Cloud computing compliance an issue at banks

Grazed from FierceFinanceIT. AuthorL Jim Kim.

Back in July, the Federal Financial Institutions Examination Council (FFIEC) released a document to guide financial institutions in the tricky area of cloud-based solutions deployment. The guidance was topical obviously, as more banks are embracing cloud solutions at all levels. The economics increasingly make sense. The document laid out some guidance in the following areas: Due diligence, vendor management, information security, audits, legal and regulatory compliance, and business continuity planning.

Since the guidance was released, the idea that banks need even more guidance has become vogue, as some suggested that the released guidance was lacking a bit. Bank Technology News weighs in on this issue with a look at critical areas of cloud compliance. One expert was quoted said that the criticisms of the FFIEC reflect the view that the FFIEC guidance is "high level" and treats cloud computing like another kind of outsourcing…

"There’s not even a general consensus of what the term cloud means. There are a lot of [cloud] vendors that say they can do everything under the sun for a low cost." Banks will be asked to "read between the lines and…be knowledgeable about the issues connected to cloud computing that aren’t spelled out in the guidance. That’s fine when you are talking about large financial institutions, but for smaller institutions and credit unions where they can’t afford the in-house expertise, it’s a disappointing document."…

Read more from the source @ http://www.fiercefinanceit.com/story/cloud-computing-compliance-issue-banks/2012-09-20