Question

Discuss international regulations and control. How cloud computing is going to affect rules and regulations? Discuss one or two concerns you have using the cloud services.

Answer 1

QUESTION) Discuss international regulations and control. How cloud computing is going to affect rules and regulations? Discuss one or two concerns you have using the cloud services.

ANSWER) INTERNATIONAL REGULATIONS AND CONTROL

1.NIST(National Institute of Standards and Technology)

What it Regulates  
This framework was created to provide a customizable guide on how to manage and
reduce cyber security related risk by combining existing standards, guidelines,
and best practices. It also helps foster communication between internal and
external stakeholders by creating a common risk language between different industries.

2.CIS Controls(Center for Internet Security Controls)

What it Regulates
Protect your organization assets and data from known cyber attack vectors.

3. ISO 27000 Family (International Organization for Standardization)

What it Regulates
This family of standards provide security requirements around the maintenance of
information security management systems (ISMS) through the implementation of
security controls.

4. ISO 31000 Family (International Organization for Standardization)

What it Regulates
This set of regulations governs principles of implementation and risk management.

5. PCI-DSS(Payment Card Industry Data Security Standard)

What it Regulates
A set of 12 regulations designed to reduce fraud and protect customer credit card information.

6. GDPR(General Data Protection Act)

What it Regulates
This regulates the data protection and privacy of citizens of the European Union.

CLOUD COMPUTING AFFECTING RULES AND REGULATONS

The rise of big data and the cloud was supposed to make distributing applications
and data easier for global banks and other financial services players. A key benefit
was to have a single location from which to run applications and store data, making
the process cheaper and easier. With the influx of regulations coming into fruition
however, the process, and consequently its desired outcome, have had to shift. As a
result, banks will need multiple environments based on country or regional requirements,
or to implement a hybrid cloud approach, to facilitate the storing of their data.

From a data perspective, the goal of the cloud is data globalization, where users are
given access to a golden copy of data regardless of where they are located. However,
in reality, due to the obstacles being imposed by many countries, data localization
occurring instead.

Such developments have caused uncertainty around the quality and accuracy of the data.
This in turn reduces its credibility and raises questions over the cloud’s ability to
thrive in a sector which continues to become ever more regulated.

Importance of personal data
By default, data protection and privacy regulations are supposed to create tight controls
on flows of personal data outside their respective countries through requirements such as
data centers, which need to be located inside each country.

However, this fails to recognize that the physical location of the data has no inherent
impact on privacy or security. For example, if a bank is subject to European laws such
as GDPR, then the privacy risks of storing Europeans’ data inside the EU are no less than
those of storing it outside. The bank would still have to treat the data according to the
rules of GDPR. This creates inefficiencies in technology infrastructure.

The role of AI
Regulations which lead to data localization will come at a significant cost in terms
of stifled innovation and productivity for global banks that are actively pursuing
machine learning and artificial intelligence (AI) capabilities to boost productivity.
This is because for machine learning and AI to be successful, organizations need access
to vast amounts of data. Regulations that overly control the use of data, in effect,
shackle AI. The core economic value of AI lies in its ability to automate complex
processes, de-risk data environments, and increase the quality of the data output.
The act of localizing data will make it much harder for the banks to reap the
benefits promised by AI.