PCI Compliant Clouds Allow for Secure Mobile Banking

Mobile banking is growing exponentially. It’s projected within a Juniper Research study that over a billion people will be using their mobile devices to access their banking services by 2017, according to a ComputerWeekly.com report.

Many users have found that the availability of a mobile platform has helped sway their choice of banking institutions, and it’s not a far stretch to assume this will continue to be the trend. Users are at a point where they don’t just want that constant availability. They expect it.

This has been pushing banks to develop mobile platforms, and with that, the use of cloud computing. Cloud can help anywhere from cutting costs to faster deployment to resilience– some key pluses for a banking industry trying to keep up with the growing mobile demand.

Of course, with the uptick in cloud computing, there’s the question of how security is growing with this virtualization shift. For e-commerce and financial institutions, PCI compliance is extremely important, and a data breach could potentially revoke the ability to process cardholder data, not to mention the damage done to a company’s reputation in consequence. Unfortunately, Net-Security.org projects that in 2013 the biggest concern for the financial services is going to be those data breaches.

So, how is security changing for the cloud? It seems like the focus is on intelligence, in two different ways. First is the stronger weight on risk-assessment. This follows in line with many of the recent changes to PCI DSS in the past year, in order to get a clearer and more complete idea of the specific risks found within each specific organization.

Highly related to this is the focus on what the Security for Business Innovation Council calls “Intelligence-Driven Information Security;” or pushing monitoring and security education more formally in order to create security strategies based on the findings. It’s all about knowing that no security system is flawless, but thinking holistically about where the weak points are, as well as passing that intelligence and compliance obligation outside of IT and into other areas of a company.