IBM Cloud for Financial Services® has been designed with the exacting needs of the world’s largest and most complex organizations in mind. It draws on all the data data-protection security capabilities and services built into the IBM public cloud, allowing it to be used for mission-critical workloads and highly sensitive data. IBM offers an enterprise-grade public cloud with extensive service-deployment options—such as VMware and Red Hat® OpenShift® as a service—and is equipped to meet the specific requirements of financial services.
Zero trust: Built-in security across network, identity, endpoints and applications
Included within IBM Cloud for Financial Services are core technologies for managing security risk and regulatory compliance with a data-centric, zero trust approach.
View all chapters
End-to-end encryption with extensive control
Our financial services cloud also offers an industry-leading key management approach that technically gives clients exclusive control of their data. Not even IBM can access it.¹ IBM Cloud® Hyper Protect Crypto Services enables cloud data encryption in a dedicated cloud hardware security module (HSM). The service offers technology like Keep Your Own Key (KYOK), a single-tenant key management service, which has key-vaulting provided by dedicated, user-controlled HSMs and that’s designed to support industry encryption standards, such as Public-Key Cryptography Standards (PKCS) #11. It’s also the only cloud service in the industry built on FIPS 140-2 Level 4-certified hardware. At this security level, the physical security mechanisms can provide an envelope of protection around the cryptographic module with the intent of detecting and responding to unauthorized attempts at physical access.
With this type of data protection, the client is the only party that governs and controls access to their private data. These capabilities can be game-changing for the financial services industry that needs to adhere to strict regulatory requirements for data protection.
IBM Cloud for Financial Services draws on additional services built into the IBM public cloud that also allow it to be used for mission-critical workloads and sensitive data.
Workload-centric security by default
Each workload requires various access and security rules. IBM enables organizations to define and enforce such guidelines by way of integrated container security and DevSecOps for cloud-native applications with Red Hat® OpenShift® as a service.
Multi-Zone Regions (MZRs)
Clients can leverage the underlying capabilities of IBM Cloud for Financial Services to enhance business resiliency and disaster recovery. MZRs comprise multiple high-speed, low-latency, interconnected Availability Zones that are independent from each other to help limit the impact of single-failure events to a single Availability Zone, only. They enable financial institutions to locate workloads in specific geographies to fit their needs.
Logging and auditing rules
SaaS and ISV providers are required to log all actions taken through the cloud portal, API or command-line interface to be recorded in detail using IBM Cloud® Activity Tracker. This provides standard logging of activity on systems and services and full-session recording of exactly what actions operators take. This information is centrally stored and analyzed. The logging process is auditable to enable tracing of all steps, including logging both successful and unsuccessful events, and gives role-based protection at all points of intervention. The access logs are stored along with time stamps to assist analysis and forensics.
Endnote
1. Based on IBM Cloud Hyper Protect Crypto Services, the only public cloud service in the industry built on FIPS 140- 2 Level