Cloud Security

5 most important things for any banking applications to be hosted on public cloud

• Data and Application Security  
• Integration capabilities with existing banking systems  
• Platform Encryption and Authentication Services  
• Monitoring Your Organization's Security  
• PCI compliance and meet its other regulatory requirements
  

  Everything that is required from security perspective for a bank to interact with applications hosted on public cloud using integration mechanism
  
  

  A connected app integrates an application with Salesforce using APIs. Connected apps use standard SAML and OAuth protocols to authenticate, provide Single Sign-On, and provide tokens for use with Salesforce APIs. In addition to standard OAuth capabilities, connected apps allow administrators to set various security policies and have explicit control over who may use the corresponding applications.

  As an administrator, use connected apps with user provisioning to create, update, and delete user accounts in third-party applications based on users in your Salesforce organization. For your Salesforce users, you can set up automatic account creation, updates, and deactivation for services such as Google Apps and Box. You can also discover existing user accounts in the third-party system and whether they are already linked to a Salesforce user account.

  Mutual authentication certificates are used when an HTTPS request is made to a salesforce.com organization from a third-party service on a specified port. Certificate and Key management and Point-Point secure integration's

  
  A master encryption key is used to encrypt the data contained in encrypted fields. You can archive and create keys based on your organization's security needs.
  

  Security errors can be eliminated by review: Cross-site scripting (XSS), Cross-Site Request Forgery, SOQL Injection

How salesforce can overcome from security barriers:

Security is major concern for banking customers.  Enabling security policies and controls like Certificate and Key management, Point-Point secure integration's, Network access, cross-origin resource sharing, authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, blocking unsecured networks with ip restrictions and others are used to overcome various security barriers.

Salesforce platform is secure with identity confirmation activation's.

What is CASB – Cloud Access Security Broker? 

A Cloud Access Security Broker is a visibility and control point residing between employees of an organization and the cloud services and SaaS applications they access (e.g., Box, Dropbox, Google Drive, Office 365, Salesforce, Workday, etc.). A Cloud Access Security Broker can potentially be deployed in either of two ways: as an on-premises offering or as a cloud-based gateway or proxy through which traffic enterprise traffic can be transfered on a per-application basis. CASB can be used by IT organizations to actively detect threats, enforce policies, Uncovering Shadow IT by Auditing, Detecting risky users and activities, Protecting by enforcing policies, Performing continuous monitoring and logging, Encrypting data, Tokenizing data, Federating identity and Cloud DLP.