Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Washington
Regulators warn of outsourced cloud computing risks
WASHINGTON (7/11/12)--Credit unions and other financial institutions should clearly identify and mitigate legal, regulatory, and reputational risks before they decide to use cloud computing for data storage and other computing purposes, the Federal Financial Institutions Examination Council (FFIEC) said in a Tuesday release.

In cloud computing, data are not held in one central spot, but are shared among different servers and locations.

Outsourcing to cloud computing providers can help reduce costs and improve the flexibility, scalability and speed of data use and storage, the FFIEC said. However, credit unions and other institutions should perform adequate due diligence before any moves to such systems are made, and should be aware of cloud-specific security and regulatory issues.

Cloud computing is another form of outsourcing, with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing, the FFIEC said.

Financial institutions should assess the strength of any cloud computing firm's internal controls, and examine their own data security standards, before moving forward, the FFIEC suggested. Cloud storage could increase the frequency and complexity of security incidents, the FFIEC noted. The regulators said financial institutions and cloud computing providers should ensure that their firms effectively monitor their systems for security-related threats, and be sure to have appropriate forensic strategies for investigation and evidence collection in the event of a security breach.

Cloud computing also can create new compliance issues if customer data are stored or processed overseas. Overseas data storage can make it more difficult for financial institutions to assess compliance. Also, due diligence may be more complex and difficult in an environment where the cloud computing service provider processes and stores data overseas, the FFIEC warned.

For the full FFIEC release, use the resource link.
Other Resources

RSS print
News Now LiveWire
CUNA economist Schenk discusses regulators' focus on interest-rate risk. See CU Magazine: http://t.co/tW1p9rTSSv
1 hours ago
Fed issues annual report on general-use prepaid cards in gov't-administered payment programs. http://t.co/3zPhejSPZt
1 hours ago
Children in foster care face higher risk of identity theft via @NBCNews http://t.co/Dif0hCfBdA
1 hours ago
.@Cornerstone_CUL's leadership conference includes food drive for San Antonio food bank http://t.co/h2O8O4TxuD
2 hours ago
Worldwide #creditunion growth: Nearly 57K CUs now serve 208M members #NewsNow http://t.co/vrSv3Gvp7X
3 hours ago