In the summer of 2023, Russian deputies and senators

[tanjimajuha20]

Deputy Chairman of the Board of JSC Alfa-Bank Pavel Vysotsky stated at the InfoSpace information technology forum that banks are prevented from deploying private clouds by the lack of equipment and data processing centers (DPCs): "Public or hybrid clouds could be a solution to the problem. Hybrid clouds are when the entire application business would be banking, and the equipment and DPCs would be from an external cloud service outsourcing provider."

"There are such providers on mexico whatsapp resource the Russian market. But movement in this direction is limited by the regulator - the Central Bank, which does not allow confidential data to be transferred to the cloud and does not regulate the transfer of responsibility for the safety of data," said Pavel Vysotsky.

introduced a bill to the State Duma that removes legal restrictions on outsourcing of cloud services by financial organizations. Attracting contractors from the external market should help banks optimize costs for maintaining information infrastructure, according to the explanatory note to the bill.

In the fall of 2023, the relevant State Duma committees submitted recommendations to the bill. The Committee on Information Policy, Information Technology and Communications proposed, for example, strengthening the rules for working with personal data and requiring banks to request additional permission from clients to transfer their data to third-party organizations - there was no such requirement in the original version of the bill.

Read also

Data protection requirements for third-party cloud solutions will become more transparent
The State Duma Committee on Information Policy, Information Technology and Communications has proposed strengthening the rules for working with personal data of users of banking services in the event that they are stored by third-party cloud solutions. The current version of the bill provides for the transfer of data without the direct consent of users.

As a result, the State Duma of the Russian Federation adopted the bill in the first reading on November 30, 2023. The deadline for submitting amendments for the second reading was set for February 16, 2024. But by April 2024, they still had not appeared.

"We hope that this work will not stop. If the law is not adopted, then we as a bank will have to turn towards the construction of data centers, the purchase of equipment and the construction of import-substituting private clouds. But such work as the design and construction of data centers, the production of equipment is not a banking business. This will lead to additional costs and less efficient use of investments," added Pavel Vysotsky.

Alexander Khonin, head of the consulting and audit department at Angara Technologies Group (a systems integrator developing information security solutions for Angara Security), believes that all responsibility for data security should and will remain on the bank’s side, so the bank must impose appropriate security requirements on cloud providers.

"Here lies the main problem: cloud providers are not always ready to fulfill all the information security requirements that are imposed on banks, as well as confirm compliance with such requirements," noted Alexander Khonin.

"There are three types of cloud services: IaaS, PaaS, SaaS. In IaaS, the provider may have difficulties in fulfilling organizational requirements for equipment placement, physical access to it, and certification of computing power (servers). These requirements are not difficult to meet, but will require high costs for the service provider. In PaaS and SaaS, a number of requirements for segmentation, access, and interaction protocols are added to the above-mentioned difficulties. In oth