Risks associated with cloud computing target of joint regulators’ statement

Risk management practices for a financial institution’s safe and sound use of cloud computing services and safeguards to protect customers’ sensitive information from risks that pose potential harm are outlined in an 11-page “statement” issued by federal financial institution regulators Thursday.

In the document released by the Federal Financial Institutions Examination Council (FFIEC), the regulators:

  • Highlight that inherent in the use of cloud computing services are shared responsibilities between the provider and the client; the statement identifies responsibilities financial institutions would have when contracting with cloud computing providers.
  • Provide examples of risk management practices for a financial institution’s safe and sound use of cloud computing services and safeguards to protect its customers’ sensitive information from risks that pose potential consumer harm.
  • List public and private sector resources and references that can assist financial institutions with managing cloud computing services

“Financial institution management should engage in effective risk management for the safe and sound use of cloud computing services,” the FFIEC noted in its introduction. “Security breaches involving cloud computing services highlight the importance of sound security controls and management’s understanding of the shared responsibilities between cloud service providers and their financial institution clients.”

FFIEC Joint Statement: Security in a Cloud Computing Environment