Light Dark
October 26, 2017 By Gary B. Meshell 3 min read
Cloud Security
Banking & Finance

The intensifying regulation of cloud services has become a major threat to financial institutions’ growth and innovation. An overwhelming number of regional and jurisdictional mandates aimed at ensuring cloud security, data protection and privacy are consuming company resources. Compliance with these evolving and often conflicting regulatory demands has proven complicated and costly.

These cloud compliance concerns have led many firms to hire large staffs to do little other than monitor the internet for new regulations, then assess the impact and implement changes to internal controls and security frameworks. These processes are extremely labor-intensive, largely because they are handled manually. Understandably, firms have grown desperate for a better way — as have cloud service providers (CSPs), who now find themselves just as encumbered by new regulatory demands.

Developing an Industry Standard for Compliance

Every time a regulation changes or a new regulation is introduced, both CSPs and the firms that use their services have to figure out the corporate implications. Both need to ensure that they are compliant and that regulators’ security, privacy and resiliency requirements are being met, especially when noncompliance can result in hefty fines.

Today, it’s not surprising that financial services firms, CSPs and regulators share a common objective when it comes to the cloud. All want simpler, more streamlined governance, and all recognize that the answer lies in standardizing the current surplus of regulatory requirements and controls and then automating compliance.

To that end, IBM launched a groundbreaking initiative in May 2017 to build an industry-standard cloud control framework for financial services. The idea was to put together a working group of financial services stakeholders to establish standard cloud controls and requirements for each jurisdiction and use case. As of this writing, 30 financial institutions have agreed to participate in the project.

This strong show of force is indicative of the industry’s frustration with regulatory compliance and the urgent need for a solution. In fact, all but two of these firms have identified regulatory compliance as their No. 1 obstacle to cloud adoption. All want to take greater advantage of public cloud solutions but worry that any economic gains will be negated by the high cost of compliance.

Automating Cloud Compliance

IBM’s new white paper, “Turning the Regulatory Challenges of Cloud Into Competitive Advantage,” explains the opportunity in front of financial services to solve the regulatory compliance dilemma. It makes the case for an industry-standard framework and control library as the essential foundation for simplifying and automating compliance. It also predicts that advances in cognitive computing, artificial intelligence and analytics will provide the technology to enable this framework. Using these technologies, it is already possible to update industry-standard frameworks and controls automatically and to notify firms when regulatory changes occur.

Cognitive technologies have the potential to manage financial firms’ cloud compliance dynamically, updating internal frameworks, policies and controls in near-real time in response to changes from regulators. Firms will be able to access the industry-standard framework and control library as a utility service as needed to dynamically adapt to and consume updates without compromising their own proprietary frameworks and control libraries.

These capabilities, which have collectively come to be known as cognitive regulatory compliance, enable financial services to continuously align with regulators and the controls they are enforcing. They allow firms to stay on top of regulatory changes through rigorous monitoring and automatic notifications. Cognitive regulatory compliance does away with the manual processes and procedures that impede cloud adoption. It also allows financial services firms to monitor the cloud ecosystem end to end, which is vital for widespread adoption.

Financial institutions have an opportunity to lessen the compliance burden of cloud by working more closely with regulators and CSPs. Those that do will be in the best position to affect how regulators understand and legislate cloud services.

Read the white paper: Turning the regulatory challenges of cloud into competitive advantage

 |  |  |  |  |  |  |  | 
Gary B. Meshell
Global Sales and Business Development Leader, IBM

More from Cloud Security
November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

October 10, 2024

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

June 6, 2024

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature