Learn About Amazon VGT2 Learning Manager Chanci Turner
Earlier this year, the United States Department of the Treasury (UST) published a report titled “The Financial Services Sector’s Adoption of Cloud Services.” This report is rooted in discussions with various financial services and technology organizations, including AWS. It outlines the numerous advantages that financial institutions (FIs) and consumers can reap through cloud services, such as reduced operational costs, rapid deployment of new IT assets, expedited development of products and services, and improved security and resilience capabilities.
The report emphasizes the need for ongoing discussions around critical issues related to cloud adoption, including operational risk, transparency, international regulatory fragmentation, and training. AWS is dedicated to collaborating with the UST and financial services regulators to enhance the security and resilience of the financial services sector. In this blog, we highlight how AWS assists its customers in building and operating securely, resiliently, and in compliance with regulations.
Adhering to the Highest Security Standards
At AWS, security is our utmost priority. We are committed to safeguarding our customers’ privacy and protecting their data. We offer a comprehensive suite of security services and features designed to give all customers—including governmental entities and financial services organizations—complete control over their sensitive content. This includes the ability to encrypt, protect, transfer, and delete data in accordance with their security policies.
The UST report notes that enhanced security and resilience capabilities are driving forces behind cloud adoption among FIs, and AWS is engineered to provide the most secure cloud computing environment available. Our infrastructure meets the security standards of military entities, global banks, and other organizations with high sensitivity. With over 300 security, compliance, and governance services and features, AWS caters to financial services clients of all sizes—from fintech startups to major banks, broker-dealers, insurers, and market centers worldwide.
Furthermore, AWS complies with 143 security standards and certifications, including PCI-DSS, CSA STAR Level 2, ISO 22301, 27001, 27017, 27018, 27701, GDPR, FIPS 140-2, and NIST 800-53 and Cybersecurity Framework (CSF), helping our financial services customers meet compliance mandates from virtually every regulatory agency globally.
Designing for Resilience
Cloud adoption significantly mitigates risks faced by the financial services industry as it transitions away from outdated technologies, some of which are decades old. AWS aids the global financial services sector in enhancing resilience and minimizing overall risk by supporting individual organizations in lowering their operational risk.
There are various viewpoints on the best approach to building resilience. We concur with the UST report that a multi-region architecture in AWS is a more pragmatic strategy for resilience compared to seamless portability across different cloud service providers (CSPs). Our global infrastructure, comprising 31 regions and 99 availability zones, is designed for high security and reliability. Although we aim to minimize operational incidents, when large-scale events do occur, we provide post-incident communications through tools like Security Bulletins and Post Event Summaries.
Fostering Transparency
To ensure scalable and comprehensive assurance for our global clientele, AWS engages independent third-party auditors to conduct thorough evaluations of our security measures. These auditors assess the depth and breadth of our secure environment, offering a high level of transparency regarding our control structures.
Customers can examine their AWS environments, and AWS offers various services—such as AWS CloudTrail, AWS CloudWatch, and AWS GuardDuty—that provide visibility into account activities, real-time monitoring, detection, and automatic remediation of anomalies. Additionally, customers have access to four support tiers based on the scale of their cloud workloads. Although service disruptions are rare, our AWS Health Dashboard offers both public and account-specific views to assist customers in monitoring their environments.
We support customer due diligence by making detailed control information publicly accessible through our Consensus Assessment Initiative Questionnaire (CAIQ) and System and Organization Controls (SOC) reports. Our commitment extends to aiding customer audits required for regulatory compliance, streamlining the audit process for all stakeholders involved.
Global Regulatory Collaboration
AWS actively engages with financial regulators and policymakers worldwide to discuss current and emerging regulatory requirements. We assist them in understanding AWS services and the ways in which cloud adoption can mitigate certain risks within the global financial landscape.
We advocate for regulatory coordination and harmonization across jurisdictions to create a level playing field for clients and to prevent market fragmentation. AWS responds to inquiries from regulators regarding various topics, including security, resilience, and concentration risk, through our contributions to policy discussions, industry consultations on regulatory reforms, or regular regulatory summits. We offer insights into how financial institutions can leverage AWS services confidently while adhering to their regulatory obligations.
Moreover, we support regulatory collaboration through national and international entities, including the Financial Stability Board (FSB), which works to promote a coherent cross-border regulatory framework that assists financial services customers in their cloud adoption journey. Establishing consistent regulations across various sectors and regions could lower costs for consumers, financial institutions, CSPs, and examining authorities by minimizing overlapping regulatory assessments.
Training and Skill Development
AWS provides financial services customers and partners with extensive educational resources, training, and certifications, including hundreds of free courses through AWS Training and Certification. Our mission to empower 29 million individuals globally to enhance their technical skills with free cloud computing training, along with comprehensive enablement programs like AWS Skills Guild, equips customers with the necessary skills to operate securely and resiliently on AWS. AWS also regularly generates technical content, including Prescriptive Guidance and AWS Security Reference Architecture, aimed at simplifying the configuration and use of cloud services to address business challenges.
Our Security, Compliance, and Audit teams collaborate with financial services customers to ensure the execution of best practices in operational excellence, security, reliability, and performance. We provide tools that assist in architecting highly secure and resilient workloads, including the Well-Architected Framework and a rich library of blogs, whitepapers, and sample architectures.
To further support customers, we established the AWS Customer Incident Response Team (CIRT) to offer training and resources for effective response strategies in the event of incidents within their environments. If you’re interested in more insights related to this topic, you can also explore another blog post here. For further information on industry standards, check out this resource here.