The Accredited Standards Committee X9 announced that it has published a Cloud Management and Security standard. The new standard, X9.125, specifies the minimum management and security requirements for the effective use of cloud computing in a financial services environment.
The main purpose of this standard is to assist a financial cloud service customer in establishing and following an orderly cloud management lifecycle. This includes transition to, maintenance of and exit from systems and applications that utilize cloud computing. The standard also informs the providers and developers of cloud services as they design and implement systems and products that meet the needs of financial clients: services that will be marketable as secure, auditable and compliant with industry regulations. Finally, auditors and other security professionals can use this standard as a set of evaluation criteria when performing security assessments of cloud services.
The financial industry has been a strong adopter of cloud services, particularly in the US, with applications having grown to include business-critical systems such as credit scoring, trade data management and risk modeling. Accordingly, bankers and providers of financial services need to understand these technologies, establish an approach for identifying key risks and controls, and adhere to cloud management and security requirements – needs that X9.125 fills.
“For the better part of a decade, as cloud computing has ramped up and business workloads have moved to the cloud, the challenges of the technology environment, along with operational and business risks, have become more complicated for the financial industry,” said Jeff Stapleton, chair of the X9 working group that developed X9.125, in a statement. “The new standard addresses these issues and creates a roadmap to enhanced management and security. We are grateful to the many X9 member company representatives who contributed their expertise to the creation of X9.125, with special recognition to the Object Management Group for its generous support and expertise in the development of this standard.”