Making the decision to store your data in the cloud can be overwhelming, but it doesn't have to be. Jim Young sits down with Chelsea Marshall, Trust and Security Specialist at PrecisionLender, to discuss common misconceptions about the cloud as it relates to on-premises solutions and data security.
- CLO Deployment
- CRM Deployment
Jim Young: Hi and welcome to the Purposeful Banker. The podcast brought to you by Precision Lender. Where we discuss big topics in the minds of today's best bankers. I'm your host, Jim Young, Director of Communications at Precision Lender. With me in the studio today is Chelsea Marshall, Trust and Security Specialist here at Precision Lender. The title of today's podcast is misconceptions about the cloud and Chelsea's here to help clear up a few of them. I'm gonna have a bit of a long intro here to give you the background for the motivation for this episode.
It comes from results we saw in a study the research firm, CEB Global did earlier this year. It's entitled, Adoption in Investment in Financial Services Technologies. They surveyed 3,000 technology experts and execs in the financial services industry across three different business lines in 73 tech areas, so pretty exhaustive survey. A particular instance to us were the CRM and commercial loan origination systems because those are two technology solutions we often integrate with in helping form the value change at banks. The findings raised hopes in some areas while raising questions in others.
For example, 50 percent of the institutions surveyed planned to either replace or adopt origination systems for 2021. Given what you heard us say about how this is the perfect time for banks to invest in technology, that's encouraging. Then there's the mater of how they plan to deploy their new systems. Only 11 percent of respondents who plan to deploy an LOS intend to use software as a service, IE SAS, IE cloud based solution. Only 14 percent are going the SAS cloud route for their future CRM deployments. Why is that? Fortunately the survey respondents also provided their reasons for choosing, or rather not choosing an off prem solution.
We're gonna go through those reasons now and Chelsea's gonna help us understand whether the concerns raised are valid or maybe based on some misconceptions. So Chelsea, first one on here, 31 percent of those who are deploying a commercial loan origination system said they opted against an off premises solution because thy fear data breach. 25 percent of those deploying CRMs had the same concern about a data breach. Valid concern? Or maybe you wanna go a different way. Bigger concern, off prem versus on prem?
Chelsea Marshall: Well Jim, I think you can make arguments for each. But the fact of the matter is a data breach is a fear that will always be looming for businesses and whether they decide to deploy to a cloud solution or keep their data on premise, it's always going to be something that they have to think about. I think that you can't more or less say that data in the cloud is more or less secure than data on premise, that's not a valid argument.
Jim Young: One thing we talked about beforehand, we tend to think a lot of times with data breaches we think of these faceless hackers out somewhere trying to take down your system, but you said actually a lot of times the potential security threat is a lot closer to home.
Chelsea Marshall: I think that's true. The evidence of past breaches and things that we know going forward is that the insider threat is one of the biggest threats to every company and that users within your company have a lot of access already, they aren't a hacker that needs to spend time to gain access to anything and that is a lot easier for them to misuse that access than it is for a hacker to get inside of your network and do damage.
Jim Young: Just tying that into sort of the debate, it wouldn't necessarily matter in that situation if your solution is on prem or off prem for that threat to be the same essentially.
Chelsea Marshall: I think you can look at the motivations behind why an insider would want to cause damage within their company and if you think about having your data hosted by a cloud provider, they may not have those same motivations because they don't work for your company and I think cloud providers are solely in the business of holding your data and securing your data depending on what you're using them for. They make it so, and they're still making it so that even the people that work at those data centers don't have access to the data that's there.
Jim Young: Interesting, that's really interesting. I tried this one out and granted, I'm not a tech guy so this argument may hold no water whatsoever but, I know a lot of times people have made the argument that reason PCs have more viruses than Apple, this is how the argument goes, I'm not saying it's valid, but that there's a whole lot more PCs out there, it's a much bigger target essentially for people who are putting out viruses. Could you make the argument that when you use a cloud based solution, you're out there in these massive server farms that that's a bigger target than in individual bank with its individual on premises solution?
Chelsea Marshall: It certainly is a very large target if you're thinking about Amazon Web Services or Microsoft Azure, however those data centers are very difficult targets and what I mean by that is it's a lot of time and a lot of money has to be spent in order to breach organizations where their sole responsibility is to keep that secure. A smaller network within a company is probably simpler. They may have a lower budget, less employees to help secure the network, therefore the target, while it's not as large, it may be easier.
Jim Young: In this case, the misconception that this is somehow gonna be safer if it's on prem, is it more of a misconception or in some cases is this more a case of inertia. In other words, we started with this idea that it was safer and even though times may have changed, people just haven't bothered to essentially change their assumption?
Chelsea Marshall: I think it's definitely a misconception. It's going to differ case by case I think. Every network within every company if it's on premise is going to be different than the one next to it, so I can't make an argument that the cloud is always going to be more secure but I can make the argument that there's a lot of money going into securing that and there's a lot of service level agreements that they will keep your data safe and that data will always be available to you and a lot of companies don't have the budget to support that on premise.
Jim Young: Good point. Next thing on this, and basically what it was is they ask in the survey just to give you an idea in terms of where the percentages come. Give us a reason why you are not using off prem. The number one reason was fear of data breach, so that was around 31 percent, LOS is 25 for CRMs. Next big one on the list was potential for service disruption system failure. 16 percent of those employing CRM said that's why they went with on prem versus off prem. Eight percent of those deploying origination software said that's why they went for on prem against off prem. Again, same thing, valid? Or misconception?
Chelsea Marshall: I think it's valid, however I think it's a misconception about the cloud. I'm going to sound like I'm repeating myself but it's exactly the same as to whether you are more or less secure from a hacker. You are going to experience an outage whether you are on premise or hosted in the cloud. What is nice about the cloud is with all that money, there is a lot of room to create redundancy and that is exactly what they do. Data centers spread across multiple geographical locations in the event that there is say a hurricane, you take down what data center, your data's available in another. I think that that can't always be said for an on premise solution and that goes back to, do they have the budget to have a hot site available if they were to experience an outage caused by something like a natural disaster?
Jim Young: I wanna make sure I understand the way you answered that. You're saying it is perfectly valid to have a concern about system failure, the misconception is that the potential for that is any more or less due to whether it's off prem or on prem?
Chelsea Marshall: That's correct.
Jim Young: Let's keep going through those reasons here. Another one here. 14 of those that deploying origination software and 11 percent of those deploying CRMs say they avoid using off prem because they don't wanna be overly dependent on an external partner. Can you kind of maybe try to read between the lines? What are they saying with that concern?
Chelsea Marshall: I think what they may be saying is that if in the event an outage were to occur, they don't have any control over whether or not the network is going to come back up. Their employees are not working on that sort of problem and I think not having that control can be a very uncomfortable feeling for some people. I think it's valid to be uncomfortable about giving control to another company to handle your data, keep it secure, and ensure that it's always available. I think about this as you would think about you have your money and you put it in a bank and you trust that bank to keep your money secure and handle it with caution and care. It's the same for a cloud provider. I think that if you find a cloud provider and their service level agreements and security principles align with what you appreciate within your company, I think you can come to a very comfortable agreement in saying, "I'm okay with you having my data and I know that you will do everything in your power to make it available to me when I need it".
I think when you argue that you're uncomfortable about putting something else in someone else's hands, I think it's completely understandable but there are many agreements in place and I think that there are many cloud providers who will change your mind on that uncomfortable perspective.
Jim Young: That's a really good analogy obviously for our audience here because obviously bank's system is built on that level of trust that you have in handing over your money and saying you can keep it, I trust you to protect it for me. And kind of going back to that, our original point about security and that sort of thing. Keeping your money under your mattress may make you feel more secure than sending it off to a bank where you can't see it, but your house may be no more or less likely to be robbed in that situation.
Chelsea Marshall: That's exactly right. Ties right back into the first point.
Jim Young: In your experience in your career, any other sort of misconceptions about the cloud out there sort for that you see still out there in the world where you go, "I get why you might feel that way, but that's no longer the case". Or never really was the case?
Chelsea Marshall: I think that all very much related to what we discussed already we talked about how a lot of misconceptions is that your data is more vulnerable in the cloud. There are other arguments; the cloud provider might be spying for, that anyone who uses this cloud provider also has access to your data and all very big misconceptions. Take Amazon Web Services for example, they're going to be set up in a way that there's really no way that another company using them could somehow get to your data and like I said earlier, the cloud provider makes it so their own employees can't get to your data. They're just simply hosting it for you and ensuring that it's safe and always available. There's definitely many misconceptions, many opinions on the subject and I think maybe the unknown is the fear and while I believe that's valid, I think seeking the truth and looking for solutions that align with your goals and values is worth a shot.
Jim Young: Very eloquently put. That will do it for us today. Thanks for listening. If you'd like to learn more, visit our resource page at explore.precisionlender.com. If you like what you've been hearing, make sure to subscribe to the feed on iTunes, SoundCloud, Google Play, or Stitcher. We love to get ratings and feedback on any of those platforms. Thanks for listening. Until next time, this has been Jim Young and Chelsea Marshall and you've been listening to the Purposeful Banker.