Here are some of the great questions (with answers) that were posed during Day 1 of the IBM Cloud for Financial Services study jam!
How do you adapt compliance reporting to regulator requirements?
There is an IBM subsidiary, Promontory, which has a team who has reviewed the Financial Services Regulations in North America, the European Union (EU), several country specific regulations in Europe as well as in the Far East. They match these to the FS Cloud Control Framework to ensure the Framework stays current and stays in line with major regulations.
Does the IBM FS Cloud provide 4 9's SLA's?
Yes, the IBM Cloud for Financial Services can meet 99.99% SLAs. However, to do so, you will need to architect and deploy your solution accordingly, using the services available. This includes deploying services over multi-zone regions, including the replication of data, for example.
What does GRC stand for?
"Governance, Risk, and Compliance"
For client's data migration to IBM Cloud for FS environment, what data security controls are put in place? Data encryption? What are the actual data migration services/options that are available for clients to use?
It's important to consider the 3 primary areas where data can be exposed, in-transit, at-rest, and in-use (memory). For data security "controls", investigate the NIST 800-53 "SC" or Systems Communication Protection controls family which addresses this. The actual services involved include (but not limited to) Hyper Protect Crypto (HPCS) cloud HSM, KeyProtect, Hyper Protect Virtual Machine, and Hyper Protect Database as a Service.
Do IBM Cloud and IBM Cloud for Financial Services share same data centres? If yes, how are the general workloads segregated from the FS workloads? Does the hypervisor layer do this?
Yes they do share the same data centres. It's important to note that IBM Cloud for Financial Services isn't a physically separate Cloud from IBM Public Cloud – rather, it's a program on top of IBM Cloud that includes the control framework, implementation of the framework for Cloud services ("FS Validated"), various reference architectures, and a Financial Services validated ISV ecosystem.
Has FS Cloud been approved the UK regulators and which other global regulators have approved the use of IBM Cloud for Financial Services?
IBM Cloud for Financial services is not 'approved' for use by individual regulators. There are literally hundreds of Financial Services Regulators across all the countries where IBM does business, and it would be impractical for FS Cloud to try and get a formal "stamp" of approval from each one.
Compliance posture involves more than just the Cloud platform and reference architectures. Many of the NIST controls (and other compliance frameworks) involve operational elements or other internal practices which the Cloud consumers must implement. The IBM Cloud for Financial Services provides the necessary tools to enable our customers to successfully evidence to their regulators, especially for the bits that are typically outside of a customer's control in a public Cloud ("below the line").
Can we say any application migrated to the IBM Cloud for Financial Services needs modernization if it doesn't meet security and regulatory compliance? If so, does IBM lead those efforts and charge to the customer? Does IBM allow customers to migrate a non-compliant application to IBM Cloud for Financial Services?
First of all, IBM doesn't deny a customer workload access to the IBM Cloud for Financial Services based on insufficient security controls, however we will raise any concerns we have about compliance to standards or regulations as part of a workload assessment. It's the customer's responsibility for their applications to meet regulatory compliance, where it is needed and IBM Cloud for Financial Services does not 'force' compliance (nor does it automatically make an application compliant) but we provide the tools needed by a customer to evidence compliance to their auditors. If an application does not meet the compliance standards required by a regulator, then the customer can engage with IBM services to help them meet compliance but this is not done automatically.
Are there benefits to lift n'shifting workloads to a cloud environment aside shutting down data centers?
There are lots of benefis beyond simply evacuating non-strategic data centers. These include the Cloud-enabled placement of workloads in geo's where a customer may not have a DC presence as well as being an enabler for refactoring legacy applications. Once you lift and shift to cloud, you can start incremental refactoring toward cloud native. An example here is leveraging DBaaS with a workload shifted to Cloud followed by creating microservices to enhance and replace a monolithic application.
Is IBM Cloud for Financial Services certification a scenario-based exam?
No, it features multiple choice questions based on the training and study materials.
------------------------------
James Belton
------------------------------
Original Message:
Sent: Fri June 10, 2022 10:15 AM
From: Myra Zeno
Subject: Study Jam Discussion for IBM Cloud Financial Services Specialty 2022
The study material is now available! Since IBM employees' training is tracked internally, there are a few areas where links for the material below differs depending upon whether you are an employee at IBM or not. Please use the appropriate links.
Let's use this thread to discuss and ask questions about the IBM Cloud for Financial Services Specialty certification and curriculum. You can ask questions for our subject matter experts and crowdsource answers too.
Be sure to share your certification journey on your social channels. Use the hashtags: #IBM #IBMCloud #ibmcloudcertified.
------------------------------
Myra Zeno
------------------------------