IBM wants to help financial services providers with compliance in cloud

Financial services organisations around the world have expressed strong interest in using cloud services, but satisfying the requirements of the regulated environments within which they operate has often stifled their ambitions.

IBM is hoping to liberate their ambitions through the creation of the Cloud Policy Framework for Financial Services, which incorporates additional security controls and processes needed to help financial services organisations move mission critical workloads into the cloud.

Speaking at an iTnews webinar, sponsored by IBM, Secure, Compliant, Innovative – The Future of Cloud for Financial Services, the Vice President and Chief Technology Officer for IBM Cloud, Jason McGee, described the Framework as offering a set of controls, architectures and implementation guidance that took into account the needs of banks globally.

“Banks and financial services organisations today have to spend an excessive amount of time assessing and establishing security and compliance postures within their organisations in order to be able to use public cloud environments,” McGee said.

“And that is costly and requires highly skilled resources. And so our goal is to reduce the time it takes for those financial institutions to gain confidence in public cloud environments and therefore speed the onboarding of workloads into the cloud,” he added.

For Australian clients, IBM’s Chief Information Security Officer for IBM Cloud, Arnold Simson, said the Framework had been made available in the form of a VMware for Regulated Industries automation that implemented some of those controls. Simson said this implementation would enable regulated organisations to report to APRA’s CPS 234 mandatory regulation.

“What we are doing is fast tracking the ability of a financial institution to complete their part of the compliance and have assurance into our stack and present that to their regulator,” Simson said. “And this can be completed in weeks rather than months.”

He said this implementation would be followed by the introduction of a broader cloud native platform in 2021, with the long-term goal of automating compliance enforcement within the cloud.

McGee said the introduction of the Framework would provide a significant boost for regulated financial services organisations that were striving to innovate on behalf of their customers, as despite their high interest in the public cloud, studies showed only 16 per cent of workloads in regulated industries had moved there.

“The base value proposition of cloud is rooted in innovation,” McGee said. “It is rooted in the idea of providing IT capabilities and applications platforms-as-a-service to enable organisations like banks to be able to focus on building customer value, and not on technology platforms and securing and operating them.

“Many organisations have been inhibited in realising that value because of the reality of the space they are in.”