Banks are responsible for confidentiality of information when using the cloud
Cloud computing is a model that provides computing resources (computing, processing and storing) as a service through a network environment.
These computer resources include: infrastructures such as: server hardware, storage devices…; platforms such as operating systems, software systems, databases, software tools... and software such as complete application software, utility software...
Cloud computing is a method used widely by many credit institutions in the world, but still quite limited for the banking industry. With cloud computing, instead of purchasing information technology equipment then deploying the application on the equipment and maintaining the operation, management and maintenance of the system, the banks will use the cloud services from different providers.
This solution will help reduce the cost of IT investment and increase the convenience while handling the work and easily assessing performance through the amount of resources consumed at the same time.
However, the risk of this method is the control, ensure the security of network information, data protection. In addition, this increases the risk of network attacks as well as the risk of leaking top secrets and other private information. Besides, during the operation, there’s a big chance of encountering problems because of network connection.
Credit institutions are still responsible for confidentiality
In the field of finance, banking (with features such as high systematization, strict requirements on network security and data protection), the application of cloud computing is not as strong as other areas. The activities that banks agree to share on cloud environment are often insensitive to security and privacy. At the same time, main banking activities, key business operations are maintained on the banks' data centers, with modern IT equipment.
In the coming time, credit institutions will be able to decide and use the cloud service model however they want to, except using cloud services to process and store confidential information.
The use of cloud services does not change the responsibility of credit institutions in securing information confidentiality. Organizations must be in charge in preventing, detecting and promptly dealing with situations and acts threatening the safety of information technology systems.
In the process of using cloud services, organizations have the responsibility to coordinate and cooperate with the competent functional agencies.
Requirements for service providers
Before deciding to use this service, credit institutions must classify data based on confidentiality, assess the IT risk, operational risk. At the same time, it is necessary to review and improve the risk management policies of credit institutions and develop criteria for selection of suppliers.
Accordingly, the supplier must meet these following criteria:
- Established and is operating under the law
- Meets the requirements of IT security when providing cloud services
- Has capacity, reputation and experiment with products and services
Information, data contained in the process of deploying, using cloud services is information assets of the credit institutions. Credit institutions must apply current regulations on management of information technology assets for assets deployed on cloud services.
By: Frank Richardson