Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Washington
Regulators warn of outsourced cloud computing risks
WASHINGTON (7/11/12)--Credit unions and other financial institutions should clearly identify and mitigate legal, regulatory, and reputational risks before they decide to use cloud computing for data storage and other computing purposes, the Federal Financial Institutions Examination Council (FFIEC) said in a Tuesday release.

In cloud computing, data are not held in one central spot, but are shared among different servers and locations.

Outsourcing to cloud computing providers can help reduce costs and improve the flexibility, scalability and speed of data use and storage, the FFIEC said. However, credit unions and other institutions should perform adequate due diligence before any moves to such systems are made, and should be aware of cloud-specific security and regulatory issues.

Cloud computing is another form of outsourcing, with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing, the FFIEC said.

Financial institutions should assess the strength of any cloud computing firm's internal controls, and examine their own data security standards, before moving forward, the FFIEC suggested. Cloud storage could increase the frequency and complexity of security incidents, the FFIEC noted. The regulators said financial institutions and cloud computing providers should ensure that their firms effectively monitor their systems for security-related threats, and be sure to have appropriate forensic strategies for investigation and evidence collection in the event of a security breach.

Cloud computing also can create new compliance issues if customer data are stored or processed overseas. Overseas data storage can make it more difficult for financial institutions to assess compliance. Also, due diligence may be more complex and difficult in an environment where the cloud computing service provider processes and stores data overseas, the FFIEC warned.

For the full FFIEC release, use the resource link.
Other Resources

RSS print
News Now LiveWire
Tech. advances don't dampen consumer #cybersecurity concerns #NewsNow http://t.co/HNn4Hojadv
8 hours ago
.@TheNCUA board unanimously voted today to designate board member Rick Metsger as vice chairman, effective immediately.
8 hours ago
We really want to hear from our readers. Please take the News Now survey: http://t.co/BYiQ5vr5Ob
10 hours ago
Advanced technologies don't quell cybersecurity fears #NewsNow http://t.co/ZJ20bimRvv
10 hours ago
.@CentralMaineCom reports #creditunions have issued thousands of new cards to proactively protect members from Home Depot data breach.
12 hours ago