05-04-21 | Blog Post
By 2000 approximately 80% of US banks offered online options. There were many reasons that financial services firms raced into the internet and cloud. Many of those reasons still exist today and continue to be the driver for new, innovative, profitable and secure banking services.
Massive Amounts of Data No Longer a Massive Problem
Banks generate, and are regulated to maintain and protect, massive amounts of data daily. All the way back in 2017, an article by McKinsey described the digital movement in finance as “much of a typical bank is now digitized and throwing off data by the terabyte.” With financial institutions being required to retain much of its data for 5-7 years, it becomes easy to see how the move from prem storage to Hybrid Private Cloud can drive massive savings.
Enhanced Analytics and Reduce Time to Market for New Services and Applications
The massive amount of data created and retained by banks is also a key component in the launch of new banking services. The inherent scalability and positive economics of cloud services enables the use of powerful analysis tools in the development of these apps and services. These tools include Machine Learning, AI and Big Data analytics like Spark, Hadoop, MongoDB and many others. In the new apps and services test phase, cloud services can facilitate collaboration with 3rd parties and their unique skill sets. These 3rd parties provide relevant expertise that reduces the time and cost to market and also reduces IT expense. After development of a cloud native app or service, a cloud based platform/ environment is established where launching bespoke services for unique customers becomes practical. The almost unlimited choices for high speed access to banking fuels more services per customer, higher revenues, lower margins and increased profitability.
Regardless of which elements of banking your organization is involved in, compliance requirements for financial institutions, including their use of cloud services, are implicit and have a long tail of evolution. SOC 1, SOC 2, SOC 3, SAS 70 SSAE 16, SSAE 18 and AICPA are several of the many compliance and reporting standards. Compliance for banking records and data is generally achieved when your cloud services provider is certified to meet SSAE 16/SOC 1, SOC 2 and SOC3 standards. The preferred cloud services partners will go above and beyond the SSAE 16 audit and invest in annual, independent audits against the SOC 2 standard as well as verifying data center security, availability, processing integrity, confidentiality, and privacy. With those added investments by the cloud services provider, your data and applications are provided a secure and audited environment.
For years, many Cloud Services have delivered security as mandated by Sarbanes-Oxley (SOX) governance requirements. Demonstrating security controls, those that mitigate cyber threats and prevent/remedy breaches and leaks, is an integrated requirement of SOX. This requirement includes your 3rd party vendors and Cloud Service Providers. In April of 2020, the Federal Financial Institution Examination Council (FFIEC) issued guidance regarding cloud security. The document: Security in a Cloud Computing Environment does not represent an addition to regulatory requirements, it focuses on security best practices for protecting information in a cloud environment. In the document, best practices for cloud security and change management, audits and controls, governance, as well as resilience and recovery are all discussed. Most will agree that the guidance delivered in this document would best be addressed by partnering with a SOC certified compliant cloud services provider with a proven track record for partnering to deliver secure services in the financial services industry.
Cloud Partner for Financial Services
At Otava, compliance and security are practices that are natively baked into our people, processes and technologies, not bolted on afterwards. Our defense-in-depth-approach encompasses administrative, physical and technical safeguards to protect your data in not one but three ways. We offer a whole host of compliant solutions that keep mission-critical data and systems safe and protected. If you are considering secure and SOC compliant Cloud Services, Hosting, backup or disaster recovery, Otava can help. Contact us to learn more!
Did you attend Otava’s webinar covering security, compliance and business continuity?
To learn more, check out the full recording and the presentation!
To run successfully in the cloud (i.e., with little to no security failures), you’ll need to consider the difference between secure cloud infrastructure and secure applications within that infrastructure.
Ransomware preparedness with cloud solutions: According to a recent IDC survey, about 50 percent of organizations said they could not survive a disaster event, with 91 percent of respondents experiencing a tech-related business disruption in the past two years. Most organizations are already using cloud technology for their everyday business activities, but consider how it can help you prepare for a ransomware attack before it hits.