Swedish bank overcomes regulatory hurdles and embraces the cloud to foster innovation

Similar documents
Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Cloud Computing: Making the Right Choice for Your Organization

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Evolve Your Security Operations Strategy To Account For Cloud

Angela McKay Director, Government Security Policy and Strategy Microsoft

Perfect Balance of Public and Private Cloud

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

Cybersecurity. Securely enabling transformation and change

Google Cloud & the General Data Protection Regulation (GDPR)

Accelerate Your Enterprise Private Cloud Initiative

Healthcare in the Public Cloud DIY vs. Managed Services

Best Practices in Securing a Multicloud World

Overview. Business value

Emerging Technologies The risks they pose to your organisations

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Cloud Computing Overview. The Business and Technology Impact. October 2013

Protecting your data. EY s approach to data privacy and information security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Microsoft 365 Business FAQs

NetApp Private Storage for Cloud: Solving the issues of cloud data privacy and data sovereignty

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

European Union Agency for Network and Information Security

New Zealand Government IBM Infrastructure as a Service

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Oracle Buys Automated Applications Controls Leader LogicalApps

Recommendations for Small and Medium Enterprises. Event Date Location

EU General Data Protection Regulation (GDPR) Achieving compliance

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Cloud First: Policy Not Aspiration. A techuk Paper April 2017

Global Security Consulting Services, compliancy and risk asessment services

INNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY

Build confidence in the cloud Best practice frameworks for cloud security

ENISA EU Threat Landscape

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

POSITION DESCRIPTION

Why Enterprises Need to Optimize Their Data Centers

Package of initiatives on Cybersecurity

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

Professional Services for Cloud Management Solutions

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

Village Software. Security Assessment Report

Data Management and Security in the GDPR Era

GDPR: A QUICK OVERVIEW

Create the ideal conditions for your network to grow.

10 Cloud Myths Demystified

Government IT Modernization and the Adoption of Hybrid Cloud

UKEF UK Export Finance. Transformation with the Microsoft Cloud

S.W.I.F.T. Intelligent Management Pack White Paper

Smart thinking, clever working

AMERICAN CHAMBER OF COMMERCE IN THAILAND DIGITAL ECONOMY POSITION PAPER

Clarity on Cyber Security. Media conference 29 May 2018

Healthcare IT Modernization and the Adoption of Hybrid Cloud

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

10 Cloud Myths Demystified

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

MEETING DATA PRIVACY AND SOVEREIGNTY CHALLENGES IN THE CLOUD ERA

STRATEGIC PLAN

Continuous protection to reduce risk and maintain production availability

Express Monitoring 2019

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

ProDeploy Suite. Accelerate enterprise technology adoption with expert deployment designed for you

Between 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.

An overview of mobile call recording for businesses

Making the case for SD-WAN

Cyber Security and Cyber Fraud

Choosing the Right Cloud Computing Model for Data Center Management

What is ISO ISMS? Business Beam

Evolution of IT in the Finance Industry. Europe

EY Norwegian Cloud Maturity Survey 2018

OTA Strategic Update Building & Amplifying April 5, 2017

Hybrid IT for SMBs. HPE addressing SMB and channel partner Hybrid IT demands ANALYST ANURAG AGRAWAL REPORT : HPE. October 2018

DDoS: Evolving Threats, Solutions FEATURING: Carlos Morales of Arbor Networks Offers New Strategies INTERVIEW TRANSCRIPT

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cloudreach Data Center Migration Services

BHConsulting. Your trusted cybersecurity partner

We are Digital Transformakers

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

What It Takes to be a CISO in 2017

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

INFRASTRUCTURE OUTSOURCING. for life sciences

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

Principles for a National Space Industry Policy

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions

Modern Database Architectures Demand Modern Data Security Measures

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Microsoft 365 Security & Compliance For Small- and Mid-Sized Businesses

Run the business. Not the risks.

PROTECT WORKLOADS IN THE HYBRID CLOUD

SD-WAN. Enabling the Enterprise to Overcome Barriers to Digital Transformation. An IDC InfoBrief Sponsored by Comcast

Demonstrating data privacy for GDPR and beyond

Driving Global Resilience

VERITAS 2017 TRUTH IN CLOUD REPORT

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Security and Privacy Governance Program Guidelines

GDPR Update and ENISA guidelines

Bring Your Own Device (BYOD)

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Transcription:

Think Cloud Compliance Case Study Swedish bank overcomes regulatory hurdles and embraces the cloud to foster innovation Customer details : Collector Bank - Sweden 329 employees www.collector.se/en Banking and Capital Markets Based in Gothenburg, Sweden, Collector Bank believes innovation is key to its financial success. The bank uses Microsoft cloud technologies to grow and diversify without a commensurately expensive investment in IT infrastructure. Also, the European financial services sector is heavily regulated, and past regulations were not written with the advances of cloud technology in mind. Collector has decided to face the regulatory challenge head-on, working with regulators and Microsoft to operate within a framework that promotes security, privacy, and innovative practices. Addressing regulation vs. innovation If we want to stay ahead, we need an environment that inspires ongoing innovation. We re not going to invent new products with old technology. With Azure, we attract skilled, curious people who do great work. Mats Iremark IT Director Collector Bank With assets of SEK15.155 billion (EUR1.58 billion), fast-growing Collector Bank offers innovative financing solutions to individual and corporate customers. Collector attributes much of its rapid growth to applying technology and innovation to compete against larger players. The organization sees itself as a technology company with a bank license, rather than a bank with technical solutions. Nevertheless, financial services companies in Europe are heavily regulated at regional, national, and international levels, so companies like Collector must include regulatory compliance as part of their digital transformation strategy. With cloud providers now able to cost-effectively offer exponential computing power, high reliability, and strong security, many companies are choosing to move away from traditional on-premise IT infrastructures. Using the capabilities of cloud technology, these companies develop innovative products and streamline internal business processes. This is what digital transformation is all about. However, as new technologies evolve, there s a time lag before the regulations catch up. That means leaders in core functional areas of banks are faced with the challenge to ensure compliance by mapping existing regulations to new and innovative technology. @2018 Microsoft Corporation. All rights reserved. 1

Leading by example and growing rapidly The forward-thinking, early-adopter companies like Collector who embrace new technologies tend to be eager, agile, young, and small compared to their more-established competitors. We re the pioneers, the guinea pigs, who have to work hard to get the goahead to put our technologies in place, says Håkan Svensson, Head of Compliance at Collector Bank. Still, Collector is willing to make the effort because we have to in order to maintain our rapid growth. And the growth has been substantial. Since 2005, Collector has experienced an annual revenue increase of 30 percent and an earnings increase of 56 percent. The bank embarked on a cloud pilot project two years ago, and given the company s successes with the pilot, it chose to take an "all in" approach to Microsoft Azure. Says Svensson, One of the biggest strengths of Azure is that its technologies are so simple to deploy: If I need to, for example, I can spin up a new database, scale-up virtual machines, or create a new test environment. Major initiatives are now just two clicks away. In deciding what technologies to adopt, Collector is aware that it must take legal issues into account. Ensuring its cloud use is in line with existing legal requirements is key to making the bank s digital transformation possible. We ask regulators to carefully evaluate how they view technology as they write guidelines and regulations, explains Svensson. Regulators have a critical job, and the efficiencies of the cloud will drive the financial services industry, so the traditional compliance functions will have to adapt to a rapidly changing market. Collector has been carefully preparing for cloud adoption. For example, the bank created an anti-fraud application based on Microsoft Azure, and it continues to develop expertise in the cloud. Many companies in the financial services industry have expressed interest in the cloud and recognized the value of embracing it. And financial regulators are taking notice. @2018 Microsoft Corporation. All rights reserved. 2

Recognizing the regulatory must-haves Recent European Banking Authority (EBA) recommendations recognize the need for cloud outsourcing guidance. Specifically, EBA says that Due to the specificities of cloud outsourcing, the recommendations include guidance on the security of the data and systems used. They also address the treatment of data and data processing locations in the context of cloud outsourcing. Institutions should adopt a risk-based approach in this respect and implement adequate controls and measures such as the use of encryption technologies for data in transit, data in memory, and data at rest. (Consultation on Recommendations on Outsourcing to Cloud Service Providers, EBA/CP/2017/06). Moreover, the General Data Protection Regulation (GDPR) of the European Union is coming into effect in 2018 creating a comprehensive new compliance framework for data protection in the EU. A fundamental purpose of the GDPR is to establish shared responsibility and trust between the controller of personal data and the provider it engages for the processing of such data. Consequently, it is important for banks to choose a cloud service provider with a principled approach to privacy, security, compliance, and transparency. Going forward, it will be essential for organizations like Collector to secure its own and its vendor s infrastructure to manage privacy, security, and other legal compliance demands. The GDPR requires that controllers of personal data use only data providers that have committed to comply with the GDPR and to support compliance efforts of controllers. Microsoft was the first major cloud service provider to make this commitment. For Collector, to ensure compliance with GDPR, it must make technology decisions based not only on the advice and expertise of its IT staff but also of its legal and compliance teams. The role of people like Svensson is now especially crucial, and understanding new technology is a critical criterion for the Head of Compliance position. Says Svensson, We want to keep growing, so we have to stay agile. That includes having a strong in-house compliance concept that values technology. Collector Bank also considers Microsoft a valuable, active participant in the European regulatory process. We see Microsoft making clear efforts to understand the needs of financial services companies like Collector and the environment we operate in, says Svensson. @2018 Microsoft Corporation. All rights reserved. 3

Appealing to talent Because Collector is an innovator and is able and willing to address the regulations and requirements head-on, it is updating its IT approach to align with its digital transformation strategy. That means finding the right people for the right IT jobs. Mats Iremark, IT Director at Collector, says, When we think of the cloud, we want it to fit developers. We chose the Microsoft Azure cloud platform primarily because it appeals to skilled people. But we also think its benefits of scaling and cost are fantastic. Iremark adds, The main reason that we have a cloud-first strategy and focus so much time and effort on working with regulators is that we believe that if we want to stay ahead, we need an environment that inspires ongoing innovation. We re not going to invent new products with old technology. With Azure, we attract skilled, curious people who do great work. Choosing a secure platform for the long term Collector recognizes that companies often cite cloud security as an IT concern, particularly as it applies to the financial services industry, but the bank believes that Azure services are more secure than onpremises systems. That means that Azure improves upon the security measures that regulators require. Security is always foremost in the minds of our developers. One of the things we appreciate about Azure is that it offers so much functionality that developers don t have to build from scratch. When it comes to security in Azure, many best practices are there by design. For example, Azure Information Protection (AIP) allows Collector to instantly classify, label and protect new or existing data, to share it securely with people within or outside of its organization, to track usage, and even to revoke access remotely. Moreover, Advanced Threat Protection (ATP) in Microsoft Exchange Online is a feature that provides a way for the bank to create policies that prevent users from accessing malicious email attachments or malicious websites linked through emails. Those features are particularly useful tools supporting the bank s internal compliance functions in its challenge to implement core GDPR requirements, such as ensuring that data is readily identifiable and protected against security threats. @2018 Microsoft Corporation. All rights reserved. 4

Following a lot of discussion, regulators now pretty much want to set standard best practices that apply to outsourcing cloud services throughout Europe. And in that effort, I think Microsoft has done a very good job. Håkan Svensson Head of Compliance Collector Bank Expanding on why Collector chose Azure over competing solutions, Iremark adds, We have thorough experience with the Microsoft.NET Framework, so Azure was natural fit for us. Also, because Microsoft is well-aware of the regulatory challenges, Azure already meets many required certifications, so we re confident that others will follow as we need them. Svensson notes that adoption drives regulation and that conversations about how technology will be used should include parties from government, the banking industry, and service providers. When Collector looks at other cloud service providers, it doesn t see the same willingness that Microsoft demonstrates as a partner in the financial services industry. He concludes, Following a lot of discussion, regulators now pretty much want to set standard best practices that apply to outsourcing cloud services throughout Europe. And in that effort, I think Microsoft has done a very good job. @2018 Microsoft Corporation. All rights reserved. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback