Fintech Open Source Foundation (FINOS) Announces Standards Describing Consistent Controls for Compliant Cloud Deployments

The Fintech Open Source Foundation (FINOS), the foundation of open innovation in financial services and part of The Linux Foundation, announced that FINOS Common Cloud Controls (FINOS CCC), “a set of open standards that describes consistent controls for compliant cloud deployments in the financial services sector, is now open sourced through FINOS under the Community Specification License.”

Built upon the approach developed by FINOS Platinum member Citi and “following the formation phase which started in July, FINOS CCC is officially open for participation and contribution at github.com/finos/common-cloud-controls.”

FINOS Common Cloud Controls creates “a unified set of cybersecurity, resiliency, and compliance controls for common services across the major cloud service providers (CSPs).”

In developing a unified taxonomy of common services and associated threats, the project also sets out to “alleviate the systemic risk of cloud concentration within the financial services industry.”

The launch of FINOS CCC was “announced during a panel at Money 20/20, featuring speakers from FINOS, Google Cloud, Goldman Sachs, and BMO.”

This comes on the heels of the projects’ three month formation phase, “where FINOS members, including more than 100 participants from 20+ financial institutions, cloud service providers, technology vendors, industry associations, and regulatory bodies were invited to start shaping the open standard’s roadmap to ensure broad representation of all constituents involved in the shared responsibility model.”

Gabriele Columbro, Executive Director of FINOS and General Manager of Linux Foundation Europe, said:

“The financial services industry pace of cloud adoption has been drastically accelerating for some time now, yet there has been no truly open standardization in the risk mitigation approach when it comes to cybersecurity concerns, cloud vendor lock-in, and response to regulatory inquiries, until now I am incredibly excited this project has already attracted some of the most relevant names in the industry, under openly governed workstreams that bring together financial institutions, cloud service providers, and technology vendors to address systemic issues with cloud security and concentration.”

During the formation of FINOS Common Cloud Controls banks, tech firms, and cloud experts joined forces to “redefine how common cloud services are provided to the financial services industry.”

As part of the initial delivery phase, the National Institute of Standards and Technology (NIST) is consulting on “the use of NIST’s OSCAL to enable the standard to be consumed and extended by FINOS contributors.”

Additionally, FINOS CCC created “the Taxonomy and MITRE ATT&CK Framework working groups to ensure FSI cyber security cloud experts collaborate to mitigate financial services cloud threats across services described in a common cloud service taxonomy created in conjunction with banks and cloud service providers.”



Sponsored Links by DQ Promote

 

 

Send this to a friend