Cybersecurity is a pressing and complex challenge for financial institutions.
It’s a space where technology and strategy must align to ensure resilience and compliance, and it sits against an evolving and dynamic backdrop of operational innovation, particularly as it relates to cloud computing.
“Organizations still tackle cloud integration with the perspective of ‘this is a new technology we are implementing,’ rather than focusing on how this is transforming the organization and its strategy and operations,” Alicja Cade, director of financial services in the Office of the CISO at Google Cloud, told PYMNTS.
“It’s not just about the technology,” she added. “Cloud should be viewed as a strategic enabler rather than merely a new technology to deploy.”
This approach allows organizations to integrate cloud solutions more effectively into their existing governance structures, gaining the buy-in of key stakeholders and ensuring that the cloud is fully embedded into the company’s operational DNA.
“You must first understand what the organization is trying to achieve and only then look for the right technological solutions to support those goals,” Cade said.
Embracing a holistic approach is critical to avoid falling into the trap of seeing cloud migration as just another IT project and helps prevent common challenges, such as resistance to change, lack of collaboration between departments, and insufficient attention to regulatory requirements — all of which can derail cloud initiatives.
As other advances like artificial intelligence become more prevalent across financial services, the cloud becomes more important.
“Cloud, of course, is the foundation for AI as well,” Cade said.
Still, the perception that cloud environments are inherently more vulnerable than on-premises systems remains a persistent issue in many organizations.
“You can’t categorically say that on-prem is more secure than the cloud, or vice versa,” Cade said. “It all depends on the processes and controls you put in place.”
Security is far from a one-size-fits-all exercise and depends largely on how solutions are implemented.
Cloud computing offers distinct advantages that can enhance security, Cade said.
“Cloud environments allow for easier modernization of technology,” she said. “Because of the nature of the cloud — its reliance on code and APIs, its automated updates — organizations don’t have to worry about the physical hardware.”
This gives financial institutions the ability to focus more on improving business processes rather than getting bogged down in managing infrastructure. At the same time, cloud environments provide quicker responses to emerging threats, Cade said.
“Cloud allows for faster implementation of remediation measures, as security updates can be rolled out globally in real time,” she said.
However, as cloud adoption increases, so does the attention from cybercriminals.
“The cloud has become a bigger target,” she said.
However, its inherently flexible and scalable architecture allows for a more dynamic defense against evolving threats, making it easier for organizations to protect their digital ecosystems.
Another aspect of cloud migration and security is governance. Cade said it’s not just a matter for IT teams but should be a priority for the entire organization, including the board of directors.
“Boards have an increased responsibility for providing effective oversight of cybersecurity and technology risks,” she said, adding that this is especially true in financial services, where the regulatory environment is becoming more stringent.
Cade said she believes cybersecurity must be “baked into the DNA” of the business. It cannot be siloed within the IT department but must be integrated into every part of the organization, from business processes to leadership decision-making.
Collaboration across different lines of defense is also important, she said. Everyone from the CIO and CISO to the heads of business divisions must be involved in safeguarding the organization’s security.
This is particularly crucial given that cloud technology, AI and cybersecurity must not be viewed as isolated issues but as interconnected components of a broader organizational transformation, she said.
“AI can be used to detect anomalies, analyze threats and reduce the workload on security analysts,” she said. “Speed is everything in cybersecurity, and AI can help us respond to threats much more quickly… Security has to be expanded to the AI environment. It’s about integrating AI into your existing controls, rather than treating it as a bolt-on afterthought.”
The ongoing uncertainties around the global regulatory landscape add complexity, but Cade said financial institutions can manage this uncertainty effectively with the right tools and partnerships.
She cited Google’s work with financial sector customers to map regulatory requirements against the company’s controls, helping ensure clarity and compliance.
“We’ve developed tools like the Controls Navigator, which helps customers understand compliance requirements and map them to the controls they need to have in place,” Cade said.
With the right mindset, tools and partners, financial institutions can harness the power of cloud and AI to enhance their operations, safeguard their data and stay ahead of evolving security threats, she said.