Cloud computing evangelists often argue that it makes more sense for companies to put their data on the cloud than retain their own IT infrastructure for data storage. Companies can scale up storage with the click of a button, and they don’t have to deal with maintenance or long-term planning for the hardware involved in data storage. The security concerns of having a private company manage data off-site, they argue, are outweighed by convenience and flexibility
A recent WSJ article highlights some of the risk of cloud data storage being concentrated in just a few large tech companies. According to the article, the Treasury Department released a report yesterday warning that financial institutions using the cloud for data storage can be exposed to vulnerabilities. The fear is that a sustained cyber attack on Amazon, Microsoft, or Alphabet (Google’s parent company) could have a serious impact on the financial system.
Cloud service providers argue that by focusing their companies on data storage and security, they can provide higher level security and fraud management services than financial institutions can provide in-house. But the centralization of cloud services is becoming significant enough that the Treasury is forming a group to study concentration in the cloud-computing industry, and potentially recommend new regulations to control for risk.
The article notes that it is agnostic about the adoption of cloud services. And it is merely trying to manage the risk associated with this move:
The [Treasury] department said it was neither endorsing the adoption of cloud services nor warning against it, but instead trying to set standards for the technology’s use in the financial sector as it becomes more popular.
“By building trust, cooperation, and collaboration at the outset, we can promote safe and effective migration for financial institutions that choose to adopt cloud services,” Deputy Treasury Secretary Wally Adeyemo said in a statement.
It is noteworthy that the Treasury department has this kind of involvement with IT and company data security. And it is a testament to the increase in hacks of online data repositories. The Treasury departments inquiries into IT mirrors fintech’s combination of finance and technology, but on the regulatory side.