There is no industry that cloud technology is not upending – and for good reason. Only cloud native technology, like Vault Core, enables banks to build the next generation of financial services. It also mitigates the high costs and overheads associated with legacy systems, and sets the bank up for growth. But before availing themselves of these benefits, banks must begin the process of adoption and migration.
The route a bank takes to the cloud depends on their specific needs. One method for deploying Vault Core is to access it directly from the cloud: a software-as-a-service (SaaS) delivery model. Industry analysts estimate that the SaaS market will grow by more than 20 per cent annually, and Gartner forecasts end-user spending on public cloud services to grow 23.1% this year.
There are numerous benefits to SaaS as a delivery model – and, naturally, its rapid growth is giving rise to much change in industry regulation. Regulators and auditors are responding by implementing new IT governance standards, with a greater focus on network and user security and data protection measures.
Whether our clients take Vault Core as a SaaS, or deploy it on the cloud host of their choice, we have developed the tools and practices to ensure compliance at the highest level.
The security challenges inherent to software-as-a-service
The nature of SaaS offerings means that a number of underlying risks, specifically related to IT and security, need to be considered. The key risks that affect SaaS solutions broadly fall into these three categories:
- Data security risks: Ensuring that there are technical safeguards in place to ensure confidentiality, integrity and availability of data
- Regulatory and compliance risks: Adhering to mandatory requirements and regulations around data protection and privacy laws
- Business and operational risks: Having controls in place for service performance, business continuity and third party outsourcing requirements
Prioritising SaaS compliance across the globe
We take proactive measures to ensure that our product complies with all applicable industry laws and regulations. We conduct in-house country regulatory reviews and compliance assessments to identify the emerging requirements, regulations, laws and standards within the information technology and financial services industry – spanning across different countries and jurisdictions. This ultimately adds value to our clients by not only meeting their expectations but also by reducing any operational and audit costs.
Upholding the highest levels of data integrity and security
Every bank is heading in the direction of becoming a data-centric organisation. Banks build great products that their customers love by harnessing the power of data with advanced analytics. That said, data storage and management is complex and requires a strict set of governance processes and controls.
We ensure that we have the highest standards around controlling our clients’ data:
- Thought Machine is ISO 27001 certified, which is an international standard that lays out the specifications for implementing an information security management system (ISMS). This certification lays the foundation for our security program and policies and demonstrates that the right controls for an effective information security framework are in place.
- We’ve achieved SOC 2 Type 2 accreditation, which demonstrates that our internal controls and systems are secure and available for operation. Our information is also confidential and private – ensuring that our clients’ information is protected and managed to meet their objectives.
- In addition to General Data Protection Regulation (GDPR), which sets out requirements for how personal data is held and processed, we comply with all relevant data protection laws in the countries we operate such as Singapore, Australia and the US.
- We ensure that our governance framework adheres to any outsourcing expectations for a critical and important service provider, such as the European Banking Authority (EBA) Guidelines on Outsourcing Arrangements, The Australian Prudential Regulation Authority (APRA) Prudential Standards and Monetary Authority of Singapore (MAS) Guidelines on Outsourcing.
As Thought Machine continues to grow and launch new products and extend its SaaS offering to different countries, the company is expanding its certification footprint to not only meet, but also to exceed, industry standards. We regularly assess and identify the relevant certifications and standards that we should achieve and implement our controls based on the highest benchmarks.