Financial institutions are moving to cloud, including for material and core workloads, at an ever-changing pace.
The dynamics of this shift to cloud include not only the need to innovate and keep pace with competitive pressures, but also the need to enhance operational capabilities and infrastructure. Those operational enhancements include the high resilience cloud computing offers, addressing the evolving external cyber threats, and maintaining strong governance and operational controls. With these dynamic changes, however, one thing remains constant: financial institutions will not use a provider they don’t trust, or that does not meet the specific regulatory requirements wherever they do business around the world.
At Microsoft, we have invested, and will continue to invest, in providing a rich set of capabilities across our cloud services to meet the high regulatory compliance bar in this complex and highly regulated vertical. Indeed, the changes occurring in moving critical workloads to the cloud means that customers and regulators are looking at cloud providers—as we become the critical infrastructure to the financial services ecosystem. We are prepared for, and will continue to make the required investments, so that the critical infrastructure we provide in support of the industry matches the high expectations financial services regulators and customers are expecting from us.
This becomes more central from a regulatory perspective as customers look for flexibility across their environments, including implementation and management of disparate systems, and hybrids, all within the context of a regulatory environment that can include a patchwork of different requirements in different jurisdictions. And while regulation itself rarely serves as a dynamic environment that keeps pace with innovation, we do see a rapid ascension of regulatory change that remains challenging to monitor, let alone address, as cloud adoption accelerates.
With this in mind, we work with financial services regulators deeply to share perspectives about cloud to address approaches in the modernization of regulation. This includes balancing the need for oversight and accountability in the use of cloud, enabling responsible innovation that fosters the growth of the financial system and, yes, provides for even stronger controls in our services to help customers manage and have assurance as part of lifecycle management in the use of our cloud services.
Microsoft’s commitment to cybersecurity
As cyber threats remain top of mind, including in the challenging geopolitical context, managing risk and Microsoft’s support in helping customers address this evolving landscape becomes even more pressing. First, Microsoft is making significant investments in addressing cybersecurity, with over USD20 billion in investments in addressing cybersecurity over the next five years. That investment will focus on five key areas:
- Protecting identity and endpoints for strong Zero Trust foundations.
- Modernizing security and defending against threats.
- Securing cloud infrastructure within and beyond Microsoft Azure.
- Protecting and governing sensitive data.
- Managing and investigating risk.
Our capabilities today cover a broad range of services including:
- Microsoft Sentinel: Microsoft Sentinel provides tools that make it easy to collect security data across your entire hybrid organization—from devices, users, apps, servers, and any cloud, then uses the power of AI to quickly identify real threats while eliminating the need to set up, maintain, and scale infrastructure.
- Microsoft Defender for Cloud: Defender for Cloud is a solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across your cloud configuration, helps strengthen the overall security posture of your environment, and can protect workloads across multicloud and hybrid environments from evolving threats. It includes Microsoft Secure Score to address configuration weaknesses and to upgrade a firm’s security posture (similar Secure Score capabilities are available for Microsoft 365).
- Compliance Manager: Helps organizations manage compliance requirements with greater ease and convenience as those requirements continue to expand along with the challenge of higher levels of scrutiny from financial services regulators.
- Compliance Program for Microsoft Cloud: A team of Microsoft experts dedicated to support an organization’s audit, third-party governance, and compliance teams in addressing financial services regulatory compliance.
Utilize Microsoft’s compliance resources to navigate the regulatory environment
We know, however, that with the changing landscape, so too comes regulatory change. Thus, we have made significant investments in upgrading and adding to our regulatory compliance checklists, for a total of 52 countries and regions globally, including primary markets in North America, Latin America, Europe, Middle East Africa, and Asia. These checklists are a navigational guide addressing the complex regulatory environment including: who are the regulators, what are the regulatory requirements for notifications and approvals for use of outsourcing, whether cloud is permitted, regulatory expectations in managing the use of cloud and ongoing oversight with a mapping to Microsoft Cloud services in meeting such regulatory requirements, including applicable contractual provisions that map to such requirements.
Coupled with our updated Compliance Program for Microsoft Cloud, these checklists are a hands-on resource for compliance and risk professionals to use when assessing our cloud services to such regulatory requirements in jurisdictions where they do business and intend to implement Microsoft Cloud services. Our compliance program, in addition, offers “white glove” hands-on engagement to support customers in addressing deeper regulatory compliance issues, including supporting them throughout their lifecycle management in the use of cloud from a regulatory compliance perspective. This includes addressing risk assessments, notifications and support on questions with regulators, and ongoing regulatory developments that may impact the use of cloud.
Our checklists and these updates are one important resource and continued investment we have made and will continue to make to support our customers in navigating the complexity of the regulatory environment. We will continue to monitor developments and adapt to meeting such changes, to support our customers, given the dynamic pace of innovation, and regulatory change that remains ongoing. In all of this, Microsoft’s partnership with our customers throughout their cloud journey is at the core of what we do to help the industry transform and innovate in this constant environment of dynamic change.
Discover more about the Compliance Program for Microsoft Cloud and contact your sales rep for more details about signing up.
- Microsoft Industry Clouds website
- Microsoft Cloud for Financial Services website
- Microsoft Security & Compliance Tech Blog
- Microsoft Security on Twitter
- Microsoft Community on Twitter