True title: Financial institutions told to get their house in order before the next CrowdStrike strikes
"Soon, many financial institutions in the UK will be forced by the FCA to become resilient to these kinds of events. The regulator's rules (PS21/3) governing third-party events like CrowdStrike's, requiring in-scope organizations to implement robust business continuity measures that mitigate the worst impacts of incidents like IT outages, came into force in March 2022. The deadline to become compliant – March 2025 – is fast approaching."
Some regulators already know this - for example, EU's Digital Operational Resilience Act (DORA) requires identifying critical service providers like the public cloud providers and ensuring an exit plan. Azure would certainly be in scope for many institutions.
The UK PRA and Singapore's MAS have similar guidance. Often these are related to third-party risk management and/or outsourcing.
True title: Financial institutions told to get their house in order before the next CrowdStrike strikes
"Soon, many financial institutions in the UK will be forced by the FCA to become resilient to these kinds of events. The regulator's rules (PS21/3) governing third-party events like CrowdStrike's, requiring in-scope organizations to implement robust business continuity measures that mitigate the worst impacts of incidents like IT outages, came into force in March 2022. The deadline to become compliant – March 2025 – is fast approaching."
at some point the regulator is going to realise running everything on Azure is a planet sized concentration risk
hopefully before everything has decamped
Some regulators already know this - for example, EU's Digital Operational Resilience Act (DORA) requires identifying critical service providers like the public cloud providers and ensuring an exit plan. Azure would certainly be in scope for many institutions.
The UK PRA and Singapore's MAS have similar guidance. Often these are related to third-party risk management and/or outsourcing.