ARMONK – Today, IBM announced it is working with the Cloud Security Alliance — a global not-for-profit dedicated to defining standards, certifications, and best practices to help ensure secured cloud computing — that aims to further advance security and risk management of cloud within financial services.
Building on IBM’s mission to reduce the risk for the industry with resiliency, security, compliance, and performance at the forefront, the IBM Cloud Framework for Financial Services is designed to help clients automate their security and compliance posture. The framework is central to IBM Cloud for Financial Services, a first-of-its-kind cloud with built-in security and compliance controls to help clients as they work to mitigate risk, tackle ongoing regulations and accelerate cloud adoption. It has been mapped to the Cloud Security Alliance’s Cloud Controls Matrix (CCM) – a cybersecurity control framework for cloud computing, which can help clients to drive innovation faster while addressing third and fourth-party risk in the cloud. With the alignment, organizations that have adopted CSA’s controls can now use services or transact with SaaS providers on IBM Cloud for Financial Services with confidence.
“As global regulations continue to evolve, it’s critical for all organizations to adhere to changing requirements while operating in a secured cloud environment – but this is even more critical for highly regulated industries such as financial services,” said Jim Reavis, CEO of Cloud Security Alliance. “With its long history and deep expertise working with some of the world’s most well-known financial services organizations on their modernization journeys, IBM understands the importance of establishing a highly secured hybrid, multi-cloud architecture that can allow organizations to host workloads wherever they need to be. Together, we aim to help financial services organizations drive growth and reduce systemic risk with a more secure cloud landscape by empowering them to address evolving regulations globally – from DORA to data sovereignty.
Collective intelligence aims to reduce financial services risk
Designed specifically for financially regulated industries, IBM Cloud for Financial Services was introduced in 2019 in collaboration with partner banks including Bank of America and BNP Paribas. It aims to help financial services organizations address the industry’s unique cybersecurity, regulatory and operational requirements while providing the benefits and flexibility of the cloud in a secured environment.
Leveraging the collective intelligence of the IBM Financial Services Cloud Council – a network of more than 120 financial services CIOs, CTOs, and Risk and Compliance officers such as Banco Bradesco, Nationwide, Banco Sabadell, Virgin Money, and MUFG – the platform includes industry-informed and built-in controls that can help financial institutions meet their security and compliance requirements of this highly regulated industry. These industry-informed controls are not IBM’s – they are the industry’s collective controls. While IBM Cloud has implemented these controls as part of IBM Cloud for Financial Services, it has also made them available for clients to use on multiple clouds (public or private) – by managing workloads with IBM Cloud Satellite and monitoring their compliance through the IBM Cloud Security and Compliance Center.
“As organizations strive to keep up with the latest regulatory requirements and evolving data sovereignty laws, security and compliance are at the core of our approach. We are on a mission to be the world’s most resilient, secure, compliant, and performant cloud, which is why many of the world’s major financial services organizations have worked with us over multiple decades,” said Howard Boville, Head of IBM Cloud Platform. “IBM Cloud for Financial Services is specifically designed for highly regulated workloads, allowing financial services and other regulated industries to host applications and workloads in the cloud with confidence while addressing third and fourth-party risk throughout their supply chains. As we continue our mission to help reduce risk in financial services, through our work with the Cloud Security Alliance, today we can demonstrate alignment to their Cloud Controls Matrix, a globally recognized standard for the industry.”
Leading with security and compliance as the stringent regulatory landscape evolves
With regulations continuing to evolve, financial services organizations must prioritize security and compliance to keep up with the demands of new requirements. However, maintaining security and compliance requirements should not come at the price of innovation. The IBM Cloud Security and Compliance Center aims to help financial services reduce the amount of time and money spent on maintaining compliance by enabling them to monitor and demonstrate their compliance efforts in the cloud and allowing them to free up resources to drive innovation. The offering includes capabilities to monitor security posture with built-in controls and profiles to help clients adhere to industry requirements such as CSA’s CCM and enables clients to proactively monitor their compliance posture.
IBM Cloud for Financial Services also includes IBM’s innovative confidential computing capabilities and encryption technology to help ensure clients’ data remains their data only – even IBM cannot access it. IBM will continue to collaborate with organizations, such as the CSA, to help clients drive innovation while monitoring their regulatory and security posture.
Statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.