Fintech Open Source Foundation Announces Open Standard Project For Common Cloud Controls
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
The Fintech Open Source Foundation (FINOS), the foundation fostering open innovation in the financial services industry, has announced the creation of an open standard project inspired by Citi. The project describes the consistent controls needed to sustain compliant public cloud deployments within the financial services industry.
FINOS announces open standard project for common cloud controls
The collaborative project seeks to create a unified set of controls that will boost resilience in the cybersecurity and compliance industry. This project will also create a unified tax economy comprised of common services and other threats. By doing this, it will reduce the systemic risk of cloud concentration.
This project was proposed by Citi, and it was approved by the FINOS Governing Board this month. The project has attracted the participation of over 20 FINOS Member companies globally, such as Bank of Montreal, Citi, Goldman Sachs, JPMorgan, and Morgan Stanley, among others.
This project will commence at the formation stage in August before becoming available under a Community Specification License that will be issued later this year. The executives at Citi believe that a Cloud Standard will boost the security and control measures present across the financial service industry while making access simple and accessible to all institutions.
“It is important to collaborate with our peers to ensure consistency across cloud service providers, ensuring the industry can realize true multi-cloud strategies,” said the Chief Technology Officer and Head of Technology Infrastructure at Citi, Jim Adams.
Open collaboration to meet an apparent need
The Executive Director of FINOS, Gabrielle Columbro, said that the challenge in question was complex and it was becoming increasingly difficult for vendors, financial institutions and regulators to define what it means to maintain compliance in financial cloud deployment.
Columbro opined that the way forward involved open collaboration, which is why the platform was excited to see many members at FINOS rallying around the project. The executive also said that the project had the potential to emerge as one of the most valuable initiatives within the open-source community and the entire industry.
Citi executives also said that this solution helped create controls that were tailored toward a particular threat. These compliance controls could be aligned to a threat model focused on a particular service, therefore fostering a consistent implementation of controls that highlight the actual threats that these companies needed to mitigate.
The open standard is also expected to improve on the existing efforts that are already in place, such as OSCAL by NIST and the MITRE ATT&CK framework. It will also add to the Compliant Financial Infrastructure project by FINOS to create taxonomies.
The project will build taxonomies across common cloud services, common threat techniques and the associated mitigations, logical control descriptions, and data flow diagrams that are specific to cloud services. As such, there was a need to understand the common attack vectors in the service.
This project is also inviting the participation of financial institutions globally, regulators, and players across different industries. The move would guarantee there was a massive representation of the involved constituents.
