April 27, 2021

Data Security for Banks and Financial Institutions: Top 4 Myths About Moving to the Cloud

Many small-to-midsize banks and financial institutions are still running on-premise Microsoft Exchange email servers, whether in their own walls, or in the walls of their technology service provider. Microsoft recently announced that multiple hacking groups were targeting Microsoft Exchange servers in coordinated attacks, which could cause a damaging data breach for these organizations. With all of the security threats to Microsoft Exchange servers and the amount of sensitive data that banks and financial institutions hold, why haven’t these organizations moved their workloads to Exchange Online? Here are a few common myths we hear and feedback to clear up the misconceptions.

Myth #1: “Exchange servers better protect sensitive customer data.”

Many financial institutions still have Outlook Web Access without multi-factor authentication enabled, which is an easy in for a hacker to access a mailbox and any personal or financial information found in emails. Microsoft recognizes the issue that their older platform is in use and not adequately configured to curb modern security threats on its own. The most recent vulnerabilities on Microsoft Exchange servers that are making national headlines are good evidence for organizations to migrate from an email server to a mail service like Office 365. 

The Capital One data breach of 2019 may have scared away any intentions of financial institutions moving workloads to the cloud. In reality, the cloud-based platform was not actually at fault, as it was a configuration issue on their firewall that caused the breach. That breach may have added a level of untrustworthiness to cloud servers, when the responsibility actually fell on the professionals deploying the firewall. In contrast, no one points out that mega-bank competitor, Bank of America, has never had a breach near the size of Capital One and has been using Microsoft cloud-based products for several years.

Myth #2: “Moving to the cloud is too expensive.”

Some may hear that moving to the cloud is too expensive, but in reality, it can be more cost-effective. Let’s look at the breakdown of server costs according to our Systems Engineer, Joe Szoke. A new Exchange Server might cost $10,000 just for the hardware. If you’re running on-prem Exchange, you’ll also need at least 2 Domain Controllers at another $10,000 each. You’ll need licensing for each server – that’s around $1000 for Windows Server 2019, $780 for Exchange Server, plus about $97 in CAL licensing for EVERY user who wants to access the server. Then, you’ll still need to buy Outlook for your users – Office 2019 Professional Plus is $439.00 today. Once all of that’s done, you’ll still have to pay to maintain the systems – if your server goes down, you pay to fix it.

In contrast, a Microsoft 365 Business Premium license costs just $20/user per month. The entire environment is baked into that license – the administrative dashboards, the servers, the storage space the Office Professional licensing. You don’t have to buy hardware and patching happens automatically. Administration is much less labor intensive – in fact, Anders Technology advisors can handle this for you for a small monthly fee. In this model, your 100 users would cost just $24,000 for the entire first year. Your software would remain perpetually up to date, not just for the year, but for as long as you pay for the license. And, following best practices, your user accounts and data would be secure right out of the box.

Myth #3: “Our technology vendor doesn’t believe we should move to Exchange Online.”

Sadly, most organizations we meet with that have an Exchange server have not even been approached about moving to Microsoft 365. Major technology vendors have invested a lot in providing hosted Exchange services and they are lucrative for them but might not be the best solution for your business’s needs. Make sure to work with a technology partner that has the cybersecurity expertise you need and your best interests and goals in mind.

Myth #4: “We don’t need to move to the cloud because regulatory entities aren’t enforcing it.”

It’s true that even the largest agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA), cannot tell you to pick one platform over another yet, but they did recently make the statement: “Regulated entities should immediately assess the risk to their systems and consumers, and take steps necessary steps to address vulnerabilities and customer impact.” This rises above which platform you are using and focuses on the important part: protecting your data.

While there are clearly a lot of myths and misconceptions out there around if, when and why to move to the cloud, it’s important to know the facts. As a Microsoft Gold Partner, Anders Technology advisors can make the migration seamless so your business can be better protected from a costly data breach. Contact an Anders advisor below to discuss your company’s unique migration situation.


All Insights

Keep up with Anders

Want to keep up with all the latest insights from Anders? Subscribe and receive the information that matters to you.