Status | ||||||
---|---|---|---|---|---|---|
|
This page is now found on the Cloud Service Certification Wiki on GitHub
https://github.com/finos/cloud-service-certification/wiki
Project Charter
Mission
The mission of the Cloud Service Certification Working Group is to accelerate the development, deployment, and adoption of a common set of controls and tests for cloud services.
Business Problem and Opportunity
Cloud services controls and tests are used to demonstrate adherence with regulatory and internal compliance requirements mandated for financial institutions when using cloud services. The majority of cloud security incidents are due to misconfiguration; services are not secure by default, configuration is often complex, nuanced and difficult to validate. To some degree or another all financial institutions are re-inventing the wheel – institutions have similar control frameworks and each is trying to secure and stand up the same providers and services within the same regulatory frameworks.
Having robust controls and tests developed and in place removes a barrier to faster adoption of cloud services such as those provided by Amazon/AWS, Microsoft/Azure and Google/GCP, among others. Addressing this barrier will benefit both financial services IT departments, many of whom are looking to move more quickly to the cloud, and the providers themselves, who wish to sell more cloud services into financial institutions.
Controls for cloud service compliance afford banks no particular strategic or competitive advantage while also representing a task something all banks who look to deploy more applications onto the cloud needs to do, and as such are conducive to being developed together as part of the "public commons". The focused project and collaboration with other banks will increase the amount of controls produced and, it's expected, help increase the rate of adoption of cloud services.
Approach and Proposed Solution
The working group will produce multiple Cloud Service Certification artifacts (together forming one or multiple accelerators) that provide functional code that implements regulatory compliant configurations of cloud services with BDD tests to validate efficacy. The group review the artifacts for an accelerator and then gather feedback on process and content before iterating on additional services. A key part of the working group's approach will be to set quality standards across artifacts; members of all tiers can contribute to the project and ensure a common high level of quality is delivered and in less time. The group will also work with cloud service providers to produce more industry specific content and solutions.
Launch
- Kick off meeting to review existing artifacts and state outcomes and expectations which will include assignments of tasks.
- Hold biweekly (2 week interval) meetings to do show 'n tell and determine fitness. We will have this mailing list to communicate more frequently as well.
- Within 1 month (2 meetings) we will determine fitness of work and begin peer review if enough content is complete.
Group Information
Child pages (Children Display) |
---|
Mailing list: fdx-cloud-service-certification@finos.org (web archive)
Meetings
Schedule: Group meets every other Thursday at 10am ET / 3pm London.
Next meeting: August 29th @ 10am ET / 3pm BST.
- Webex: https://finos.webex.com/finos/j.php?MTID=me0b8e6061812f875505b0caaceac3321
Dial-in:
+1-415-655-0003 US Toll
+44-20319-88141 UK Toll
Access code: 662 732 581
Github Repository: https://github.com/finos-fdx/cloud-service-certification
Original Contribution JIRA:
Jira Legacy server System JIRA serverId e094b874-9a54-31ee-9f8d-4884bef69f3e key CONTRIB-33
Participation Requirements
None
Cloud Controls Certification Proposal from Jason Nelson, JPMorgan Chase, January 24th, 2019 (.pdf)
View file name 2019.2.19 - FINOS Cloud Certification contribution by JPMC.pdf height 250
Open Volunteer Roles
- Compliance Framework Mapping Role
- Cloud Service Certification Documentation Role
- Codified Controls Development Role
- BDD Test Case Development Role
- Peer Reviewer Role
- Cloud Service Effort Owner
Project Participants
Name | Organization | Role | Github ID |
---|---|---|---|
Jason Nelson | JPMC** | Chair | git-hub-forwork1 |
Jonathan Meadows | JPMC** | Participant | |
Gavin Manning | DB** | Participant | |
Colin May | Credit Suisse** | Participant | |
Astha Malik | Microsoft | Participant | |
Abdullah Garcia | JPMC** | Participant | |
Tais O'Dwyer | Participant | ||
Jonathan Hodgson | Morgan Stanley ** | Participant | |
Stuart Buckland | UBS** | Participant | |
Jonathan Altman | CapitalOne** | Participant |
(**) indicates FINOS member
Tip |
---|
The Working Group was approved by the PMC on 2019/02/26. |