cloud security cloudtimes Financial Regulators Address Cloud SecurityThe US Federal Financial Institutions Examination Council is focused in helping financial institutions by providing a resource document which it hopes to address and understand the risk of cloud computing. In its four-page document, Outsourced Cloud Computing, the council stressed that due diligence must be performed in assessing a cloud computing service provider rather than just take a look at all the benefits the provider is offering. The resource material focuses on business continuity planning, regulatory and legal compliance, audits, information security, vendor management, and due diligence.

According to William Henley of Federal Deposit Insurance Corporation, financial institutions must follow the basic risk strategies and guidelines found in the Federal Financial Institutions Examination Council Information Technology Examination Handbook. Great focus must also be on the Outsourcing Technology Services Booklet. Henley said that there may be vendors who don’t know about the regulatory requirements which are applicable to financial institutions and it is for this reason that the Council decided to issue the resource document.

In the said document, the Council focuses on how a financial institution can address cloud computing outsourcing. It stresses the need for due diligence because financial institutions are still responsible for the compliance and security of their records. Therefore, financial institutions must make sure that their cloud computing providers meet the requirements for risk management, compliance, quality of service, and cost. The document also highlights data classification, data segregation, and data recoverability. The financial institutions must also ensure that the cloud computing providers follow the regulatory requirements. Service-level agreements and contracts must specify dispute resolution, format and location of data, and ownership.

Audit is also an integral part of the resource document. Internal controls provided by the cloud providers must be adequate so that risks can be mitigated and evaluated effectively. External auditors can be tapped to help with the evaluation of internal controls. The document also notes that it may be necessary for the financial institution to adjust its audit procedures and policies with regards to cloud computing. Training may be needed for the audit staff or hire personnel who has expertise on virtualized technologies and shared environments can be hired.

Also, the financial institutions may be required to revise their information security practices, standards, and policies to include cloud computing activities. Data handling procedures must be verified. Backup data must be available and adequate. It is also important to know if several providers are sharing facilities or not. In certain situations, the financial institutions must continuously monitor cloud computing activities so that they can be sufficiently assured that their chosen cloud computing service provider maintains effective internal controls.

Financial institutions must also ensure that reputational, regulatory, and legal risks have been clearly identified as well as mitigated before shifting to public clouds. They must take into consideration the compliance standards and legal mandates from international jurisdictions. Lastly, the financial institutions must check if the cloud computing service provider and also its network carriers has sufficient resources and plans to guarantee business continuity.

Hottest IT Skills in 2013 – Cloud, Mobile and BI
In 2012, more than 1.7 million jobs in the field of cloud computing remained unoccupied, according to analysts firm IDC. READ MORE
How Cloud Computing Influences Digital Marketing
Cloud marketing has the ability to drastically change the ways in which they reach and engage their audience, particularly with regard to distributing and storing mission-critical data. READ MORE
Gartner: BYOD to Take Center Stage For Mobile App Use by 2017
More and more companies encourage their employees to work on their devices, thus reducing the cost of computer equipment, but also increase the cost to maintain licenses and safety. READ MORE
Maturity in the Cloud: Start Thinking Like a Grown-Up
Despite the inclination to wait until all of the cloud’s kinks have been worked out, holding off on cloud initiatives until the industry matures won’t guarantee success. READ MORE
PwC: Cloud, SaaS and Mobile Are Changing Software Industry
The software industry is undergoing major changes by trends such as cloud, SaaS, mobile technology and the “consumerization of IT”. READ MORE
10 Cloud Computing Game Changers
Here are the ten most influential cloud computing companies, and the reason why. READ MORE