Cloud Security

IBM to work with nonprofit on cloud security framework for financial services

A woman walks past the IBM logo at a technology trade fair.
IBM announced it will work with the Cloud Security Alliance to strengthen a cloud security framework of financial services. (Photo by Sean Gallup/Getty Images)

IBM on Thursday announced it will work with the Cloud Security Alliance (CSA) to strengthen a cloud security framework for financial services.

IBM’s Cloud Framework for Financial Services has been mapped to the CSA’s cloud control matrix (CCM) so that companies that have adopted CSA’s controls can now use services or transact with SaaS providers on IBM’s platform.

"As global regulations continue to evolve, it's critical for all organizations to adhere to changing requirements while operating in a secured cloud environment — but this is even more critical for highly regulated industries such as financial services," said Jim Reavis, the CSA’s chief executive officer. "With its long history and deep expertise working with some of the world's most well-known financial services organizations on their modernization journeys, IBM understands the importance of establishing a highly secured hybrid, multi-cloud architecture that can allow organizations to host workloads wherever they are running.” 

The financial industry is often first to adopt security and compliance technology, and therefore it makes sense that IBM will develop specific frameworks for the financial services industry, said Shira Shamban, chief executive officer at Solvo.

“I would expect that in the future IBM will offer frameworks for other industries that will adopt the cloud,” Shamban said. “Frameworks are guidelines, they are a starting point and not an end game. Adopters should make sure they implement them with proper adjustments to their applications, business logic, and specific needs.”

Mike Parkin, senior technical engineer at Vulcan Cyber, added that the concept behind a framework like this for financial services, putting all the pieces in place to develop and innovate with security and risk management in mind, is an inherently good idea. 

“How well it works will depend on the details, how well they are followed, and how it evolves over time to address changes in the threat landscape,” said Parkin.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.