Jason Nelson from JPMorgan Chase & Co will lead a discussion kicking off the FINOS Cloud Service Certification Project on August 1st, 2019 at 10am EST / 3pm BST.
The mission of the Cloud Service Certification Project is to accelerate the development, deployment, and adoption of a common set of controls and controls tests for cloud services. Here's more information about the Project for reference.
This new Project is part of the FINOS Financial Delivery Accelerator Program.
Cloud services controls and tests are used to demonstrate adherence with regulatory and internal compliance requirements mandated for financial institutions when using cloud services. The majority of cloud security incidents are due to misconfiguration; services are not secure by default, configuration is often complex, nuanced and difficult to validate. To some degree or another all financial institutions are re-inventing the wheel – institutions have similar control frameworks and each is trying to secure and stand up the same providers and services within the same regulatory frameworks.
Having robust controls and tests developed and in place removes a barrier to faster adoption of cloud services such as those provided by Amazon/AWS, Microsoft/Azure and Google/GCP, among others. Addressing this barrier will benefit both financial services IT departments, many of whom are looking to move more quickly to the cloud, and the providers themselves, who wish to sell more cloud services into financial institutions.
Controls for cloud service compliance afford banks no particular strategic or competitive advantage while also representing a task something all banks who look to deploy more applications onto the cloud needs to do, and as such are conducive to being developed together as part of the "public commons". The focused project and collaboration with other banks will increase the amount of controls produced and, it's expected, help increase the rate of adoption of cloud services.
The working group will produce multiple Cloud Service Certification artifacts (together forming one or multiple accelerators) that provide functional code that implements regulatory compliant configurations of cloud services with BDD tests to validate efficacy. The group review the artifacts for an accelerator and then gather feedback on process and content before iterating on additional services. A key part of the working group's approach will be to set quality standards across artifacts; members of all tiers can contribute to the project and ensure a common high level of quality is delivered and in less time. The group will also work with cloud service providers to produce more industry specific content and solutions.
Jason Nelson is Executive Director, Software Engineering for Corporate Investment Bank of JPMorgan Chase & Co.
Jason is the project lead for FINOS FDX Cloud Service Certification project. He spent his 20+ year career practicing information security as a penetration tester, security architect, management, consulting advisor, and many other roles unnamed performed around the world. He has had a passion for information security in many forms which continues to evolve with each year. In the few hours away from information security Jason likes travel with his family to places warmer than Chicago.
Jason presented at the 2019 Members Meeting in London on Codified Controls for Cloud Services - and we're happy to have him working on this project!
Join us below: