As financial institutions migrate to cloud, they must focus on a number of areas when designing a proper migration strategy. Many concentrate solely on economics or security, but for anyone who is regulated or just well managed, a review of the GRC framework should be a priority. Failure to address this critical area in the initial planning stages can create a much slower migration path and make it difficult to build appropriate GRC capabilities into technical designs later on. The most significant challenge for any organisation is admitting the need to do things differently. No matter how well the business is managed outside the cloud environment, the people, processes and technology affected by the migration require an objective review of current controls.
Download the Amazon Web Services feature Cloud risk management requires a shift to the continuous compliance mindset