Banking in the Cloud: Between Rogues and Regulators
Part 1: Regulations and Compliance
Abstract
Although a few large banks are actively experimenting with cloud-based services, relatively few have taken the plunge in publicly and visibly transitioning a mission-critical banking service to the cloud. The reasons most often cited for slow adoption of cloud services in banking are data security and the fear of regulatory scrutiny. Contrary to popular belief, banking regulators are non-discriminatory when it comes to how a bank provisions its IT environment. The catch is that regulators maintain a consistently high level of expectation for the standards a bank sets for IT security.
In the report Banking in the Cloud: Between Rogues and Regulators, Celent studies the regulatory environment for IT security in the United States, seeking to determine what specific provisions govern banking applications in the cloud. The first in a two-part series regarding cloud-based banking services, this report examines the regulatory backdrop and reviews the development of new cross-industry standards for IT security. Celent demystifies the security and compliance issues, giving the reader a nuanced understanding of the IT security model for banking as it extends to the cloud.
“Capital One’s recent announcement that it is moving most of its IT infrastructure to Amazon Web Services points to the schism between banks that are embracing cloud services and those that are not,” says James O’Neill, senior analyst with Celent’s Banking practice and author of the report. “While many banks and most banking IT services vendors have eschewed the cloud over concerns regarding security and regulatory scrutiny, it has become clear that yesterday’s questions and concerns are becoming tomorrow’s thin excuses.”
Report Highlights:
- An overview of the regulatory origins of IT security and the regulatory protection of nonpublic personal information.
- Examination of the many detailed regulatory guidelines covering IT security.
- A review of the specific guidance of the regulators regarding cloud-based banking services.
- An examination of several cross-industry standards for IT security that are increasingly attracting the attention of banks that are planning on implementing new services in the cloud.
The second installment in this series will look at recent developments in the introduction of banking-specific security tools to manage IT security in the cloud, examine what the major cloud providers are doing to build confidence among FIs in the security of the public cloud, and provide key takeaways for banks that are considering a movement toward cloud services.