The European Cloud User Coalition (ECUC) released a position paper that covers requirements for achieving standardization of compliant and safe use of public cloud technology in regulated European financial institutions. ECUC members include over a dozen European banks, an insurance firm as well as Deutsche Borse and Euroclear.
The paper addresses major topics ranging from Privacy, Security, Governance & Regulation, Standard Contractual Clauses to Portability, Resilience & Exit Strategy. The paper also includes a review and summary of the European Commission´s proposed Digital Operational Resilience Act (DORA).
Through conversations with cloud service providers and European authorities, the ECUC have added new requirements on Portability, Resilience and Exit Strategy as well as more detailed requirements on Privacy and expansion on topic Security.
The position paper will also be subject to regular updates.
Cloud Computing is a key technology
Public cloud solutions are becoming increasingly important due to their flexibility and scalability, as well as the high security standards. However, for compliant public cloud adaption the specific European standards must be met. By defining uniform requirements, ECUC wants to maintain these high standards and achieve them in a more effective manner.
On demand infrastructure
Public cloud technology does not require users to invest in computing capacity or data center infrastructure. It provides “on demand” infrastructure and service solutions on a pay-per-use basis. Capex investments are replaced by opex expenses.
Financial institutions moving to the cloud
Digitalization requires up-to-date technology, and nowadays quicker than a decade ago. Outsourcing new or existing processes and applications into public cloud converts capital expenditure into operation expenses. This provides financial institutions the opportunity to focus on use case implementation thereby creating business value.
Cloud fosters business value
Agility is not only an organizational form but must be achieved through scalability, cost effectiveness through pre-built functionality, while at the same time providing high quality standards including cyber resilience.
The challenge for European financial institutions
All cloud activities must be compliant with European standards and regulations. Currently each company using cloud services needs to find its own answers.