IT leaders to give cloud thorough attention when outsourcing in order to achieve the necessary cyber resilience
Organisations within the financial sector using, or considering, the cloud and other third party IT services must ensure they adhere to the new guidelines set out by the Financial Conduct Authority (FCA) and carry out the appropriate security risk assessments. This is according to The Bunker who argue that a failure to do so will result in increased data security risks.
The FCA recently published new guidance for firms outsourcing to the cloud to clarify what is required of companies and to help firms effectively oversee all aspects of the lifecycle of their outsourcing arrangements. The guidelines usher in an increased support for the cloud. The FCA advocates that there is no reason why cloud services should not be implemented by financial services firms, as long as the appropriate consideration is applied in line with the rules set out. The FCA has urged financial firms to manage the operational risks associated with outsourcing by applying due-diligence with regards to IT providers, before committing to work with them, by agreeing a “data residence policy” with the chosen provider.
Phil Bindley, CTO at The Bunker, said: “Cloud is here to stay and it is experiencing increasing adoption due to the major benefits it brings. However, the issue of security is one that remains at the forefront of the cloud debate. Putting appropriate guidance in place and acknowledging the potential risks are two integral steps when it comes to ensuring that the security risks associated with the cloud are minimised. Under the new FCA guidelines, financial firms need to take the appropriate steps to mitigate security risks so that their overall security hygiene is acceptable, this will encourage financial institutions to really consider how and where they are storing their data.
“The cloud has the potential to act as a key enabler across financial institutions, however many of these firms have been apprehensive to adopt this technology, due to the security sensitive environment in which they operate. As a result, these guidelines should be welcomed. Not only do they bring in new support for the cloud, but they also address the risks associated with securing data.
“These guidelines should be embraced as they encourage firms to do their due diligence to make sure they understand the ways in which their data is stored, processed and managed. By way of example, included is the ability to request an on-site visit to the relevant premises owned and operated by the cloud provider. A salient element of this guidance is to help firms effectively oversee all aspects of their outsourcing arrangements. When outsourcing to the cloud, it’s vital for financial services firms to appoint a Cloud Services Provider who can offer the consistent cyber resilience necessary, as well as transparency throughout the entire lifecycle, failure to do so can put an organisation’s data in danger,” concludes Bindley.
NOTES TO EDITORS
About The Bunker
The Bunker is a trusted partner for compliant and secure outsourced infrastructure and data storage. With fully owned UK data centres outside the M25 yet within easy reach of London, we provide Managed Hosting, Colocation, and Cloud Infrastructure and Storage to businesses that value the confidentiality, integrity and availability of their applications and data.
At The Bunker, we believe that Information Security should enable businesses to be more competitive, manage risk, protect brand and allow innovation in a controlled manner. We’ve adhered to this philosophy for more than a decade, keeping some of the most demanding businesses compliant, secure and available. Our data centres are former nuclear bunkers upgraded with millions of pounds of investment in networking infrastructure, fire suppression, power and cooling. We are service led, compliant, and secure by design.
For more information on The Bunker please visit: www.thebunker.net
Edward Dodge / Beau Bass
T: 0207 388 9988