- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
Warning, this is a story that might sound familiar.
The frustration on the chief technology officer’s (CTO) face was palpable. One year prior, the $50 billion financial institution he worked for announced it was going “all-in” on the cloud to save costs and become nimbler. The CTO assumed the cloud was “just another data center,” and his teams approached their architecture and governance efforts accordingly.
His organization tried to implement security controls with the same set of operating models, architectures, practices, and tools that were used in its physical networks. The company experienced regulatory requirement delays and audit setbacks and was mired in compliance black holes, security red tape, and governance stagnation. With this approach, spinning up a computing instance was slower than racking and building a physical server in the data center it left.
Fortunately, the financial institution was able to turn its situation around—when the CTO made a mindset shift from a process-focused approach to a capability-based approach.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.
A panel of cyber experts and a chief compliance officer in financial services discussed the business risks, threat vectors, and vendor ‘gotchas’ associated with transitioning to a cloud provider at CW’s virtual Cyber Risk & Data Privacy Summit.
The Treasury Department issued a report regarding the benefits and challenges associated with the use of cloud service providers by financial sector firms, finding shortcomings related to transparency, staff support, and cybersecurity incident response.
Data governance has become a key concern for companies, especially when the EU AI Act and General Data Protection Regulation have put a premium on handling data responsibly and ensuring that artificial intelligence does not cause harm.
The era of artificial intelligence adoption is testing the old ways of doing compliance, underscoring the need for continuous monitoring. Compliance isn’t a one-and-done activity, but sometimes organizational incentives and goals fail to prioritize the importance of this.
While companies are exploring and building artificial intelligence technology, lawmakers and regulators are trying to identify what ground rules they need to set. These guardrails are what companies and governments alike believe are essential parts of ensuring safe and responsible use of the technology.
