WASHINGTON–(COMMERCIAL WIRE)–The Cyber Risk Institute (CRI), the Cloud Security Alliance (CSA), and the Bank Policy Institute-BITS today announced the launch a cloud extension for CRI profile version 1.2. The “Cloud Profile” represents the collaboration of more than 50 financial institutions and leading cloud service providers (CSPs) to extend the CRI Profile, which is a widely accepted cybersecurity compliance framework for the financial industry.
“Today’s launch marks a historic achievement,” said CRI President Joshua Magri. “This is the first time that financial institutions, major CSPs, and trade associations have come together to develop a set of baseline expectations related to cybersecurity and roles and responsibilities for cloud implementation. We are extremely proud of the work that has been done here and what it can mean for the future use of the cloud in the financial services industry. We are pleased to be part of a collaborative solution to a long-standing challenge.”
As more financial institutions move to the cloud, financial regulators around the world are increasingly focused on ensuring that companies use sound risk management practices during cloud implementation. The Cloud Profile provides guidance to financial institutions and CSPs on the commonly understood responsibilities related to cloud deployment across software-as-a-service, platform-as-a-service, and infrastructure-as-a-service delivery models.
“Financial regulators need clear, consistent and timely information about companies’ relationships with their third parties. The Cloud Profile helps clarify where the responsibilities of a business end and the responsibilities of a cloud service provider begin,” said Chris Feeney, executive vice president of BPI and president of BPI-BITS. “A common understanding of cybersecurity controls for cloud deployment that has been developed, vetted, and accepted by businesses and CSPs is a strong approach to ensuring our financial sector is more secure.”
This guide is designed to enable financial institutions and CSPs to more easily reach a contractual understanding and should also facilitate more streamlined and secure processes for deploying cloud services.
“We are excited to be working with a like-minded organization like CRI, and are excited about these initial results. The Cloud Profile Extension brings together the CRI Profile with CSA’s Security Controls and Security Shared Responsibility Model.” Cloud Controls Matrix v4.0 This represents a very powerful tool to help financial institutions build a cloud security governance and compliance program that can meet their stringent industry requirements,” said Daniele Catteddu, CTO of the Cloud Security Alliance.
CRI, CSA and BPI will continue to work on ways to take advantage of this joint framework and look forward to further collaboration.
About the Cyber Risk Institute.
The Cyber Risk Institute (CRI) is a nonprofit coalition of financial institutions and trade associations. We are working to protect the global economy by improving cybersecurity and resiliency through standardization. https://cyberriskinstitute.org/ *The CRI Profile is the successor to the Financial Services Sector Coordinating Council (FSSCC) Cybersecurity Profile, a NIST- and IOSCO-based approach to assessing cybersecurity in the financial services industry.
About the Banking Policy Institute.
The Bank Policy Institute (BPI) is an independent public policy, research and advocacy group representing the nation’s leading banks and their clients. Our members include universal banks, regional banks, and major foreign banks doing business in the United States. Collectively, they employ nearly 2 million Americans, make nearly half of the nation’s small business loans, and are an engine for financial innovation and economic growth.
About the Cloud Security Alliance.
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA leverages the subject matter expertise of industry professionals, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA’s activities, knowledge and extensive network benefit the entire cloud community, from vendors and customers to governments, entrepreneurs and the insurance industry, and provides a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For more information, visit us at www.cloudsecurityalliance.organd follow us on Twitter @cloudsa.