Debunking the 5 biggest myths about cloud security

Written by Michael Haedrich Senior Product Manager, Finastra
Computer screens

There is an interesting phenomenon occurring across financial institutions right now. The majority of banks say that cloud computing is one of the top technology priorities for their institution,i but only fifty-four percent have a strategy governing cloud adoption.ii

While there are a number of reasons for the slow evolution to cloud benefits, there is one that leads the pack: concerns surrounding security.iii

Many banking executives continue to believe that their essential data is best kept on-premise, but the simple truth is, today’s cloud can offer even greater security than you can provide your systems and processes. To understand why, let’s bust some of the biggest myths around cloud security.

Myth #1: Cloud-based systems aren’t regulatory compliant

A few years ago, a big-name bank suffered a data breach due to a cloud configuration issue. Since that time, regulatory scrutiny of the cloud has increased.

According to Dave Dadoun, Managing Director, Global Regulatory Compliance, Worldwide Financial Services at Microsoft, regulators are intensely interested in the governance model your institution has in place, referring to the corporate policies that exist to ensure data security as well as regulatory compliance.iv

What this means is simple. In order to work with banks, private cloud providers must be able to meet international regulatory policies and guidelines. Most are intensely committed to ensuring their systems and products can do just that.

Microsoft for example, has engaged with over seventy regulatory bodies representing over 52 countries in the last year alone.v Open dialogue like this helps to ensure that systems and governance are designed to meet regulations around the world, adding extra security and compliance to cloud-based systems.

Myth #2: If my data is stored in the cloud, I may lose control

The beauty of the cloud is that it can exist anywhere and still fit the needs of a global body. A financial institution in London could choose to store data on a cloud server in France, for example, if executives felt that it was more advantageous to do so.

This freedom has given rise to some interesting theories about data access, control and ownership. After all, if the cloud servers reside in a foreign locale, isn’t it possible that governing forces in that location could take control of data?

Thanks to data sovereignty measures in place across many geographies, the answer is no. Data sovereignty ensures that storage and access to cloud data is subject to the laws of the country in which it was originated.

That means if you collect customer information in the U.S., the act of safeguarding and storing that data must comply with that country’s rules and regulations regarding those practices. Furthermore, data residency requirements ensure that information stays put, restricting cloud providers from moving banking records to a server in another country. Finally, cloud providers adhere to the latest data control protocols to safeguard your information and ensure that only you and your authorized users have access.

If your private cloud provider sticks to leading controls as well as data sovereignty and residency requirements, you can choose where your data is stored and be ensured that you will continue to have safe and secure access to all your information.

Myth #3: My internal security protocols are the best for data and system security

According to the FBI 2020 crime report released in March of 2021, the American public reported cybercrime losses exceeding $4.1 billion, so naturally protecting customer data is a top priority for financial While banks are well versed in their own internal processes for keeping data and systems safe from breaches and feel assured in their protocols, system security is only as good as the last update or patch, and when relying on your own internal resources, it’s easy to fall behind in performing security tasks.

That’s because each update must be applied in a testing environment and thoroughly vetted for compatibility before release. The process can take days, if not weeks or months, and in that time, you’re vulnerable to emergent threats.

When your systems or software are deployed in the cloud, patches and updates are automatically applied, meaning your software is always up-to-date and actively secured against the latest detected vulnerabilities. Best of all, it happens automatically, without drawing on your internal IT resources.

Myth #4: Security monitoring is best performed in house

It’s hard to argue that anyone would be more concerned about the safety and security of your data and systems than you are, but does that always equate to the highest levels of security?

Today’s private cloud providers understand the criticality of security, so they put the full weight of their considerable resources behind it. Microsoft Azure, for example, continuously monitors the wellness of their infrastructure and employs self-healing measures to resolve and repair common issues.vii

In addition, Microsoft employs best of breed firewalls, industry-standard antivirus and leading encryption protocols to protect your valuable data. It’s a level of system assurance that is simply out of reach for most financial institutions.

Myth #5: Multi-tenant systems are less secure than single tenant systems

In a multi-tenant system, a single instance of an application can be accessed by multiple users. This approach allows you to reduce your costs by spreading the expense of systems, architecture, maintenance and product development across multiple parties.

The fact that multiple users have access may also make this type of environment appear less secure. Fortunately, this is not the case thanks to perimeter and individual levels of security.

You can look at it this way. Every user may have a key to enter the perimeter, meaning the cloud where systems are hosted, but only you have the key to your individual assets and data.
A multi-tenant system then provides two layers of security, something a single-tenant or internal bank system doesn’t provide.

The final word on cloud security

When we add it all up, the final word on cloud security is clear. With the right hosting environment, your cloud-based applications can offer greater security than your on-premise solutions. You’ll remain in compliance with regulations while reducing your costs and offering better overall security for your data and operations. If you think about it, it’s an offer that is hard to pass up.

Contact us to find out how we can help you capture the benefits of the cloud.


i Jerry Silva. “Banking on the Cloud: Results from the 2020 CloudPath Survey.” IDC, 2020. Web.

ii “Retail Banking Report: Cloud Banking—Innovation Without Limits.” Finastra. Retrieved from

iii Joy Macknight. “Has the Age of Cloud-Based Banking Arrived?” Financial Times, LTD. The Banker, 11/16/21. Web.

iv “Dispelling the Myths: What’s Stopping the Cloud?” LinkedIn. Finastra Fintech Fika, June 2021. Web.

v “Dispelling the Myths: What’s Stopping the Cloud?” LinkedIn. Finastra Fintech Fika, June 2021. Web.

vi “Internet Crime Report.” Federal Bureau of Investigations Internet Crime Complaint Center. Retrieved from:

vii “Managed Hosting Via Microsoft Azure Cloud—Why Now.”Finastra. Finastra Presentation, Apr. 12, 2020.

Written by
Photo of Michael Haedrich

Michael Haedrich

Senior Product Manager, Finastra

Mike has been in the technology field for over 30 years, supporting some of the world’s largest technology companies. He joined Finastra in 2018 and has been instrumental in developing the electronic signature strategy for lending products. Mike has a Bachelor of Science in Finance from the...

Get in touch
We are here to help your business reach its goals

Contact us