Eight Ways to Mitigate Operational Risk in the Cloud for Financial Services

GXS recently sponsored a webinar titled “Compliance in the Cloud: Raising the Bar in Financial Services.” CEB TowerGroup Senior Research Director Rod Nelsestuen joined me…

OpenText  profile picture
OpenText

September 20, 20123 minute read

Descriptive text explaining the contents of the image.

GXS recently sponsored a webinar titled “Compliance in the Cloud: Raising the Bar in Financial Services.” CEB TowerGroup Senior Research Director Rod Nelsestuen joined me to present critical insights into the operational chaos facing financial supply chains with the growth of cloud computing, on-demand services and financial counterparties.  (You can view a replay of the webinar.)

Rod outlined the business problem arising from cloud services in financial services because of a lack of controls, informational insight and process transparency.  Rod also discussed that although cloud computing increases risk, it also increases sourcing for new IT products and services. In fact, the Federal Financial Institutions Examination Council (FFIEC) issued a document in July 2012 reiterating its guidance on “Outsourced Cloud Computing”. In the summary of this document, the FFIEC stated:

 “When evaluating the feasibility of outsourcing to a cloud-computing service provider, it is important to look beyond potential benefits and to perform a thorough due diligence and risk assessment of elements specific to that service. Vendor management, information security, audits, legal and regulatory compliance, and business continuity planning are key elements of sound risk management and risk mitigation controls for cloud computing.”

 Further down in the FFIEC Cloud Computing document, it states:

“Outsourcing to a cloud service provider can be advantageous to financial institutions because of potential benefits such as cost reduction, flexibility, scalability, improved load balancing, and speed.”

 The benefits of cloud computing include:

  • Scalability and flexibility
  • Simplified complexity
  • End-to-end visibility
  • Improved collaboration
  • Simplified integration
  • Increase security

In order for financial institutions (FIs) to take advantage of these benefits, they need to choose a provider that can mitigate the inherent operational risks. There are eight key characteristics that FIs should look for when evaluating a cloud computing vendor:

  1. Market leading, experienced cloud service provider familiar with the financial industry and your FI’s legal and regulatory requirements for safeguarding customer data and other sensitive data
  2. Backup, redundancy, recovery are at the core of the decision to use an outsourcing vendor with highly redundant and resilient data centers designed for mission-critical applications
  3. Internal controls and security processes can be negotiated by the FI to ensure customer information is appropriately segregated and protected by industry-standard compliance policies
  4. Leading cloud providers continuously improve their hardware environments to ensure the latest versions of operating systems are installed and use agile software development to deploy feature/function releases on an accelerated basis
  5. Tailored cloud deployment options to meet your specific needs including private clouds solely deployed on your behalf, or a hybrid cloud consisting of shared hardware but segregated data storage
  6. Outsourcing portions of your information technology infrastructure can free up internal IT resources to focus on strategic initiatives and new product development
  7. Providers with financial services domain expertise reduce complexity and risk for FIs with their extensive knowledge of global standards, communications protocols and file formats
  8. Cloud providers with global support centers can provide 24 x 7 support in multiple languages, ensuring your international clients and regional offices have access to the support resources required as problems arise

For many years, financial institutions have taken advantage of using applications service providers (ASPs) for core functionality such as deposit accounting, loan servicing, and online banking. ASPs generally deploy these systems in multi-tenant, shared environments that look an awful lot like hybrid clouds. It’s the cloud computing terminology that’s new, not the advantages that a third-party provider can provide.

Share this post

Share this post to x. Share to linkedin. Mail to
OpenText avatar image

OpenText

OpenText, The Information Company, enables organizations to gain insight through market-leading information management solutions, powered by OpenText Cloud Editions.

See all posts

More from the author

All we want for Christmas:  An open letter to Santa from a modern legal team  

All we want for Christmas:  An open letter to Santa from a modern legal team  

As legal professionals embracing digital transformation, our wish list is a bit different this year.

December 11, 2024 4 minute read

Supercharge Your Data Strategy with the Latest Insights on Data and AI

Supercharge Your Data Strategy with the Latest Insights on Data and AI

Introducing the 2024 CXO Insights Guide on Data & AI Guide

October 31, 2024 6 minute read

From breakdown to breakthrough: How predictive and prescriptive maintenance are revolutionizing operations

From breakdown to breakthrough: How predictive and prescriptive maintenance are revolutionizing operations

Cut downtime, save costs, improve safety and stay ahead of failures with advanced analytics and AI-powered maintenance strategies.

October 16, 2024 7 minute read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.