Security Bytes

Jul 26 2012   6:46PM GMT

FFIEC cloud computing risks document: Where’s the beef?



Posted by: Marcia Savage
Tags:
Security

It seems the Federal Financial Institutions Examination Council could have done a little better with its cloud computing advisory. Earlier this month, the FFIEC issued a statement on outsourced cloud computing. The resource document outlines key cloud computing risks financial institutions should consider.

In the document, the FFIEC said it considers cloud computing to be another form of outsourcing with “the same basic risk characteristics and risk management requirements as traditional outsourcing.”

Right there, I think a lot of security experts would disagree. Cloud computing involves so many new elements — namely multi-tenancy – that present different risks than traditional outsourcing models. The FFIEC cloud computing statement covers multi-tenancy and other issues associated with cloud computing, such as potential complications with regulatory compliance due to data location, but at a high level without much detail. The document also covers familiar ground like vendor management and due diligence, stressing the importance of both in cloud computing arrangements.

Perhaps the FFIEC figured others, such as the National Institute of Standards and Technology (NIST), have already provided ample guidance on cloud computing risks. Late last year, NIST released its Guidelines on Security and Privacy in Public Cloud Computing (.pdf), which covers threats and risks associated with public cloud computing and provides organizations with recommendations.

Still, banks look to the FFIEC for guidance, and if any industry needs to be careful with moving data into the cloud, it’s banks. The FFIEC’s rather cursory treatment of the subject is puzzling indeed.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: