Infrastructure

04:04 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Changing The Cloud Security Conversation

What are the pertinent questions banks should ask about security in the cloud?
Previous
3 of 5
Next


John Howie, COO Cloud Security Alliance

Cloud providers benefit from economies of scale and have more resources at their disposal to invest in security and privacy of customer data. Due to the diverse nature of their customer base, cloud providers invest heavily in obtaining a variety of certifications and attestations that they can rely on to prove their solutions can meet their customers' compliance obligations. Although cloud consumers cannot outsource accountability, they can negotiate responsibility with providers.

These certifications and attestations along with other transparency measures, such as publication in the Cloud Security Alliance's (CSA) Security, Trust and Assurance Registry (STAR), can provide a window into the size and scale of the investments in security and privacy made by the cloud providers. Questions that prospective consumers can ask cloud providers might include, "What certifications and attestations do you have?" The answer to this question, however, is not sufficient alone. Consumers also need to ask if certifications and attestations obtained cover the service that the consumer is interested in purchasing, and can satisfy themselves that they do by examining Statements of Applicability and the audit reports themselves. Consumers should also ask providers if they have a SOC 2 report that includes the CSA's own Cloud Controls Matrix (CCM), which is recommended by the American Institute of Certified Public Accountants (AICPA).

 

Peggy Bresnick Kendler has been a writer for 30 years. She has worked as an editor, publicist and school district technology coordinator. During the past decade, Bresnick Kendler has worked for UBM TechWeb on special financialservices technology-centered ... View Full Bio

Previous
3 of 5
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
11/12/2013 | 9:33:52 PM
re: Changing The Cloud Security Conversation
They might already be more secure. A cloud vendor likely has more resources to pour into security than any financial institutions' IT department.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
11/11/2013 | 9:24:49 PM
re: Changing The Cloud Security Conversation
Many cloud vendors are pouring a lot of resources into security. It's generally seen as the biggest barrier to adoption of their services. With all of that focus on security, the cloud vendors will probably get to the point where their services are the most secure on the market at some point. But we're probably not there yet.
Zarna Patel
50%
50%
Zarna Patel,
User Rank: Apprentice
11/11/2013 | 8:27:11 PM
re: Changing The Cloud Security Conversation
That's a good point about reading the contract and making sure to find a cloud provider that fits the needs of a financial institution by Mr Neely. Making sure the right security is in place at all times is just as important as initially securing.
KBurger
50%
50%
KBurger,
User Rank: Author
11/11/2013 | 4:21:05 PM
re: Changing The Cloud Security Conversation
It's interesting that these experts are suggesting there may actually be MORE security in the cloud than in alternative/traditional environments. I'm sure that's somewhat oversimplified, but it does illustrate that execs need to put aside assumptions and preconceptions about these emerging models and objectively assess what strategies truly will support business and operational requirements.
Byurcan
50%
50%
Byurcan,
User Rank: Author
11/9/2013 | 2:19:57 PM
re: Changing The Cloud Security Conversation
Cloud services provide too much potential to completely ignore. Like Howie mentions, it's good that cloud vendors can obtain these various industry certificates, so banks can know how legitimate of a cloud vendor they are dealing with.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.