Cloud computing has changed the way people, businesses, and financial institutions share and store data. However, because it’s a decentralized, internet-based data storage strategy, it raises some security concerns. In this article, we’ll evaluate credit union information security when using the cloud.
Who Cares About Credit Union Information Security?
What, is this a trick question?
Security is always going to be a top concern for credit unions. Credit unions deal with a staggering amount of member data, sensitive information, financial material, and personally identifiable information (PII) daily.
- Credit unions care about information security. Their primary purpose is to enable safe and secure money management for their members. If they can’t stay secure, they miss their whole raison d’etre.
- The NCUA certainly cares about information security. As the primary regulating body of the industry, the NCUA needs to ensure that all security is up to par. NCUA examiners are always much happier when they know that member and financial data are safe.
- Members care. Most members take their information security for granted. However, if their information were put at risk, they might quickly look for a more reliable financial institution.
With so much on the line, is it possible to keep that kind of information safe in the cloud? Unfortunately, the answer isn’t a simple “yes” or “no.”
Improving Cloud Security for Credit Unions
The primary concern for credit unions shouldn’t be about whether the cloud is secure or not. The cloud is more of a strategy than a platform. In fact, there are several competing cloud platforms such as Azure and AWS, and they all provide the same basic benefits.
Physical security is inherently better with any cloud platform. For example, some threats to data storage, such as theft or disaster, affect physical data far more than they affect cloud data. In many respects, that added safety is enough.
However, when we talk about non-physical information, security is harder to explain in black-and-white terms. There is no information security inherent to the cloud—it has to be built in.
How to Increase Cloud Security
All financial and member data at a credit union must be protected. When moving or sharing data, credit unions need to ensure to encrypt sensitive information.
In fact, very little needs to change between traditional information security practices and cloud security practices. What matters is that your credit union have information security practices.
Instead of thinking about the security of the infrastructure, it’s better to think about the security of the data. You need to know:
- The NCUA’s expectations for credit union information security practices
- Where your PII is
- Which data must be encrypted
- Which programs and applications natively encrypt data
- Which programs and applications need further data encryption
So long as your credit union has good information security practices, the cloud will be a safe place for your data. If you expect the cloud to natively provide security and encryption, you may fall short of the NCUA’s—and your members’—expectations.
We highly recommend reading our article about Multilayer Protocol Switching to learn more about credit union information security and encryption practices. Or, follow the links below to learn more about securing your data for the cloud.