Cloud Compliance for Financial Companies Requires a Merger of Three Disciplines

With weightier compliance penalties, ever-deepening cybercrime, and rapid adoption rates of public or hybrid cloud, financial services companies must pay closer attention to cloud compliance and stop treating it in a vacuum.

A 2018 study conducted jointly by Deloitte and the Financial Services Information Sharing and Analysis Center (FS-ISAC) raises the question of, “What does ‘good’ look like when it comes to cybersecurity at financial services companies?” The answer, concludes Deloitte experts, is not at all obvious: “The answer may be difficult to determine in the midst of a constantly changing threat landscape, and at a time when shifting business priorities and exponential technology forces are changing how many organizations approach management of cyber risks.” Compliance in the cloud is no longer simply a matter of one-dimensional audits or a segmented compliance officer or team. Similarly, compliance goes beyond employing encryption for data at rest or in motion.Cybersecuirty maturity levels

True cloud compliance can only be considered through an integrated view of data security, cybersecurity and risk management. Each discipline—with its people, processes and technology—carries considerations that must be aligned together rather than individually or not at all. To build a cloud compliance program, one needs a fundamental understanding of each of the three areas, and a full consideration of exposures or risks through the “lens” of each. Each has a set of benchmarks and evaluation criteria that can be (NIST, CIS) or must be (PCI, FedRamp, SOC 1, GDPR) adopted to ensure measurable compliance. Exposure must be a combined (Read more...)

*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Amber Picotte. Read the original post at: https://www.uptycs.com/blog/cloud-compliance-for-financial-companies-requires-a-merger-of-three-disciplines