"Digital Powerhouse" but... Financial Sector's Cloud Adoption Lags
Past Large-Scale Personal Data Breaches Hinder Progress
Regulatory Improvements Underway... Efforts Needed to Restore Trust
[Asia Economy Reporter Minwoo Lee] It has been pointed out that the adoption of cloud services by domestic financial companies is still in its early stages. Although Korea is considered a 'digital powerhouse,' various personal information leakage incidents have hindered progress, causing cloud adoption to lag behind overseas.
On the 12th, the Korea Institute of Finance pointed out in its report titled 'Current Status and Challenges of Cloud Adoption in Domestic Financial Companies' that overseas financial sectors are actually accelerating their cloud adoption more actively. According to a recent survey by the global consulting firm Accenture, even in the banking sector, which is the most reluctant to use cloud services among financial industries, 82% of the surveyed banks have either migrated more than 50% of their mainframe systems to the cloud or plan to do so. Spain's Banco Santander, ranked 20th globally by total assets, had migrated more than 80% of its globally distributed group IT systems to the cloud as of May.
'Digital Powerhouse' Yet Lagging... Large-Scale Data Breaches Hinder Progress
However, domestically, the situation remains at an early stage. Byung-ho Seo, Senior Research Fellow at the Korea Institute of Finance, explained, "Except for some insurance companies and financial investment firms, cloud services are not yet actively utilized in core businesses such as data analysis, mobile banking, and contract management. Banks maintain a conservative stance due to stability concerns, and savings banks and small to medium financial companies either do not feel a strong need to adopt cloud services or find the initial costs burdensome."
Large-scale customer information leakage incidents in the financial sector have been a major obstacle. The personal information leakage incidents involving three card companies?KB Kookmin Card, NH Nonghyup Card, and Lotte Card?in January 2014 were particularly critical. The scale of the leakage, including duplicates and deceased individuals, reached 105.8 million cases, estimated to have affected about 75% of Korea's economically active population at the time. Consequently, a network separation system was introduced to physically separate external communication networks such as the internet from internal networks, making the use of cloud services difficult.
Nevertheless, institutional improvements have been steadily progressing recently. In 2016, the network separation system was relaxed to allow cloud use for tasks unrelated to customer information processing, such as research or management support. Since 2019, under certain conditions, personal credit information and unique identification information have been allowed to be utilized in the cloud.
The Key is Restoring Trust... Urgent Need for Latest Technology Adoption and Security Expert Training
Ultimately, restoring 'trust' in the financial sector has become the biggest challenge. Research Fellow Seo emphasized, "The low cloud adoption rate among domestic financial companies is due to a lack of trust in security, stemming from past large-scale customer information leaks and cyberterrorism risks related to the North-South Korea standoff. First, trust must be restored through advanced cybersecurity and cloud-related risk management."
He advised that each financial company clearly separate important information assets such as personal information and company secrets from non-critical assets and assign access based on importance. Applying security technologies such as Zero Trust Internet (ZTI) and Zero Trust Network Access (ZTNA) is representative. ZTI is a method of accessing external systems like the internet through a virtual isolated browser environment. It is a technology that prevents any content from entering the user's browser and is considered a core part of the zero-trust security policies being promoted by all U.S. government agencies this year. Additionally, using multiple cloud providers is also necessary.
Above all, it is important to train cloud and security experts within each financial company. Most security incidents occur due to a lack of expertise and management errors by cloud users. Research Fellow Seo explained, "If financial companies cultivate internal experts, they can not only improve safety but also efficiently utilize cloud infrastructure tailored to their own needs, thereby enhancing the efficiency of digital services and customer satisfaction."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
