Cloudy with a Chance of Data Loss

Michael Berman

2 min read

Dec 31, 2016

Vendor risk management is an ongoing process—one that begins with due diligence before a contract is signed and continues with monitoring throughout the length of the relationship. This blog series on the Top 10 Risks will help you more effectively address third-party vendor risk throughout every department in your financial institution.

#1 Cloud Risk

Perhaps there’s no buzz word more confusing to bankers and credit union executives than the “cloud.” It evokes an ethereal image of data floating safely and serenely overhead, able to materialize on screen with the press of a button.

But the cloud is a place on earth. Actually, many places on earth.

The cloud is basically a bunch of data centers. Using the cloud is buying space on someone else’s infrastructure to store and/or process data which you can then access via the Internet. Sometimes these computers are used exclusively by one institution, known as a private cloud. Other times, several clients use a cloud, known as a shared cloud.

The cloud faces all the same risks as any other third-party IT vendor—cyber risk, reputation risk, operational risk, etc. After all, it’s a physical location with all the same inside and outside threats any organization faces. But its growing use and importance is undeniable—and it’s starting to attract regulator attention.

For now, the only agency to release something official on cloud risk is the FFIEC and its 2012 statement on Outsourced Cloud Computing in 2012—but don’t let that give you a false sense of security. Regulators are looking closely to see that institutions are aware of cloud risk and are taking steps to mitigate or lower the risk.

The FDIC has highlighted it as an existing and emerging risk—a sign that cloud risk is not to be ignored.

Specifically, the FDIC suggests institutions ask:

What is the type of cloud? (Private or shared)
Who has access to the data?
Where is the data?
Is the data backed-up?
What is the third-party’s control structure?
Can you perform effective/on-going due-diligence?
How difficult is it to disengage?

While financial institutions are concerned with cybersecurity risk, cloud service providers create their own unique risks in vendor management, and these risks need to be evaluated beyond just the normal cybersecurity risks.

Related: Creating Reliable Risk Assessments

Subscribe to the Nsight Blog

All Topics Risk & Compliance Product Insight Banks Lending Compliance Credit Unions Risk Management Fair Lending Nfairlending Cluster: Risk Management Compliance Lending Compliance Management Integrated Risk Blog Nrisk Regulatory Compliance Management News & Updates HMDA Risk Mortgage Lenders Ncomply Vendor Management Business Resiliency CRA Lending Compliance Blog Vendor CFPB Ncontinuity Third-Party Vendor Management Business Continuity Cybersecurity Fintech NVendor Strategic Planning Ncyber Ntransmittal Audits & Findings Company Culture OCC Regulatory Updates Audit Nverify Regulatory Compliance Exams FDIC Compliance Management Findings Nfindings NCUA Contract Management Employee Intranet Contract FRB Business Continuity Management FFIEC Findings Management Ncontracts manager Third-Party Vendors Vendor Risk Enterprise Risk Management ABA Bank Access Control Audit Findings Board Portal Call Report Due Diligence Efficiency Employee Engagement Exam findings FIEC Inc. 5000 Internal Audit Management Nboardportal Verify Wealth Management

Solutions

Risk Solutions

Vendor Solutions

Compliance Solutions

Lending Compliance

Risk Performance Management

Software Solutions

Risk Management Software

Vendor Management Software

Compliance Management Software

Continuity Management Software

Fair Lending Compliance Software

Findings Management Software

Audit Management Software

Cybersecurity Assessment Software

1071 Compliance Software

Employee Network/Intranet Software

Accredited Certification Program

Banks

Credit Unions

Mortgage Lenders

Fintech

Wealth Management

Nsight Blog

Webinars

Ncast Podcast

Regulatory Pulse

Events

Nsider Community

Dig into our Nstitute Certified Vendor Management Professional Training!

Featured Resources

Webinar: What Does Resilience Look Like?

Regulatory Pulse March 2024

Webinar: The Future of Risk Management

9 Fair Lending Compliance Training Essentials

Podcast: Succeeding All Together, Banking and Company Intranets

Book: The Upside of Risk

Resource Hub

About Us

News

Leadership

Partnerships

Join the Team

Ncontracts Highlights

Ncontracts Launches Nstitute & the Certified Vendor Management Professional (NCVMP) Certification

Ncontracts named Top Workplace for Third Consecutive Year in 2023

Ncontracts and CBANC Release New Report

Event: Ngage 2023 Nashville

Cloudy with a Chance of Data Loss

#1 Cloud Risk

Related: Creating Reliable Risk Assessments

Subscribe to the Nsight Blog

Share this

You May Also Like

7 Things You Need to Know Before Buying Cybersecurity Insurance

9 Risk Management Failures That Led to Charges Under NY’s Cyber Law

Heightened Cybersecurity Risk – Is Your FI Prepared?