Cloud services utilization in Pension Insurance business
Keskinen, Sami (2022)
2022
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022120426283
https://urn.fi/URN:NBN:fi:amk-2022120426283
Tiivistelmä
This work was conducted to research and clarify how different types of cloud services can be securely utilized in the Finnish Pension Insurance sector business while complying with different regulations, guidelines and related best practices. The goal was to provide security, compliance and continuity guidelines for enabling further digitalization and agility in the development of new digital services that are utilizing cloud-based services. As an example, these services include new modern digital services for employers to help them manage their data in pension insurance systems. This work is intended to enable advancements in cloud-based digitalization services while maintaining strict requirements for security, compliance and business continuity.
The research was carried out by studying the related regulations and best practices for the Pension Insurance sector which is a further part of the finance and insurance sector. The key background material consisted of Finnish and European finance and insurance sector guidelines accompanied by different cloud service providers' best practice documentation and technical guidelines. This documentation formed the basis of the theoretical study of the work which was the body for further guidelines and conclusions on the subject. During the process, the cloud services risk evaluation and mitigation plan was updated on the basis of the analysis.
The scope of this study covered the Pension Insurance field, a sub sector in the Financial Services industry, while concerning also other regulated industry, in Government sector guidance and supportive material. The cloud platform service providers in scope were major hyperscaler cloud service providers, especially Google Cloud and Microsoft Azure. The key findings of this study can also be applied to other major hyperscaler cloud platforms like Amazon Web Services (AWS).
The key findings of the thesis indicate that it is possible to adopt and utilize cloud services securely in Pension Insurance related digital services while complying with regulative and legislative guidelines and requirements. However, the utilization requires proper risk analysis, management and control mechanisms in place. It also demands investing in the technical and architectural knowledge of cloud governance, security best practices, technical controls and policies, configuration hardenings and strategies that relate to cloud exit, disaster recovery and business continuity.
The research was carried out by studying the related regulations and best practices for the Pension Insurance sector which is a further part of the finance and insurance sector. The key background material consisted of Finnish and European finance and insurance sector guidelines accompanied by different cloud service providers' best practice documentation and technical guidelines. This documentation formed the basis of the theoretical study of the work which was the body for further guidelines and conclusions on the subject. During the process, the cloud services risk evaluation and mitigation plan was updated on the basis of the analysis.
The scope of this study covered the Pension Insurance field, a sub sector in the Financial Services industry, while concerning also other regulated industry, in Government sector guidance and supportive material. The cloud platform service providers in scope were major hyperscaler cloud service providers, especially Google Cloud and Microsoft Azure. The key findings of this study can also be applied to other major hyperscaler cloud platforms like Amazon Web Services (AWS).
The key findings of the thesis indicate that it is possible to adopt and utilize cloud services securely in Pension Insurance related digital services while complying with regulative and legislative guidelines and requirements. However, the utilization requires proper risk analysis, management and control mechanisms in place. It also demands investing in the technical and architectural knowledge of cloud governance, security best practices, technical controls and policies, configuration hardenings and strategies that relate to cloud exit, disaster recovery and business continuity.