Secure cloud banking: SBA guidelines pave way towards future
Cloud technology is everywhere. Consumers come into contact with it on a daily basis, for example when they stream music or store their holiday snaps in the cloud. There are many companies offering cloud services. They make it easier to develop agile, innovative and cost-efficient business models.
A large number of banks are driving digital business models. They are interested in cloud services because they can make computing power available on a flexible basis in line with a bank’s needs at any given time. August Benz, Deputy CEO of the SBA, is emphatic: “With cloud services, a bank doesn’t need to maintain so much expensive infrastructure of its own. At the same time, it benefits from the speed of the high-performance servers cloud providers offer. These solutions are especially valuable for smaller banking institutions, so the cloud has a key role to play in ensuring the diversity of the Swiss banking industry going forward.”
Guide to secure cloud banking
A working group set up by the SBA succeeded in bringing clarity as regards the uncertainties over migrating bank data to the cloud. Focusing on a providing a legally non-binding aid to interpretation in practice, it identified four areas that are of central importance when it comes to migrating to the cloud. The working group then drew up recommendations for choosing cloud providers and their subcontractors. It is vital that banks keep themselves informed as to which subcontractors their cloud provider is working with. With regard to handling data, the guidelines help in interpreting the law on banking secrecy. The focus here is on measures that must be taken to prevent unauthorised access to client data. The guidelines also offer assistance concerning collaboration and transparency on the part of banks and cloud providers vis-à-vis authorities, particularly the courts. In this respect, the working group looked in detail at the US CLOUD Act and the possibility of an executive agreement with the US. The final section of the guidelines explains how audits can be conducted in the context of cloud services and cloud infrastructure. These legally non-binding recommendations in four areas are intended to offer banks a solid foundation on which to ensure compliance in cloud banking. Each institution must decide for itself whether and how it migrates data to the cloud.
Video explaining cloud banking
To accompany the guidelines, the SBA is releasing a video explaining cloud banking.