most desirable features of each platform, preempting the limitations of individual platforms.
Though the benefits are indisputable, multi-cloud exposes firms to cyber vulnerabilities, raising their security risk quotient. In part, this can be attributed to the fluidity and scale of access across multiple cloud platforms in BFSI firms.
Furthermore, data security risks play out differently across different business lines. Banks typically grapple with excess access privileges granted to certain roles, data dispersion which can expose sensitive information, and cloud-native vulnerabilities that can be exploited by bad actors. Wealth firms, on the other hand, often struggle with issues around data exfiltration due to using data from third-party providers.
Similarly, insurance firms integrate data from various sources such as sensors and customer relationship management (CRM) platforms, with the potential for unauthorized access and misuse.
Regardless of the security risks, multi-cloud is set to dominate the South African BFSI industry. Adopting the highest standards of data protection and privacy, implementing strong security mechanisms, and ensuring compliance with regulations is a pressing priority.
Navigating stormy waters
In BFSI, data security is paramount because a breach has the potential to erode customer trust, attract rigorous regulatory scrutiny, and adversely affect reputation aside from the financial loss. But achieving data security nirvana demands uniform, organisation-wide security policies bolstered by robust identity and access management (IAM) frameworks for secure access.
Undertaking a detailed analysis of their data landscape and cloud environments can help BFSI firms pinpoint security risks and vulnerabilities. Sensitive data typically resides on multiple platforms such as AWS, Google, and Azure, among others. Firms enable varied data retrieval options and averting unauthorized access and potential misuse is critical.
Executing a centralized, policy-based access control solution can help firms mitigate the risks of multi-cloud environments. Components such as attribute-based access control policies, channel agnostic access control, centralized policy engine, and well-defined governance frameworks that incorporate data entitlement controls along with self-service features for employee access must form the foundational elements of the solution.
To achieve the desired security outcomes, zeroing in on the data products that require protection and defining access controls based on a detailed evaluation of data platforms are essential. “Despite the security risks, multi-cloud is here to stay, and South African banks and insurers must level up their data security posture. Robust data governance will mandate the adoption of feature-rich, enterprise-grade, identity and access management solutions to mitigate the misuse of access credentials,” comments Singhvi.
South African financial institutions grapple with data security as storing voluminous data on multiple cloud platforms expands the attack surface – 19% of financial services respondents said that data security remains a top challenge. Ensuring a resilient architecture underpinned by a security-first mindset that adapts to evolving risks is therefore critical.
In summary
South African banks and insurers are rapidly treading the digital path. Their modernization initiatives also encompass the increasing use of data insights and adoption of AI technologies, which require scalable cloud platforms to supply the significant compute resources needed to process huge amounts of data. In response, BFSI firms have embraced multi-cloud strategies, which is set to become the leading IT model in the South African financial services industry – usage is predicted to touch 50% by 2027.
But this shift will require targeted initiatives to address the security risks that come with multi-cloud environments. Cybercriminals primarily target the financial services sector, and often stolen credentials or inappropriate access privileges are the cause of cyberattacks. In this backdrop, to sustain multi-cloud over the long term, solid data governance policies and access controls become non-negotiable.