By Dervish Tayyip, Assistant General Counsel, Microsoft
It has been approximately seven years since the financial crisis exploded and began to cascade across the globe like an unpredictable tsunami. Today, many financial institutions have made significant strides to recover but many are struggling to generate sustainable organic growth, return to pre-crisis profit levels and consistently deliver shareholder value. Impacting this new industry landscape are emerging trends such as digital technology and rapid-fire changes in customer preferences. These trends are not only threats but also opportunities – both for new entrants who are digitally oriented disrupters and for full service financial institutions looking to revamp their business models – or some parts of their organization – by reimagining operations to better meet changing customer needs.
One of the most potentially impactful technologies capable of supporting such transformations towards greater agility and innovation is cloud computing. However, regulatory requirements mean that financial institutions not only need transparency into, and control over, how a cloud service is operated but they also need to have one hand on the metaphorical steering wheel. This was evident last week at the Data Protection & Privacy in the Financial Services Sector conference in London, where I had the opportunity to discuss some of the legal and regulatory issues that the sector is grappling with in the move to cloud services.
That’s why at Microsoft we provide a high degree of transparency as to how our cloud services operate via the notion of the Trust Center, where we set out in detail how a service monitors and safeguards data, how it combats emerging threats, how it addresses compliance needs and provides real time data as to availability and changes to the service. But we also understand that in order to undertake an effective risk-assessment and to monitor and supervise the service on an on-going basis, a financial institution may need greater access to information as well as insights into operational risks. To address this, we have a specific program dedicated to providing our financial services customers with access to audit webcasts, summary penetration testing reports, Microsoft subject-matter experts and external auditors, as well as an opportunity to examine control frameworks and other service details.
We also understand that organizations want to have full control over access to their content stored in cloud services. That’s why we recently announced Customer Lockbox for Office 365, a new capability designed to provide customers with unprecedented control over their content, particularly in the very rare instances when a Microsoft engineer may need access to a customer’s content to resolve a given issue.
Crucially, we also provide our customers with the ability to influence how the service evolves and develops in the future, such as formal channels for providing feedback on potential changes to certifications, for making suggestions for additional controls in future audits and for recommending additions to audit scope.
These offerings are unique in the industry, and we are continuing to invest heavily in security, privacy and compliance capabilities to ensure Microsoft’s is the most trusted cloud, even in the most regulated sectors.