Some Financial Institutions Hesitate on Migrating to the Cloud
Banks and other financial institutions constantly collect and handle highly sensitive data and are therefore subject to significant regulatory oversight. As these organizations move their data to the cloud, even more regulation comes into play.
As the ABA notes, “As cloud adoption in the financial services industry has increased, regulators are becoming more knowledgeable about how firms are relying on cloud service providers without sacrificing the rigor required in risk management and compliance practices.”
Zac Maufe, managing director of financial services for Google Cloud, writes in a recent blog post that the barriers to cloud adoption vary, “from the complexity of legacy systems to trust and skills gaps, regulatory uncertainty and fragmentation of compliance requirements.”
He points out that “certain regulator-induced challenges, including the complexity of sectorial compliance frameworks and fragmentation, create hurdles to cloud adoption for financial services companies.”
How Cloud Computing Can Assist Banks with Regulatory Compliance
In recent years, widely reported cyberattacks have heightened the security concerns harbored by regulators. The ABA acknowledges that regulators are keenly aware of the vulnerability of financial institutions. But the cloud may be just the answer financial institutions are looking for to address regulatory concerns over data security.
“Moving data and services from a bank’s dedicated legacy infrastructure to a multi-tenant cloud environment, if properly configured, can provide additional layers of security for the institution and decrease its systemic risk,” according to the ABA blog.
Maufe writes that financial services firms should continue migrating more core workloads to the cloud and consider multicloud and hybrid cloud strategies. “Such strategies enhance resiliency of existing IT infrastructure,” he notes. He also suggests that regulators could assist with compliance by providing additional clarity and guidance.
CSPs Offer Assurance to Assist with Regulatory Compliance
Maufe expressed Google Cloud’s commitment to “working with financial services customers and regulators to provide them with controls and assurances on risk management, data locality, transparency, and compliance.”
And Google isn’t the only CSP hoping to ease the regulatory burden for financial institutions. John Duigenan, global CTO for financial services at IBM, said in a recent interview with the company’s blog that IBM has created regulatory configurations “to ensure you could never deploy an unsecure service where data, for example, could be accessed in an unencrypted form.”
Microsoft also offers compliance assurances with its Azure offerings. According to a post from the company, “Azure compliance offerings are based on various types of assurances, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments, and customer guidance documents produced by Microsoft.”