Transparency and assurance: How Microsoft is helping financial institutions move confidently to the cloud

13 October, 2015

It has been remarkable to witness the sea change of cloud adoption in the financial services industry.

Three years ago, when I talked to financial institutions about cloud, they were clear they would never be moving to cloud; two years ago, that changed to “not now.” Over the last 12 to 18 months, that has become a more nuanced conversation on how they can take advantage of cloud, in a way that meets their high internal compliance, security and risk standards.

This sea change didn’t happen overnight, of course. In fact, we at Microsoft have been working closely with the financial industry — on both customer and regulatory fronts — for several years.

What have we been doing?

First and foremost, we have listened to industry leaders and regulators about their requirements, concerns and desires for cloud-based services. We learned about the industry’s needs surrounding compliance, security, privacy and control — and then we made sure our cloud platforms and services can provide a regulatory framework that meets those needs.

Microsoft Azure, Office 365 and Microsoft Dynamics CRM Online have been audited against some of the most rigorous global, regional and national procurement standards and cloud certifications. We have also been involved in new standards such as ISO/IEC 27018 – the first global standard for cloud privacy, which we were the first major cloud provider to support.

Our financial services customers benefit from these standards because they include important controls for business continuity of the service, as well as critical privacy and security requirements that regulators expect us to provide to protect customer data. On top of that, we have built a risk assurance and transparency compliance program that gives our financial services customers additional oversight into the management and control of our services, which is a key requirement for them within their own regulatory frameworks.

Along with these world-class compliance, security, privacy and control capabilities comes a fundamental assurance to financial institutions: When you entrust us with your data, we will take care of it.

Transparency and oversight to meet regulatory requirements

Assurances only go so far, especially when dealing with highly sensitive financial information and regulatory requirements. For these reasons and more, Microsoft provides transparency into our cloud platforms and services — not only for customers, but also for regulators.

Initially created two years ago and now publicly available, our Financial Services Compliance Program allows financial industry stakeholders to deeply examine our cloud systems, services and processes. It includes access to third-party audits, risk management practices, data handling and security policies, penetration testing reports, security incident reviews, threat evaluations, and any information that is critical for compliance.

Transparency is essential for a healthy risk assurance program, and trust can only be built with appropriate oversight of our services.

Trust and momentum

Several hundred of the world’s leading banks now place their data in Microsoft’s cloud services. Not just for productivity and collaboration, but also for workloads including risk analytics, financial modeling, software development and testing, claims and billing, and other core applications.

As you consider cloud deployments and evaluate your options, we are here to help. Not only with the technology, but also to share some of our experience on addressing your legal, compliance and regulatory obligations.

To learn more about Microsoft cloud services, visit microsoft.com/cloud.