15 May Security Architecture Briefing: Implementing Regulatory and Risk Reporting on the Cloud
By Aaron Slutsky, Chief Security Officer, AxiomSL
Unlikely as it may seem, financial institutions now utter the words “cloud” and “regulatory reporting” in the same breath. To achieve scale and automation benefits, they are tempted to marry these two concepts and implement their regulatory and risk reporting on the cloud. Indeed, financial institutions and regulators alike increasingly view cloud as a viable technology infrastructure, and it is often heard that the cloud is as secure, and even more so than on-premises computing environments.
The material non-public information (MNPI) within financial institutions’ regulatory- and risk-reporting data is the elephant in the room regarding cloud security. With MNPI at stake, risks always loom large, and thus, MNPI injects a unique level of risk into the security picture for regulatory and risk reporting on the cloud. Therefore, cloud-based security architectures for such implementations need to be seen through the lens of MNPI, and thought through carefully, from the ground up.
As the global leader in risk-data management and regulatory-reporting solutions, AxiomSL has studied this issue carefully during its more than two years’ toil developing a set of technical and operational capabilities for the cloud that it dubs the RegCloud. In alignment with that effort, AxiomSL became ISO 27001 and ISO 27017 certified and SOC 2 Type II audited, demonstrating its integral commitment to a systematic and ongoing approach to managing information-security risks that affect the confidentiality, integrity and availability of company and customer information. Its certification covers AxiomSL’s ControllerView® flagship product development, professional and client support services and company operations. And, crucially, it covers AxiomSL’s cloud-based solutions, operations and client support.
In this paper, AxiomSL’s Cloud Operations team delineates the set of security elements that comprise its RegCloud security architecture.
To learn more about how to securely implement regulatory and risk reporting on the cloud, please complete the form: