The global perception of ‘moving to the cloud’ has undergone multiple shifts since its inception. What began as a leap of faith into the unknown has become a core enabler for businesses that want to experiment, innovate and grow. So much so that organisations stalling their move to the cloud are finding themselves being left behind.

The heavily regulated financial services industry was slower than some on the uptake. However, initial trepidation has given way to enthusiasm as cloud computing’s security, flexibility, and resilience credentials have been proven time and time again. In fact, high profile financial business such as Capital One, Starling Bank and Stripe are just some of the leading players using and advocating cloud computing.

With cloud becoming commonplace in the financial services sector, regulators are beginning to extend their remit to cover cloud environments. Multiple approaches are being trialled; some have issued new rules and guidance tailored to the cloud while others are simply updating existing guidelines to make them more applicable to emerging technologies.

Regardless of the chosen approach by regulators, a global focus on privacy and cybersecurity has led to increased scrutiny on the ways that financial institutions manage data in the cloud.

For these organisations, there are three common themes that frequently emerge in the regulatory landscape: data management, cybersecurity, and risk management. These must be top of the agenda for technology stakeholders looking to ensure compliance.

Data management

Companies that offer financial services harbour immense amounts of data, whether that be consumer, market or internal personnel information. The management of this data has become increasingly important with the introduction of regulations such as GDPR. To demonstrate compliance, financial institutions must implement controls and safety measures to protect the security and confidentiality of data stored in the cloud.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The first stage of managing an ever-growing pool of data is getting to grips with encryption. As a starting point, businesses must ensure that data can be overseen from a central control point. Historically, siloes have been the enemy of progress, slowing internal processes down to a snail’s pace. The cloud has always posed the solution to this problem, providing a clear, unified view of where data resides and a single point for managing this data.

Now, it is vital for stakeholders to manage encryption keys and define policies consistently through this single control point in order to effectively encrypt all sensitive data.

Ultimately, data management in the cloud must be treated with a “content agnostic” approach. This involves businesses and cloud providers treating all customer data and associated assets as highly confidential by implementing sophisticated technical and physical measures against unauthorised access. This, in turn, limits loopholes and backdoors, delivering a secure environment for all assets within the infrastructure.

Cybersecurity

Financial institutions live and die through their approach to cybersecurity. Not only do financial regulators expect these businesses to maintain a strong cybersecurity posture, but a breach could also cause irreparable damage to a brand’s reputation, making cybersecurity a key concern at a board level.

According to the 2018 half year fraud update compiled by researchers at UK Finance, financial services organisations experienced an increased rate of cyber attacks over the past year. Worryingly, attacks are becoming increasingly sophisticated and proving more successful, making cybersecurity a daunting prospect for these businesses.

This is where cloud providers can support financial services organisations with a shared responsibility approach to security. The cloud provider is responsible for the security of the cloud itself, providing world-class levels of protection designed for the most security-sensitive organisations. However, financial institutions must remember that they are responsible for managing security when in the cloud. From penetration testing to automated security functions, it is vital that companies are fully literate and up to date in the latest procedures, processes and tools to mitigate risk.

Penetration testing, a key requirement from financial regulators, provides a good example of how the shared responsibility model works. We perform regular penetration testing of our own infrastructure and services. Customers can perform vulnerability scans and penetration testing on their environments, and it is the responsibility of individual institutions to ensure these are carried out regularly in order to stay compliant.

Risk management

In any area of IT, if you can’t measure, you can’t manage. If CIOs have insufficient visibility over their IT estate it becomes almost impossible to ensure compliance. This is especially important in financial services where regulators expect robust risk management processes to be in place for any business using cloud infrastructure.

Continuous monitoring is key to ensuring that users are managing the risk of their cloud environment, ensuring they have sufficient tools in place to support governance and traceability. This is why businesses must have end-to-end monitoring in their toolkit, enabling them to monitor, analyse, and audit events that occur in their cloud environment. Once in place, executives can not only improve their own piece of mind, but provide a necessary, transparent viewpoint for industry regulators.

Ultimately, to ensure the adoption of the cloud in financial services is successful, it is up to both cloud providers and end users to work collaboratively. Open lines of communication and a single point of truth for issues around compliance and security are critical for cloud organisations wanting to help financial institutions on their digital journey. By carefully considering the way that data is managed and secured across their environment, businesses can embrace the full host of benefits the cloud has to offer while remaining compliant and mitigating risk.

Read more: Hybrid cloud solution is no pie in the sky

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up