Cloud Oversight in Financial Services: Understanding Responsibility and Control
Subscriber Content
Navigating Cloud Accountability in the Finance Sector
On April 30, 2020, the Federal Financial Institutions Examination Council (FFIEC) issued guidance formalizing effective cloud risk management principles. Many have been highlighted by the CSPs and independent industry organizations, such as the Center for Internet Security (CIS), previously.
Since this is the first formal guidance from the FFIEC on cloud security, we wanted to offer some thoughts on common cloud misconceptions and how internal audit functions can provide assurance on their institutions’ use of cloud computing environments — not only during cloud migration but on an ongoing basis.