Many banks plan to transport their business and customer applications to the public cloud. However, migrating structures to cloud providers present risks related to compliance, privacy, and security which are external to the bank’s traditional controls environment.
Intone recommended a baseline framework that offers a view across all domains of the IT cloud. The Cloud Security Alliance Cloud Control Matrix (CCM) also allowed our client to take advantage of a proprietary model, mapping CCM guidelines to all regulated banking standards across the globe. The framework was an ideal fit for the institution; instead of constant assessments based on assorted authoritative entities, one appraisal targeted visibility into 16 different IT domains and standards for cloud use and eliminated the previously expensive (and time-consuming) redundancy of compliance efforts.
After the initial mapping process, Intone performed a segment analysis, to identify where key controls were in place and where operational risks and control gaps existed. This technique generated significant communication with the bank staff, as internal personnel typically thought a policy or procedure to be equivalent to the actual control. That view ensures the understanding that for a control to be effective, monitoring and best practices must be employed as well.
Cloud governance and compliance isn’t an annual exercise, because the cloud evolves and also the institution continues to implement new products to satisfy the client and worker demand. With a more practical management risk and control framework, Intone additionally helped the client establish a powerful governance model for the future.
The new, versatile governance platform will facilitate the client’s ability to evaluate the risks introduced when implementing new technology and identify the controls and contract terms required in response to future cloud risks.