Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Washington
Regulators warn of outsourced cloud computing risks
WASHINGTON (7/11/12)--Credit unions and other financial institutions should clearly identify and mitigate legal, regulatory, and reputational risks before they decide to use cloud computing for data storage and other computing purposes, the Federal Financial Institutions Examination Council (FFIEC) said in a Tuesday release.

In cloud computing, data are not held in one central spot, but are shared among different servers and locations.

Outsourcing to cloud computing providers can help reduce costs and improve the flexibility, scalability and speed of data use and storage, the FFIEC said. However, credit unions and other institutions should perform adequate due diligence before any moves to such systems are made, and should be aware of cloud-specific security and regulatory issues.

Cloud computing is another form of outsourcing, with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing, the FFIEC said.

Financial institutions should assess the strength of any cloud computing firm's internal controls, and examine their own data security standards, before moving forward, the FFIEC suggested. Cloud storage could increase the frequency and complexity of security incidents, the FFIEC noted. The regulators said financial institutions and cloud computing providers should ensure that their firms effectively monitor their systems for security-related threats, and be sure to have appropriate forensic strategies for investigation and evidence collection in the event of a security breach.

Cloud computing also can create new compliance issues if customer data are stored or processed overseas. Overseas data storage can make it more difficult for financial institutions to assess compliance. Also, due diligence may be more complex and difficult in an environment where the cloud computing service provider processes and stores data overseas, the FFIEC warned.

For the full FFIEC release, use the resource link.
Other Resources

RSS print
News Now LiveWire
Reminder: @TheNCUA's Listening Session tomorrow in Chicago. Capacity crowd expected for meeting at 1 p.m. CT. http://t.co/FYYuoHCdVJ
5 hours ago
Mortgage apps up 1.9% in @MBAMortgage's weekly survey http://t.co/QBzKWdnRkH
6 hours ago
Manage your household budget with these 5 @SavvyMoney tips from @MCUA_news's Halley Abbott on @FOX2now http://t.co/qaXIbnNktt
7 hours ago
Wash state's marijuana market open but still short of FIs to serve it via @NWCUA http://t.co/qwxCVEZbPG
7 hours ago
.@AnheuserBuschCU, @ScottCU, @betterwaytobank, @FirstCommSTL on @stltoday's best workplaces list http://t.co/8yR4GcZkya.
8 hours ago