Federal Financial Agencies Issue Cautionary Statement on Financial Institution Cloud Computing Services

more+
less-

On July 11, 2012, the federal financial regulatory agencies (“Agencies”), through the Federal Financial Institutions Examination Council (“FFIEC”), issued a joint interagency statement (“Statement”) on the use by financial institutions of outsourced cloud computing services, and the key risks associated with such services. The Statement, the substance of which is also being incorporated into the FFIEC’s Information Technology Examination Handbook (“IT Handbook”), is the first formal federal financial agency statement on the matter of cloud computing, a subject that has garnered substantial attention in the financial services industry but that, to date, has not been formally addressed by the federal financial regulators. In general, the Statement reaffirms that the fundamentals of existing risk and risk management requirements that currently are applicable to financial institution outsourcing of IT services apply equally to outsourced cloud-based services, while identifying certain risks that, in the Agencies’ view, are of particular concern with respect to such services.

Cloud Computing – An Overview

Cloud computing is an IT delivery model where IT services are provided to users from remote servers and facilities over the Internet rather than through owned or leased IT servers and platforms. The cloud technology offers important benefits to users, including the chance for significant cost savings and operational efficiencies; flexibility in deployment; ready access to information systems, applications, and data; better backup services; and faster and more responsive upgrade functionalities. Through cloud computing services, users have the ability to outsource all or part of their IT hardware architecture (infrastructure as a service, or IaaS), operating systems and platforms (platform as a service, or PaaS), or software applications (software as a service, or SaaS) as they choose. “Clouds” can be private, where the services are operated solely for one organization (or a small group of organizations, which some refer to as “community” clouds), typically on a dedicated or partitioned platform; public, where the services are shared by numerous customers, and typically operated on a shared platform; or hybrid, which entails a combination of private and public cloud services.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP | Attorney Advertising

Written by:

more+
less-

Morrison & Foerster LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×
Loading...
×
×