This topic (cloud security for financial institutions) is the subject of a standard, X9.125, being developed by the X9F4 accredited subcommittee of ANSI. I am part of the drafting team. The document is close to completion (then it needs to go through all the reviews and balloting processes before adoption, and I have little idea how long this takes). There is quite a section on how to manage cryptographic keys, given the need to encrypt financial information.
If anyone needs more information, I can refer you to the co-chairs of the group, but I am probably not supposed to send you the current draft without asking them first. Our next meeting is this Wednesday afternoon (we meet the 2nd and 4th Wednesday of each month, and draft text offline in between), so shout now if you need me to carry a message or request to the group.
------------------------------
Claude Baudoin
cébé IT Knowledge Management
Co-Chair, OMG Cloud Working Group
https://www.omg.org/cloud------------------------------
Original Message:
Sent: Sep 09, 2022 06:19:05 AM
From: Orbert Reavis
Subject: Strategies for Financial Services organizations to manage risk in the Cloud
Many organizations are eager to adopt cloud services, but want to consider how to manage risks in making that transition. This discussion lays out strategies for success in leveraging cloud platforms and how the risks and security may impact customers and third parties.
Watch Jim Reavis, CEO of CSA, Collin Schwartz, General Counsel & Chief Regulatory Officer of TruSight, and Rani Urbas, Global Head of Enterprise Trust of Google Cloud, in their conversation about the future of cloud risk and security here → https://csaurl.org/7szupj
#cloudsecurity #TruSight
------------------------------
Orbert Reavis
Circle Guide
CSA
------------------------------