Cloud Oversight in Financial Services: Understanding Responsibility and Control

Subscriber Content
Screenshot of the first page of Cloud Oversight in Financial Services Understanding Responsibility and Control
Randy Armknecht and Noah Kessler, Protiviti Managing Directors

On April 30, 2020, the Federal Financial Institutions Examination Council (FFIEC) issued guidance formalizing effective cloud risk management principles. Many have been highlighted by the CSPs and independent industry organizations, such as the Center for Internet Security (CIS), previously.

Since this is the first formal guidance from the FFIEC on cloud security, we wanted to offer some thoughts on common cloud misconceptions and how internal audit functions can provide assurance on their institutions’ use of cloud computing environments — not only during cloud migration but on an ongoing basis.

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.