On 17 May 2017, the EBA published a consultation paper setting out draft recommendations on outsourcing to cloud service providers.
The recommendations are relevant to IFAs as they are intended to clarify the requirements when you adopt cloud computing. The recommendations address five key areas:
The security of data and systems. Among other things, the recommendations expand on the need for integrity and traceability. IFAC response: Bat is, you’ll be pleased to hear, on track with some views to see opposite and below
The location of data and data processing. firms should adopt a risk-based approach and implement adequate controls and measures, such as the use of encryption for data in transit, data in memory, and data at rest. IFAC response: All data in Bat is encrypted.
Access and audit rights. Guidance is provided on the right to audit. IFAC response: Bat is an open book if firms require an audit.
"Chain" outsourcing, where the cloud service provider sub-contracts elements of the service to other providers. IFAC response: This is the new big thing in Bat – the use of API to reach other firms such as defaqto-research, valuations from life offices and platforms and insurance quotes within the same software.
See below for some of the data we see in our eyeline on a daily basis. This gives indicators of spikes of activity. IF there is a hack, say, we will see the spike in real time. If Yahoo or BT had one of these in their offices in 2015 then they would have know about the hack much sooner and may have been able to prevent it.
IFAC give ongoing support