Microsoft understands the critical need for financial services risk, compliance, and audit teams to be well supported with tools and resources that empower them to fully understand and assess cloud-related risks. How to take advantage of Microsoft Cloud risk and audit resources Critically, this process will remain resilient as the enterprise gradually deploys more business functions onto Microsoft Cloud, each of which will require a contextual assessment of risks. You can now achieve a cloud-optimized risk assessment process that drives maximum efficiency as you cycle through different use cases. Once these foundations are established, you can execute cloud risk assessments across these six basic dimensions: Our framework for assessment in the cloud Microsoft is a leader in compliance and offers a very extensive compliance offering for Azure, Dynamics 365, and Microsoft 365 with more than 100 certifications and attestations. This is a waste of time because there are already certifications and audit reports available where multiple reputable third parties have attested to the soundness and safety of these same controls and related risk areas. Another pitfall is that some financial institutions will try to evaluate or audit every cloud control independently. Take maximal advantage of third-party assurance.This approach gives you structure and guidance for implementing appropriate controls that can be applied in risk-based ways to individual use cases, each time aligned to your organization’s risk, security, and compliance requirements. A good way to prevent these challenges is to align internal control frameworks to industry standards, such as SOC 2 and Cloud Security Alliance’s Cloud Controls Matrix (CCM). Moreover, cloud providers apply different risk control measures compared to what might be expected on-premises, and that can lead to endless control discussions. Not every use case is the same, yet too often we see customers apply an extremely large set of mandatory controls to any and every cloud use case, irrespective of its significance. Adhere to common standards and apply risk-based approaches.We advise setting up a cloud risk governance board or body that engages all key functions in a single, integrated process that leads to faster deployments and addresses resource constraints and skills gaps. Many problems can be solved or prevented through a unified cloud risk assessment approach. Inefficiencies tend to spring up as questions are raised repeatedly by different stakeholders (“Where is my data stored?” or “Who can access it?”). We often see problems with a poor understanding of cloud technologies and risk controls. Risk organizations are complex, and siloed approaches are likely to hit walls when different risk stakeholders across all three lines of defense each make their own assessment of a cloud service provider. Establish a cloud risk governance body.Here are three strategies that we see at the heart of every organization that successfully governs cloud risks: Through our compliance community, we get an amazing stream of insights, feedback, and stories about what does and does not work. Three road-tested strategies for governing cloud risks In this post, I’d like to share some of the learning we’ve gained through our deep engagements with customers, point you to a few Microsoft online gold mines, and invite you to check out our Compliance Program for Microsoft Cloud, which I think you’ll love. Microsoft makes a significant investment to help customers get the assistance they need to optimize cloud risk assessments at scale. Adding to the pressure, if compliance assessments and audits are disrupted, innovation can grind to a halt.įortunately, there are some excellent resources to guide you productively on this journey. Security and access controls are automated, DevSecOps becomes more commonplace, knowledge gaps arise, and the regulatory context is changed drastically. While on-premises risk assessments and audit strategies may have been straightforward in a pre-cloud world, when data moves to a third-party cloud provider operating a shared environment at hyperscale, the lines shift. The rise of generative AI-powered solutions promises only to accelerate the transformation, with even greater benefits.įor the people and teams responsible for managing risk and ensuring compliance, however, this paradigm shift comes with some new anxiety, as stringent security and compliance requirements must be met. Banks, insurance companies, stock brokerages, investment managers, and many other firms are gaining competitive advantages, deriving new value from data and analytics, and speeding innovation by replacing legacy approaches and systems with cloud technologies. Few sectors in the economy are benefiting more from the advent of cloud computing than financial services.
0 Comments
Leave a Reply. |