Engineering a financial services cloud built for the fast-paced world of modern finance 

IBM in partnership with Bank of America embarked on a journey to implement a best in class Financial Services (FS) Cloud to help clients mitigate risk and accelerate cloud adoption for their most sensitive workloads. But Bank of America required that a unique set of security controls be included into the FS Cloud baseline, adding a layer of complexity to IBM’s already challenging compliance posture, as IBM is required to juggle numerous US and international controls. Satisfying Bank of America’s unique security controls also required creative reengineering to implement security solutions without increasing costs.

When working with IBM, 38North harmonized the new requirements from Bank of America across all of IBM’s required controls. As a result, based on the NIST control set, a derived standardized set of controls captured all US and international requirements in a single view for IBM’s compliance and engineering teams. 38North then conducted an abbreviated gap analysis against this derived control set to understand changes IBM might need to make to bring FS Cloud into compliance with Bank of America’s security controls. After that gap analysis, 38North advised on engineering and security process changes to help IBM meet its consolidated security requirements efficiently.

38North delivered a consolidated control set, standardized on the NIST controls, that efficiently captured and communicated all of IBM’s US and international security requirements. To comply with Bank of America’s requirements, advisory support was also provided to IBM while developing several onboarding models to rapidly bring in new financial sector clients.

Challenges

  • Bank of America required the application of unique security controls for IBM’s Financial Services Cloud.
  • These new controls required unique technical solutions that satisfied these security controls without undermining compliance with the other frameworks IBM had to address.
  • IBM had challenges deploying its solutions into a financial services-ready cloud environment as this was one of the first dedicated cloud environments for financial services. 

Solutions

  • Cloud Security
  • Security Engineering
  • Security Compliance
  • International Compliance

Results

  • A consolidated, simplified compliance view based around a single set of standardized controls that still captured all IBM’s diverse requirements.
  • Satisfaction of Bank of America’s additional security requirements.
  • Helped create multiple onboarding models to rapidly and securely bring new clients into the FS Cloud fold, based on those clients’ unique financial requirements.