1 min read

Keep Data Secure In The Cloud

Keep Data Secure In The Cloud

 

To answer this question, let’s use the NIST definition of Cloud, which is referenced by the FFIEC, most financial institution service providers are technically not Cloud. Using the strict criteria outlined by NIST, Cloud providers would be services like Dropbox, Gmail, etc where anybody can sign up and get resources dynamically allocated.

 

However, many of our clients and some examiners have expanded the definition to include all things web-based. Traditionally known as Software-as-a-Service (SAAS), these services are hosted by the vendor and accessed via web browser so they look like a Cloud solution.

 

To keep data safe in the Cloud, do not use true Cloud services for sensitive data unless you have a reasonable assurance of security. For example, copy.com hosted by Barracuda, and ShareFile hosted by Citrix are reputable brands that offer relatively secure Cloud file storage. When using these information security services it is still a good idea to encrypt sensitive data before moving them online.

 

For banking solutions that may or may not meet the strict definition of Cloud, lean heavily on your vendor management process. Develop a thorough questionnaire and send to each web-based service provider. Contact us for a sample questionnaire.

NIST Vendor Security Framework 101: A Comprehensive Guide

NIST Vendor Security Framework 101: A Comprehensive Guide

Security leaders must take every measure to protect their sensitive data. While their internal security practices are crucial, they also need to...

Read More
Preparing for NCUA and FDIC AI Requirements

Preparing for NCUA and FDIC AI Requirements

We've noticed a rising trend among our clients, examiners are bringing up the topic of AI, inquiring whether AI is incorporated into their systems,...

Read More