Bank on Wipfli - Blog and Podcast

 

Financial institutions considerations when selecting cloud providers


Jun 03, 2020
Financial Services

The other day I got an alert on my phone notifying me that I was running low on storage. After deleting some unnecessary apps and pictures, I decided it was best to back up my data so this didn’t happen again.

I had reached my limit on my phone’s built-in service, so rather than simply purchasing more space, I wanted to make sure this was best for me. I started looking at available options and was blown away by the number of providers to choose from — and the differences in what they’re offering. How would I even start to narrow down this list and pick the right option? 

To whittle down the list, I needed to figure out what was important to me. What data would I be storing? Would it just be pictures, or would it be a backup of all my phone data? Was that data something I’d be comfortable with other people seeing, or should I ensure the backup would be encrypted at the provider? How could I prove the provider was securing my data?

Similarly, you’ve probably noticed an explosion in the number of options available to you, varying from online documentation storage and editing to network maintenance and monitoring. Because of this, banks are no longer limited to the traditional fintech players — such as the big core banking providers — and these new options are providing intriguing services that should be considered. 

As you select your vendors, you’ll inevitably look into services and providers that are unfamiliar to you. You’ll want to ask questions similar to the ones I asked above. What is the data you’re giving this provider access to? How critical and sensitive is this data? How will the provider secure the data? How can you verify this security? You’re right: These are the same questions you have been asking and addressing in assessing the risk of new vendors for ages. As you consider new, smaller vendors, you can no longer take the vendor’s ability to answer these questions for granted. You may need to ask very detailed, direct questions to determine whether the security controls at the service provider meet your requirements and whether you will be able to receive audit reports on these controls (or perform your own testing).

Are you considering implementing a cloud-based solution? Have you recently implemented a cloud-based solution, and do you want us to take a second look? Wipfli offers a full suite of IT and cybersecurity services, including IT risk assessments to assess the risk posed to your environment and IT examinations to ensure your policies and procedures are properly developed and are being properly executed. We are here to help.  

Author(s)

Austin Lentz
Austin W. Lentz, CISA, CCSFP, CISM
Manager, IT Examinations
View Profile

Comments

*User Name field is required.

(will not be published)

*Real Name field is required.

(will not be published)

*A valid email is required.

*Company field is required.

*Comment field is required.
Bank on Wipfli blog
Subscribe to Bank on Wipfli - Blog and Podcast

Submit