The intensifying regulation of cloud services has become a major threat to financial institutions’ growth and innovation. An overwhelming number of regional and jurisdictional mandates aimed at ensuring cloud security, data protection and privacy are consuming company resources. Compliance with these evolving and often conflicting regulatory demands has proven complicated and costly.

These cloud compliance concerns have led many firms to hire large staffs to do little other than monitor the internet for new regulations, then assess the impact and implement changes to internal controls and security frameworks. These processes are extremely labor-intensive, largely because they are handled manually. Understandably, firms have grown desperate for a better way — as have cloud service providers (CSPs), who now find themselves just as encumbered by new regulatory demands.

Developing an Industry Standard for Compliance

Every time a regulation changes or a new regulation is introduced, both CSPs and the firms that use their services have to figure out the corporate implications. Both need to ensure that they are compliant and that regulators’ security, privacy and resiliency requirements are being met, especially when noncompliance can result in hefty fines.

Today, it’s not surprising that financial services firms, CSPs and regulators share a common objective when it comes to the cloud. All want simpler, more streamlined governance, and all recognize that the answer lies in standardizing the current surplus of regulatory requirements and controls and then automating compliance.

To that end, IBM launched a groundbreaking initiative in May 2017 to build an industry-standard cloud control framework for financial services. The idea was to put together a working group of financial services stakeholders to establish standard cloud controls and requirements for each jurisdiction and use case. As of this writing, 30 financial institutions have agreed to participate in the project.

This strong show of force is indicative of the industry’s frustration with regulatory compliance and the urgent need for a solution. In fact, all but two of these firms have identified regulatory compliance as their No. 1 obstacle to cloud adoption. All want to take greater advantage of public cloud solutions but worry that any economic gains will be negated by the high cost of compliance.

Automating Cloud Compliance

IBM’s new white paper, “Turning the Regulatory Challenges of Cloud Into Competitive Advantage,” explains the opportunity in front of financial services to solve the regulatory compliance dilemma. It makes the case for an industry-standard framework and control library as the essential foundation for simplifying and automating compliance. It also predicts that advances in cognitive computing, artificial intelligence and analytics will provide the technology to enable this framework. Using these technologies, it is already possible to update industry-standard frameworks and controls automatically and to notify firms when regulatory changes occur.

Cognitive technologies have the potential to manage financial firms’ cloud compliance dynamically, updating internal frameworks, policies and controls in near-real time in response to changes from regulators. Firms will be able to access the industry-standard framework and control library as a utility service as needed to dynamically adapt to and consume updates without compromising their own proprietary frameworks and control libraries.

These capabilities, which have collectively come to be known as cognitive regulatory compliance, enable financial services to continuously align with regulators and the controls they are enforcing. They allow firms to stay on top of regulatory changes through rigorous monitoring and automatic notifications. Cognitive regulatory compliance does away with the manual processes and procedures that impede cloud adoption. It also allows financial services firms to monitor the cloud ecosystem end to end, which is vital for widespread adoption.

Financial institutions have an opportunity to lessen the compliance burden of cloud by working more closely with regulators and CSPs. Those that do will be in the best position to affect how regulators understand and legislate cloud services.

Read the white paper: Turning the regulatory challenges of cloud into competitive advantage

More from Cloud Security

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Cloud threat report: Possible trend in cloud credential “oversaturation”

3 min read - For years now, the dark web has built and maintained its own evolving economy, supported by the acquisition and sales of stolen data, user login credentials and business IP. But much like any market today, the dark web economy is subject to supply and demand.A recent X-Force Cloud Threat Landscape Report has shed light on this fact, revealing a new trend in the average prices for stolen cloud access credentials. Since 2022, there has been a steady decrease in market…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today