The Federal Financial Institutions Examination Council (FFIEC) dropped a bomb on the banks Friday, urging them to use more caution when considering and evaluating cloud service providers. The 4-page document by the FFIEC includes such pearls of wisdom as:
“When evaluating the feasibility of outsourcing to a cloud-computing service provider, it is important to look beyond potential benefits and to perform a thorough due diligence and risk assessment of elements specific to that service.”
Really? Well, thanks, we hadn’t considered that! This is great too:
“If financial institutions are not sure that their data are satisfactorily protected and access to their data is appropriately controlled, entering into a third-party relationship with such servicer may be ill advised.”
Francoise Gilbert, attorney at IT Law Group says the resource is far too shallow to offer banks and credit unions any real insights about precautions they should take when considering cloud computing. Fast forward 5 years when everybody is crying about a massive data breach and asking where were the regulators, and remember this moment.