Due to regulatory and compliance concerns, many financial services institutions (FSIs) have remained unsure about moving to the cloud, even as they embrace the idea of digital transformation. That’s why completing a risk assessment is a critical step in the decision to adopt any cloud services and a precursor to notifying regulators of the cloud plan. Any strong assessment covers two key areas:
You probably have mature assessment models for your on-premises systems. Assessing risk for cloud services requires a different approach. First, you need to think through all of the challenges moving to the cloud might present for your organization. For example, in almost all cases, the responsibility for security controls and compliance will shift between your organization and the cloud service provider (CSP), depending on the type of service you choose—say, infrastructure as a service (IaaS) versus software as a service (SaaS). In addition, when you move to the cloud, your data is managed externally; your CSP may be in a different part of the world, with very different contractual terms and regulations for handling data.
However, moving to the cloud also presents considerable opportunities in the areas of security and compliance. Large CSPs like Microsoft operate at large economies of scale. This means we can rapidly develop best-in-class security measures, deploy them, and keep them updated. And in the shared responsibility model we mentioned above, we also remove some of our customers’ burden for the cost of keeping systems compliant. Finally, we offer a high level of service availability across multiple geographic areas worldwide, which means your services are much more fault-tolerant and resilient against failures than an on-premises environment.
At Microsoft, we understand that assessing risk and notifying regulators are critical steps in any FSI’s decision to move to the cloud. We’ve created a cloud risk assessment model to walk you through completing an effective end-to-end risk analysis of Microsoft cloud services, with guidance for steps including:
To learn more, click here to download the free whitepaper, “Risk Assessment and Compliance Guide for Financial Institutions in the Microsoft Cloud,” or visit the Microsoft Service Trust Portal Compliance Guides to view Compliance Guides by region.
*Compliance Manager is a dashboard that provides a summary of your data protection and compliance stature and recommendations to improve data protection and compliance. This is a recommendation, it is up to you to evaluate its effectiveness in your regulatory environment prior to implementation. Recommendations from Compliance Manager should not be interpreted as a guarantee of compliance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.