No fundamental reason why cloud services (including public cloud services) cannot be implemented, with appropriate consideration, in a manner that complies with our rules
- UK Financial Conduct Authority -
An interesting thing happened last month. The UKs Financial Conduct Authority (FCA) produced a document proposing new guidance for the financial services using third party cloud computing solutions.
The Financial Conduct Authority (FCA) is a financial regulatory body in the United Kingdom, but operates independently of the UK government, and is financed by charging fees to members of the financial services industry. The FCA regulates financial firms providing services to consumers and maintains the integrity of the UK’s financial markets. It focuses on the regulation of conduct by both retail and wholesale financial services firms.
What I find interesting is how FCA has embraced cloud computing using Salesforce extensively in its operations. It can only be a good thing that the UK regulator for the financial services industry is paving the way for cloud-based services. I do sometimes get frustrated with companies who don’t have brilliant physical/logical security around their internal information assets, and then say having an internal solution makes it “more secure”. The majority of successful hacks come from within the company not from external.
Ransomware, insider threats… companies not prepared
A recent report showed that nearly half (46%) of small business owners have no employee responsible for data security and more alarming that 27% have no process or policies at all. But even larger companies This year has been a tough year for security with just this week yet another attack. JD Wetherspoon was hit by a cyber attack releasing over 650k of customers records.
Cloud computing setup correctly (or even in some cases out of the box) could be more secure than some companies internal systems. Just the basic fact that you could, in theory, lock your entire IT and development team out of your production environment and have the deployment of changes & administration function a business function and not an IT one. This makes Cloud Computing at a reduced risk of internal attack, and when the majority of hacks are internal, this has to be a good thing. Just talk to the CIA, if Snowden (an IT admin) hadn’t had full admin privileges when he didn’t need them things could have been very different.
Read more at: