Technology is a key driver of competitive advantage. The cost and flexibility benefits of Cloud computing are well documented and available to all businesses, including those operating within regulated industries, such as financial services.
Ensuring compliance with regulatory bodies, such as the Financial Conduct Authority does not rule out Cloud computing, it simply requires appropriate due diligence and risk management. When implemented correctly, Cloud solutions can deliver superior levels of security, data protection and availability compared to in-house systems.
Key considerations for financial services
- Data Residency: The Data Protection Act specifies that data should not be transferred outside the EU, unless to a country with equivalent high data protection standards. Verifying the physical location of your data is important.
- Data Security: Selecting a reputable Cloud provider will help minimise security risks. Your provider should be able to demonstrate their security measures and, as a minimum, be ISO 27001 2005 accredited.
- Access & Audit Rights: FCA regulators are entitled to access your information in an open, timely and cooperative manner. Cloud providers should accept this access and include it within their written contracts.
Cloud provider selection
As with any outsourcing agreement, selecting the right provider is key to protecting your business. The guide below provides a simple Cloud provider checklist to help with your selection process.
Enhancing your data security
Despite the perceived security risks surrounding Cloud computing, reputable providers can actually deliver enhanced Cloud security for financial services. This is increasingly recognised and reflected in the growing take up.
Examples of this enhanced security include:
|Email Security||Whether you use on-premise or cloud email, your systems could be at risk if your email is unsecured. Cloud providers, such as Mimecast, deliver enhanced email security, continuity and archiving services, protecting your business from malware, downtime and data loss. In addition, all data is guaranteed to reside in the UK.|
|Data Protection||Protecting your business from downtime can save you time and money. Online business continuity solutions minimise data loss by taking regular server and data backups. These are quickly recoverable and stored across multiple locations to reduce the risk of data loss associated with a single point of failure.|
|Data Encryption||Protecting your data from potential breaches is important and encryption provides the highest level of security. By encrypting your data before it's stored in the Cloud, it is then rendered meaningless to third parties. When combined with logs and audit trails, you can rest assured that your data is secure.|
|Hybrid Cloud||Moving to a hybrid Cloud gives you the flexibility to store confidential data in a private cloud, whilst keeping less sensitive data in a public cloud. This "best of both worlds" scenario allows you to enjoy the security and control benefits of a private Cloud, combined with the cost and flexibility benefits of a public Cloud.|
Cloud computing is here to stay and growing in popularity. With appropriate due diligence, firms can enjoy all the well-documented cost and flexibility benefits, whilst meeting their confidentiality, security and service needs.