How IBM Cloud Continues to De-Risk the Financial Services Industry

Responsibility, Security, and Trust.

These values should be at the top of every organization’s priorities. However, the responsibility of safeguarding data falls not only to the company holding the data, but also to the organizations they partner with. For the Financial Services industry, trusted with protecting the most sensitive information of their customers, this duty is even more critical. IBM has long been on a mission to de-risk the industry, helping financial services organizations keep critical data secure with resiliency, performance, security, compliance, and total cost of ownership at the forefront. With security and compliance controls built into our cloud platform for highly regulated industries, clients can consume partner offerings with confidence and ultimately, eliminate third- and fourth-party risks.

Evolving Regulations and the Need to Reduce Concentration Risk

As threats become more sophisticated, security and compliance regulations continue to evolve and we are seeing increased oversight of cloud usage. Just earlier this month, The U.S. Department of Treasury released its Cloud Report, highlighting?considerations financial services organizations need to consider when working with a cloud provider. Moves like this indicate that U.S. regulators are following the leads of their European counterparts, questioning the risk of engaging with third- and fourth-party vendors, and the need to mitigate concentration risk with cloud providers.

The goal is clear - to minimize downtime and close gaps in the supply chain, confirming IBM’s belief that security and trust need to be at the center of decision making on where workloads and applications reside.

Reducing Risk with a Hybrid Multicloud Approach

As financial institutions look to advance operational resiliency and respond to increasing client demands, many have already turned to a hybrid, multicloud approach and rightfully so. Hybrid cloud enables enterprises to host workloads wherever they need, without locking them out of innovation. But financial services organizations must remember that hybrid cloud is not a destination – it’s an enabler. Just like anything else, if it’s not done correctly, there can be risks. A hybrid, multicloud approach requires organizations to eliminate disparate, disconnected systems or what we call, “Frankencloud.” Their security strategies must be designed with one single point of control, allowing them to gain a holistic view of potential threats and to mitigate complexity.

Building on a long history of helping clients in highly regulated industries such as financial services reduce risk, we took a strategic step in 2019, creating a new market category with the first industry-specific cloud for financial services. IBM Cloud for Financial Services includes policy-as-code, meaning the laws, rules and regulations are built in from the outset, allowing regulated companies to innovate at the pace of the most agile startup while being knowingly in control.

But these controls are not built by IBM only. To build trust, we believe it takes all of us. Leveraging the collective intelligence of the IBM for Financial Services Cloud Council, an expert network of more than 130+ financial services CIOs, CTOs, and Risk and Compliance officers, we have built industry informed controls that can help financial institutions meet their security and compliance requirements. These controls are continuously monitored and improved, accelerating more thoughtful cloud adoption. We also continue to work with likeminded organizations such as the Cloud Security Alliance, that are dedicated to further advancing security and risk management of cloud within financial services.?

IBM Cloud differs in one clear way. Our heritage comes from proven success with IBM zSystems. Through IBM Z we understand our responsibility to provide a highly resilient, performant, secure, and compliant platform to service regulated industries. We have now transferred those skills and experience into our cloud, enabling us to help clients transform business processes in the mid-and back-office that cannot be fulfilled by a general-purpose cloud.

As regulations continue to evolve, we will continue to help banks prepare for the future and address risk.

Last week I discussed the work that needs to be done to help the financial services industry manage risk and regulation with CSA CEO, Jim Reavis at the CSA FinCloud Security Summit. If you’d like to hear more tune into our discussion here.