The Swiss Bankers Association has provided a set of best practice guidelines and recommendations, designed to inspire Swiss businesses to migrate their data to the cloud.
August Benz, Deputy CEO of the SBA, says: “With cloud computing services, a business doesn’t need to invest so much in expensive IT infrastructure anymore. And they can simultaneously benefit from the high-performance hardware computing speed that specialist service providers have to offer.”
The following guide is presented as a “non-legally binding aid to interpretation” and is the result of discussions between institutional members of the SBA, audit firms, and cloud providers.
Important: choosing providers and subcontractors
The SBA Cloud Guidelines offer recommendations on choosing cloud computing providers and their subcontractors. Companies are advised to consider the provider’s ability to fulfill contractual obligations as well as its financial stability and the jurisdiction to which the provider is subject.
The guide states: “When choosing a cloud provider and its subcontractors, high priority must be attached to the confidentiality and security of the data as an integral part of the underlying due diligence. The business should be informed in advance of a change of significant subcontractor.”
Anonymization, pseudonymization and encryption
The SBA says that in order to maintain secrecy at all times, Swiss businesses should avoid storing clients’ identification data or personal data abroad.
However, it underlines that “if this principle were to be maintained absolutely, it would render use of the cloud impossible” and offers technical measures to protect clients’ data in the cloud: anonymization, pseudonymization and encryption.
Cloud security relies on organizational measures (such as appropriate monitoring of the operational measures implemented by the provider and its subcontractors, and auditing of the provider’s security and confidentiality standards).
Furthermore, contractual measures need to be taken, including a contractual agreement signed by the provider to maintain confidentiality.
The guidelines also offer clarifications regarding transparency and collaboration best practices between the institutions and the providers with regard to administrative and judiciary measures.
“With cloud computing services, a company doesn’t need to invest so much in expensive IT infrastructure anymore. At the same time, they can benefit from the high-performance hardware computing speed that specialist service providers have to offer.”
A practical guide to help Swiss banks move to the cloud
The SBA Cloud Guidelines
40-page guide from the Swiss Bankers Association with advice on cloud strategy for Swiss companies.
Swiss Bankers Association (SBA)