Case Study: Securing Application Development in the Cloud

Banking/Financial Services, Case Study, Compliance 0 Comments

Written by Michael Higashi

For organizations reliant on mission-critical custom applications and continuous custom app development, the cloud can prove an invaluable tool. Having a unified, cloud-based platform for all in-house apps and in-house app development can improve availability and accessibility, streamline onboarding, and—when done right—increase data security in the cloud. Of course, cloud data security of that platform must first be locked down, too. This major Wall Street firm’s experience with CipherCloud shows how that can be done.

The Customer

The MarketsHeadquartered in New York City, with assets in excess of $500 billion, the customer has a focus on growth that has driven the extensive development of hundreds of custom applications. Unfortunately, those applications were distributed across multiple platforms, not the ideal solution for maximizing efficiency and minimizing costs. Complicating migration plans was the fact that those custom applications contain significant amounts of proprietary information and handle sensitive, protected financial data, too.

The customer chose Force.com, Salesforce’s developer platform, to serve as their custom application platform but then had to find a cloud data security solution that would protect their confidential data and ensure regulatory compliance in the cloud. Their cloud data security requirements included data security in the cloud for information used in their vast range of custom applications, on-the-fly encryption and tokenization as needed for sensitive data, and exclusive control to encryption keys. Whatever strategy the customer chose for their data security in the cloud had to help ensure compliance with GLBA, SOX, BSA, the US Patriot Act, and a number of other privacy laws, too.

The Solution

Because of the critical nature of its regulatory and security requirements, the customer put potential cloud data security solutions to the test with extensive evaluations and audits involving a number of internal groups, including its Enterprise Architecture, Information Security, Cryptography Services, and Network Operations teams. CipherCloud’s solution for data security in the cloud—and, in particular, on Force.com—passed the tests with flying colors. The customer chose CipherCloud to enable the migration of its in-house applications over to Force.com.

Consolidating its in-house applications and in-house application development on the Force.com has led to significant cost savings. The customer estimates that it will save $130 million on its first deployment of migrated applications alone. On Wall Street, of course, cost savings aren’t the only factor that matters. CipherCloud’s cloud data security contributions allow the customer to encrypt and tokenize their sensitive data on the fly, no matter which application is using it, while retaining the functionality of their applications and exclusive access to their encryption keys. The increased flexibility and security of the Force.com and CipherCloud implementation are set to play a key role in the customer’s growth, competitive advantages and success for years to come.

What cloud data security challenges come with custom application development? Tell us your thoughts in the comments.

Leave a Reply

Your email address will not be published. Required fields are marked *