Cloud services can bring significant benefits in driving streamlined, agile IT operations, but have proved difficult to incorporate into traditional financial technology operating models. More than most other organisations, financial institutions tend to be encumbered with high levels of technical debt, strict regulatory requirements around information security, systems availability and compliance, along with rigid IT processes and controls to accommodate those requirements. Given these kinds of environment, any concerted effort by financial institutions to adopt cloud technologies needs to be properly and carefully managed.
Stay current on your favourite topics
Most importantly, financial institutions need to ensure they can overlay the right kind of IT controls over their public cloud services to ensure compliance not only with their own standards and/or benchmarks for information security (infosec) and IT risk, but also evolving regulatory obligations. The move towards cloud architectures should also be seen as a unique opportunity to improve and transform infosec practices and implementations, free from the burden of legacy infrastructure.
This paper will:
- Explain the factors driving financial institutions to migrate more critical workloads to the cloud
- Analyse the nine areas critical to operating effective IT controls in public clouds: Data Security & Compliance, Service Transparency, Demand Management & Governance, Co-Mingling, Access Control, Service Integration, System Loss, Cloud Automation and Concentration Risk:
- Provide an overview of existing cloud control standards and accreditation schemes