What is the FINOS Common Cloud Controls Project?
FINOS Common Cloud Controls (FINOS CCC) is the codename for an open standard project, originally proposed by Citi and currently undergoing formation in FINOS, to describe consistent controls for compliant public cloud deployments in the financial services sector.
This standard is a collaborative project which aims to develop a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers (CSPs).
By developing a unified taxonomy of common services and associated threats, the project also sets out to alleviate the systemic risk of cloud concentration, an issue highlighted in recent reports from the U.S. Department of the Treasury, the UK HMT, the European Council, and the Monetary Authority of Singapore.
Why is this important?
A cloud control standard is urgently needed to enhance security and governance protocols in the financial services sector, as well as to streamline and universalize access for all institutions to efficiently utilize the public cloud. Cooperating amongst financial services peers and CSPs is crucial to ensure uniformity across various cloud service providers, thereby enabling the industry to implement effective multi-cloud strategies.
Owing to the intricate nature and economic implications of this task, no single service provider, financial entity, or regulatory body can precisely outline what constitutes a compliant financial cloud deployment. The only viable path is through open engagement among stakeholders.
Moreover, from a security standpoint, by coordinating the measures specific to a service-oriented threat model, we can systematically apply controls that correspond to the actual threats we seek to neutralize.
How to get involved
The project is inviting participation from financial institutions globally, CSPs, fintech and technology vendors, industry associations, and regulators to ensure broad representation of all constituents involved in the shared responsibility model.
Fill out the form below to register your interest in participating in the FINOS Common Cloud Controls project.