weerapat1003 - stock.adobe.com

Malaysia’s financial sector warms up to cloud, but lacks security leadership

Almost two-thirds of Malaysia’s financial services firms are developing a cloud strategy, but not all have a security plan in place

Many organisations in Malaysia’s financial sector are crafting cloud strategies, but the lack of cloud data security and compliance management across the industry remains a pressing issue, a study has found.

According to the Malaysia financial sector cloud adoption report by the Cloud Security Alliance (CSA), 64.7% of the country’s financial services companies said they are developing a cloud strategy, while 17.6% already have one. The remaining 17.6% have a strict no-cloud policy.

Notwithstanding their growing affinity with the cloud, 23.5% of respondents mentioned that no cloud service data security and compliance regulations have been established in their organisations. Just 11.7% of organisations have some form of cloud service data security and compliance management.

The CSA said this implied that more than half of the respondents do not feel the need to define a strategy to address cloud service data security and compliance regulations.

Lee Hing-Yan, executive vice-president at CSA Asia-Pacific, called for the government to further accelerate cloud adoption by introducing cloud guidelines, which he said will help financial companies reap the benefits of cloud, while maintaining compliance with regulations.

Efforts by Bank Negara Malaysia, the country’s central bank, to draw up these guidelines are well underway. In September 2017, the bank published a draft of proposed regulatory requirements on outsourcing arrangements, which cover the use of cloud and datacentre hosting services, by financial institutions.

Among the guidelines are the need for financial institutions to ensure that proprietary and customer information shared with service providers remains secure at all times, and that strict controls are present to prevent unauthorised access.

Business continuity plans should also be in place to ensure that the outsourced activities can continue to be performed in the event of an operational disruption or failure of the service provider, the bank said.

Security leadership lacking

The lack of security leadership also appears to be a key issue in Malaysia’s financial sector, with 52.9% of respondents citing it as the top barrier to cloud adoption in their organisations.

The CSA said there is a perceived gap in knowledge required to address cloud security challenges, with senior executives tasked with security responsibilities often unaware that cloud security threats had occurred.

When there is a lack of emphasis on cloud service regulations and requirements by an organisation, it is almost a direct indication that C-level management will do little to prioritise related initiatives, the CSA said.

This lack of senior-level commitment has had a trickle-down impact, with nearly 60% of all cloud and cyber security professionals in the study claiming that they have not participated in nor organised any training initiatives related to cloud application development or cloud security.

To that, the CSA stressed the importance of having cloud security skills training and certifications, and this can only be effective when prioritised and initiated in a top-down manner.

That said, when it comes to choosing a cloud service provider, most respondents placed considerable importance on the need for cloud suppliers to adhere to international standards and certifications such as the ISO 27001.

“Malaysia’s shift towards becoming a developed, sustainable digital economy requires the transformative use of a secure and robust cloud ecosystem,” said Wan Murdani Wan Mohamad, director for enabling ecosystem at the Malaysia Digital Economy Corporation.

“As indicated by the study, a vital aspect of Malaysia’s transformation encompasses successful cloud adoption, which means that we must prioritise the future-proofing of our cyber security sector as an important aspect of our drive to build on the growth of cloud adoption by the financial industry and, indeed, all sectors of our economy.”

Read more about cloud computing in ASEAN

Read more on Cloud security