Various banks are currently considering the pros and cons of cloud computing, for example for their e-mail services or to create extra temporary (storage) capacity. DNB sees cloud computing as a form of outsourcing, therefore the rules governing the outsourcing of services also apply to cloud computing.
Cloud technology effectively enables you to store data and applications anywhere in the world. While this yields benefits, it unfortunately also involves risks. The biggest risk involves data security. If the data security is not adequate, hackers and other criminals could gain access to confidential customer or credit card information. Another risk is that in the event of a malfunction, customers could inadvertently view third party information. E-mails could be sent to the wrong address, causing confidential and commercially sensitive information to be disclosed to third parties.
Cloud computing is regarded as a form of outsourcing and is therefore covered by the same requirements. These include the requirement to compile a risk analysis.
Your bank must also conclude agreements about who has access to the data and where it is physically stored. Finally, your bank must contractually specify that no data is left with the provider once the contract ends or is terminated.
DNB must be granted the ‘right to audit’. Outsourcing, including in the form of cloud computing, may not prevent DNB from carrying out its supervisory duties. This means banks must afford the supervisory authority access to a provider. This will enable the supervisory authority to check and evaluate certain processes and the way data is handled.
See the brochure on Cloud computing