The EDM Council, an industry association that focuses on data management and analytics best practices, recently announced a new framework for managing data in the cloud. Their Cloud Data Management Capabilities (CDMC) framework covers data standards, control and best practices for data in cloud environments. It was developed in tandem with industry practitioners and the major cloud services providers.
What is cloud data management?
Cloud data management is the activity of servicing an organization’s data needs using hosted storage, security, augmentation and access capabilities. Cloud data management is often adopted as part of an executive mandate towards outsourcing, digitization, automation, system modernization or platform simplification. With data no longer retained in on-site applications or databases at individual organizations, economies of scale make cloud data management more efficient. Services to backup, secure and move data are shared, as are the costs of the latest tooling and technologies for disaster recovery, virus and hacking prevention, data transfer and regulatory compliance across jurisdictions.
Why does the financial services industry need standards specifically for cloud data management?
The EDM Council already offers DCAM (Data Management Capability Assessment Model), a method to evaluate data management capabilities in a structured way. However, the adoption of cloud services by financial services firms has been hampered by lingering concerns about data security and governance, complexities around data access, the differing commercial practices of cloud services providers and the limitations imposed by cautious regulators and their desire to protect data sovereignty. The EDM Council and its members took a decision to create a best practices framework to address cloud data management challenges, in part to avoid re-inventing the wheel for each organization’s cloud migration program.
Importantly, with regulators wanting firms to avoid overdependence on a single cloud services supplier over a long period of time (perhaps echoing concerns with the risks associated with over familiarity with an audit firm over time), standards were required to assist portability, for example moving an application or function from one cloud services provider to another. The evolution of multi-cloud approaches in larger financial groups, i.e. using more than one cloud services provider within the organization, heightened the need for cloud data management standards to ensure ease of data flow and avoid the re-siloing of data within providers or the early and costly creation of cloud legacy systems. Additionally, cross border and cross jurisdiction data transfer controls continue to cause anxiety among regulators.
Why the Enterprise Data Management Council?
A challenge for financial services firms was that cloud services providers were naturally looking for stickiness, to tie their customers into using more of their services and, if possible, only their services. This is a natural commercial approach, but it meant that as a result of honing their unique service differentiators, standards were not common across providers and standard data controls were not automated within their cloud platforms. This in turn made each new instance more costly and complex to get up and running.
As a standards organization, of which GoldenSource is a founding member, the EDM Council, is ideally placed to bring all parties to the table, in this case a working group, and develop an industry-wide approach that is both workable and respected.
Practical implications of the CDMC framework
The Council, notably, emphasizes that the framework includes 14 automated controls aimed at protecting sensitive data. Data security, however, is not the only area of concern for financial services firms that want to use cloud resources to handle and manage their data. Cost savings are a big incentive, of course, but tracking data assets, ensuring collaboration, migrating to cloud, and implementing regulatory compliance measures for data in the cloud are just a few of the concerns to examine.
Data security in the cloud can loom large as a concern because you can’t see where your data is being stored or processed, which makes data operations riskier. Problems with system breaches, user authentication and hacking overall make it harder for those who are outsourcing to a cloud provider to trust in its security. The answer to this, for a firm that is committed to using cloud resources, is to evaluate the security capabilities of a potential cloud provider, and check whether the provider is keeping up to date on the latest security innovations and certifications.
Tracking data assets in the cloud means firms need to make changes in system configurations correctly, and also manage and track the cloud storage they are using. Firms need to be organized about what data applies to what group within their enterprise, so its use can be attributed, even if only for internal cost and budgeting purposes.
Making cloud migration successful
No single department or executive can ensure the success of managing data in the cloud by themselves. Companies need collaboration from their C-level executives supervising information, technology and infrastructure, along with operations managers, supervisors of specific products, finance departments, and engineering departments, including those responsible for how operations software is used.
While using cloud resources can present complications when it comes to regulatory compliance – firms trying to comply with security requirements may need disclosures from the provider that would violate the security of the cloud provider’s other clients – these can be addressed by “community audits.” Such audits, as explained in the last section of a report by the Program on International Financial Systems, a global research and training organization, can be conducted by all the users of a cloud provider together so that the users collectively learn how the provider complies with security or other regulations. This at least lowers the costs and redundancies for these audits.
Cloud computing is generally viewed as a cost-saver, but in some cases, using on-demand or scalable cloud resources can raise concerns about unexpected or uncontrolled costs being generated by a fragmented and uncoordinated user cohort. This can be prevented with careful permissions, usage monitoring, financial analytics and reporting efforts, detecting such cost issues so they may be addressed.
If these responses to the challenges of security, data tracking, collaboration, regulatory compliance and cost savings were not enough to ease any apprehension about using cloud resources for data management, policy advisors from the Institute of International Finance, a banking and investment trade association, point out a few more benefits of migrating to the cloud:
- Improving agility. Using cloud resources will promote innovation when it comes to making operations more agile and efficient, especially in IT administration, product development and budgeting resources.
- Mitigating risk. This applies particularly to lowering the risk around operational capacity, redundancy and resiliency.
- Global suitability. Cloud solutions tend to make national jurisdictions irrelevant, which in turn makes it easier for a company to operate globally.
- Coping with consolidation. Having data and records already in the cloud makes it easier to carry out a merger or acquisition.
- Opening business opportunities with start-ups. Start-up companies that are leaders in innovation tend to already use the cloud for data from the very beginning, so migrating to the cloud makes it easier to do business or collaborate with these companies.
- Cloud resources are more sustainable, and using them can improve your company’s ESG bona fides.
It remains to be seen how the EDM Council’s CDMC framework will be adopted and implemented on a project, product, platform and service level. It has the potential to alleviate concerns that hold financial firms back from migrating to cloud resources. Although there are many concerns about using cloud computing for data management, the CDMC framework offers structured standards and best practices for many of them.