Banking in the Cloud: Between Rogues and Regulators, Part 2

Celent will help qualify your requirements and introduce you to the vendor
Spotted a missing vendor? Use this form to alert a vendor to the Celent service
Create a vendor selection project & run comparison reports
Register to access this feature
Click to express your interest in this report
Indication of coverage against your requirements
Vendor requires PRO subscription to activate this feature
Requires research subscription, contact Celent for more info
30 March 2016
James O'Neill

The Emergence of the Compliant Public Cloud


Although a few large banks are experimenting with cloud-based services, few have taken the plunge in publicly and visibly transitioning a mission-critical banking service to the cloud. The reasons most often cited for slow adoption of cloud services in banking are data security and the fear of regulatory scrutiny. Contrary to popular belief, banking regulators are non-discriminatory when it comes to how a bank provisions its IT environment. The catch is that regulators maintain a consistently high level of expectation for the standards a bank sets for IT security.

In the second installment of Banking in the Cloud: Between Rogues and Regulators, Celent examines the evolving relationship between banking regulation and the cross-industry standards for IT security in the cloud, and goes on to identify the key takeaways for financial institutions formulating their cloud strategy.

Part one of this series provided an in-depth review of the pertinent guidelines of the FFIEC regarding IT security and concluded that increased regulatory scrutiny from cloud services was more myth than reality. The first report also went on to demystify the security and compliance issues facing banks.

Cyberattacks against banks accounted for 6% of all attacks worldwide in 2014, but loss of personal information by banks was more than 20% of the total, second only to retail. In that context, the FFIEC’s recent guidance that IT outsourcing, including cloud-based services, can actually decrease cybersecurity risk is a watershed event.

“These developments mean that yesterday’s reasoned principles for abstaining from cloud services are becoming tomorrow’s thin excuses. Slow-moving banks will once again find themselves at a disadvantage competitively and financially,” says James O’Neill, a senior analyst with Celent’s Banking practice and author of the report.

Report highlights include:

  • A discussion of dynamics in the struggle between cyberattackers and banks.
  • Examination of the rapidly evolving compliance tools and governance mechanisms for cloud services, such as the CSA’s Cloud Control Matrix.
  • A look at the movement of the FFIEC toward cross-industry standards for building a secure cloud-based processing environment.
  • Key takeaways for banks considering the opportunities presented by cloud-based services.

Insight details

Content Type
North America
Special Interest
Cloud, Innovation & Emerging Technology, Risk Management & Compliance