Microsoft CVP Vasu Jakkal on why security is so important to Cloud for Financial Services

Financial services firms with older IT systems and inflexible processes offer criminals a range of lucrative technological targets. Software vendors and cloud providers also have the financial services industry in their sights, but with promises of helping firms fight off bad actors with better security practices and compliance management folded into new services, solutions, and platforms that aim to improve communications, operations, and customer experience.

Microsoft's Cloud for Financial Services launched in November offers a conglomeration of cloud services and applications for retail banking, fraud and purchase protection, and compliance that include many of Microsoft's latest security-related tools. And improving security and protection from cybercrime are often a prerequisite to the kinds of innovation that industry executives aspire to achieve, says Vasu Jakkal, Microsoft CVP of Security, Compliance, and Identity. She spoke with us about the findings of the company's recent Digital Defense Report and how financial services industry priorities align with Microsoft's broader outlook on threats to major economic sectors,  supply chains, and workforces.

Security together with compliance

The Digital Defense Report identifies siloes in systems and in supply chains as some of the broadest security vulnerabilities. The authors call for stronger assessment tools and continuous monitoring of security and compliance. While it may seem fundamental, Microsoft reported that it sees "traditional security hygiene elements" as a continuing threat from nation state attackers, with spear phishing and password spray campaigns seeing continued success.

The picture in the financial services sector differs from other targeted industries due to the need to remain in compliance while also acting in a secure way. Jakkal also encourages financial firms to take on these threats directly.

For financial services organizations, there are two things I tell them. First, get your foundations in place. For that enable multifactor authentication. I know it sounds really simple, but you'll be surprised at how many organizations do not have multifactor authentication enabled. It's really, really, really important to do that. You can use tokens, email addresses, fingerprints, go password-less, whatever you want, but do have multifactor authentication.

Another step is to limit just-in-time access, she said.

What we are seeing is unintentional mistakes happen. And those mistakes result in opening doors. And users don't sometimes know what access they have to what systems. And that can be a real leaky bucket.

Microsoft's value to the financial services industry, Jakkal says, is to align these types of foundational security measures with compliance tools and concepts.

We understand that you need foundational security and advanced security. We understand that we need comprehensive security, or it would be like closing a door and leaving the window wide open for the attacker to walk in. So you have to think about cybersecurity, compliance, identity management, and even privacy together as this one interconnected whole. You have to make sure that your data is talking to each other, because if you see attack in one part, but you don't have visibility in the other, that will be very challenging. And that's why our solutions today integrate 50-plus categories. And we build that into our Microsoft Cloud and, with financial services, into the financial services cloud.

She added that part of Microsoft's push around security within an industry is to bring security and compliance capabilities together.