A practical guide to help Swiss banks move to the cloud
High priority must be attached to the confidentiality and security of the data
The Swiss Bankers Association provides a set of best practices guidelines and recommendations designed to inspire Swiss banks to migrate their data to the cloud.
The Swiss Bankers Association (SBA) is convinced that banks can benefit from moving to the cloud in many ways.
August Benz, Deputy CEO of the SBA, emphasizes on the fact that “With cloud computing services, a bank doesn’t need to invest so much in expensive IT infrastructure anymore. At the same time, they can benefit from the high-performance hardware computing speed that specialist service providers have to offer.”
This is why the umbrella organization of the Swiss financial center has published a set of recommendations designed to guide banks wishing to migrate their data to the cloud. This guide is presented as a “non-legally binding aid to interpretation” and is the result of discussions between institutional members of the SBA, audit firms and cloud providers.
Important: choosing providers and subcontractors
The SBA Cloud Guidelines offers recommendations on choosing cloud computing providers and their subcontractors. Banks are advised to consider the provider’s ability to fulfill contractual obligations as well as its financial stability and the jurisdiction to which the provider is subject.
The guide states that “When choosing a cloud provider and its subcontractors, high priority must be attached to the confidentiality and security of the data as an integral part of the underlying due diligence. The bank should be informed in advance of a change of significant subcontractor.”
Anonymization, pseudonymization and encryption
The SBA points out that in order to maintain banking secrecy at all times, Swiss banks have decided never to store clients’ identification data or personal data abroad.
However, the SBA underlines that “If this principle were to be maintained absolutely, it would render use of the cloud impossible” and offers technical measures to protect clients’ data in the cloud: anonymization, pseudonymization and encryption.
Cloud security for the banking sector also relies on organizational measures (appropriate monitoring by the bank of the operational measures implemented by the provider and its subcontractors, auditing of the provider’s security and confidentiality standards).
Furthermore, contractual measures need to be taken, including a contractual agreement signed by the provider to maintain confidentiality.
The guidelines also offer clarifications regarding transparency and collaboration best practices between the institutions and the providers with regards to administrative and judiciary measures.
“With cloud computing services, a bank doesn’t need to invest so much in expensive IT infrastructure anymore. At the same time, they can benefit from the high-performance hardware computing speed that specialist service providers have to offer.”
A practical guide to help Swiss banks move to the cloud
The SBA Cloud Guidelines
40-page guide from the Swiss Bankers Association with advice on cloud strategy for Swiss banks.
Swiss Bankers Association (SBA)
