Cloud9’s accomplishment of obtaining both our ISO 27001
and SOC 2
certifications was recently recognized in Institutional Investor as an industry best practice for security in the cloud.
Read the full article by Jeffrey Kutler on Institutional Investor.
Kutler writes in the article:
“Cloud9 Technologies, which is using cloud systems to disrupt traditional approaches to trading-floor communications, obtained both the ISO 27001 certification (for information security management) and SOC 2. ‘It was a high bar for us,’ says Gerald Starr, chief executive officer of the three-year-old start-up. It sends a message that Cloud9 ‘aims high’ to instill users’ confidence in information protection.”
These certifications are a crucial show of credibility for fintech vendors, helping instill confidence in firms who are choosing to migrate their most sensitive data into the cloud. As the article points out, even though Cloud9 is using a highly secure and trusted cloud provider like Amazon Web Services, we are still responsible for creating infrastructures that protect the data of our customers as well as architecture for compliance. Achieving both the SOC 2 and ISO 27001 certifications – something no other trader voice communication provider holds – provides independent validation regarding our ability to protect the calls, voice recordings, call data, and business information that users entrust to Cloud9.
It’s a dangerous world out there for financial institutions, but the right partner can provide the best defense against security breaches.When considering a move to the cloud, it’s important for firms to take the time to find a trusted partner that is verified to protect them against cyber threats.
Read the article on Institutional Investor to learn more about how companies are working to secure the cloud.
© Cloud9 Technologies 2019
All rights reserved.
We are proud to announce that Cloud9 has successfully completed the Service Organization Control (SOC) 2 Type II certification! Cloud9 is the only trader voice communication provider to hold both the SOC 2 and ISO 27001 security certifications, showing our commitment to information security and the protection of our users’ data.
SOC 2, a certification established by the American Institute of Certified Public Accountants (AICPA), evaluates companies on their Trust Services Principles and Criteria, including security, availability, processing integrity, confidentiality, and privacy of their data management systems. It has become an industry standard for cloud-based technology companies and is the same standard held by Amazon Web Services and Google that validates the security of their infrastructure.
We underwent in-depth assessment by a third-party auditor to confirm compliance with this standard. The process requires comprehensive, written documentation of information security policies and procedures in addition to a technology examination that proves our ability to maintain these standards over time.
Since our founding, security has been our highest priority. Achieving both the SOC 2 and ISO 27001 certifications provides independent validation regarding our ability to protect the calls, voice recordings, call data, and business information that users entrust to Cloud9.
“The SOC 2 certification sets Cloud9 apart and establishes us as the leader in information security for the trader voice market,” said Cloud9 CTO, Leo Papadopoulos. “Following our recent ISO 27001 certification, this reinforces our ongoing dedication to security, confidentiality, and privacy in regards to our data. Our users can be confident that that we are providing them the highest levels of protection for their most sensitive data and communications.”
Read more about our recent completion of the ISO 27001 certification.
The UK and European Union are deeply interconnected when it comes to capital markets, with 80% of EU capital markets activity managed and conducted out of the UK. With Brexit proceedings commencing at the end of March, financial firms in the UK are starting to prepare for the considerable impact on their operations, including market volatility, relocation of headquarters and staff, trade disruption, and changes to regulatory mandates.
Particularly with the issues of relocation and compliance, now is the time for European firms to re-evaluate their trading technology.
Headquarters and Staff Relocation
One of the primary risks of the Brexit is the loss of passporting rights, which allow institutions established and regulated in any country within the EU to do business in another member country without having to secure authorization. The UK is the most active country currently using these rights, with UK-based firms accounting for over 75% of all passporting activity in the EU. UK firms would need to maintain a local presence in the EU to continue enjoying passporting rights.
The loss of passporting rights as well as the loss of the ability to clear the Euro in London has many financial firms evaluating if they want to retain their European headquarters in the UK. While many predict a small movement at first, a chain reaction will likely occur as banks follow their clients, and vice versa. In addition, many UK-based firms will likely face regulatory pressure to develop a more significant presence in continental Europe to effectively conduct business. For now, a UK firm may only need 5 people staffed in the EU, but in a few years, that number may increase to 50 or 100 employees.
In addition to disrupting business operations and the lives of employees, the cost of a move for a financial firm is substantial. Rerouting trader voice communication lines alone can cost firms tens of thousands and can take weeks to properly implement.
For firms considering a move, this period of transition provides best time to re-evaluate current technology for solutions that will cut costs and reduce the disruption caused by relocation.
The UK’s transition away from the EU will take at least two years, with some experts projecting it could last up to a decade, and will involve negotiating everything from customs to energy policy. During this time, the UK will be an acting member of the EU, meaning that all current legislation will be implemented in full – including the upcoming MiFID II regulations, set to take effect in January 2018.
While it is likely that the UK will need to maintain equivalency with EU regulations in order to continue doing business, the UK will have to establish their own set of regulatory mandates for financial industry. With frequently changing sets of regulations in their future, financial firms have the burden of keeping their systems and technology updated, often a costly task.
Now is the time for firms to make the necessary equipment upgrades and replacements for systems that are more adaptable to changing compliance regulations.
Moving your trading floor? Cloud9 can help. Contact email@example.com to schedule a demo.
We’re excited to announce our joint partnership with Behavox, a compliance software company focused on the financial services sector. This collaboration combines the end-to-end compliance, call recordings, and advanced metadata from Cloud9 with Behavox’s relationship mapping, risk scoring, and behavioral monitoring capabilities for voice trades.
Behavox is valued in the market for its expertise in machine learning, developing robust algorithms based on 16 years of enforcement cases against traders and banks worldwide. Behavox utilizes these algorithms with sound processing, to enable keyword detection, highlight variants in emotion/sentiment, and tie voice records to data points that signal market abuse, insider threat, collusion, or reckless behavior. With this technology, the platform meets the requirements of regulators like FINRA, CFTC, and the FCA, and delivers compliance with Dodd Frank, MAE, SMR, and MIFID II.
Cloud9 is currently the only cloud-based communications solution for the capital markets with a comprehensive strategy around analytics and voice capture. Our platform delivers value by collecting voice recordings as well as enhanced call metadata– adding additional insight not available with legacy services. Cloud9’s partnership with Behavox supports our ongoing strategy to provide customers with a full suite of monitoring, compliance and analytics solutions through integration with leading third-party trading technology providers capable of leveraging Cloud9’s generated voice and metadata.
“At Cloud9, we have created a partner ecosystem that enables us to provide enhanced compliance, analytics and trader workflow capabilities around voice and translate it into actionable data – a feature that was previously unavailable to firms,” said Cloud9 Technologies CEO, Jerry Starr. “Partnering with an innovator like Behavox greatly benefits our customers and enables them to use their recordings and advanced metadata to manage both operational and reputational risk.”
Compliance remains a critical consideration for financial firms as they try to keep up with regulatory changes such as MiFID II being effective from 2018, increased reporting and data capture requirements, as well as the ongoing avoidance of corporate and individual liability.
As a result, firms have tried to solve the problem by investing millions of dollars in compliance, particularly on back office investigators, lawyers, and intelligence officers to sort through and monitor trader communications. Market demand is placing a premium on the quality, processing, ingestion, retrieval and archiving of voice data for front office and compliance purposes. The Tabb Group estimates the global compliance market is at $2.5 billion and still growing.
Learn more about Cloud9’s analytic, compliance, and interoperability services.
We’re proud to announce that Cloud9 Technologies has received the ISO 27001 Certification, the international standard that describes best practices for an information security management system (ISMS). Compliance with this certification validates that Cloud9 has implemented comprehensive information security practices that protect our users, their information, and their call record data in accordance with internationally-recognized standards.
ISO 27001 family of standards ensures the secure management of financial information, intellectual property, employee details, and third party information by assisting firms in establishing methodologies and meeting key objectives for implementing information security.
Cloud9 underwent in-depth testing and assessment by a third-party auditor to validate compliance with this standard. Maintenance of the certification requires an annual review and a three-year re-certification, giving Cloud9 users confidence that their data is continuously protected under these standards.
Since our founding, security has been top priority for Cloud9. Our robust security framework includes end-to-end, triple encryption security, that safeguards calls, recordings, and call data in transit and at rest. Achieving this certification provides independent validation regarding the company’s ability to safeguard calls, voice recordings, call data, and business information that they entrust to Cloud9.
“We’re proud to be internationally recognized as a leader in information security protocols and best practices. It is a testament to the dedication of our team in ensuring that we have every safeguard in place when dealing with user information,” said Cloud9 Technologies CTO, Leo Papadopoulos. “Data security is critical when dealing with the financial industry, and Cloud9’s ISO certification provides our users with the highest level of protection for their most sensitive communications.”
To continue this excellence in security and compliance, Cloud9 has employed a security management team dedicated to the prevention and monitoring of security threats as well as managing strict policies around escalation and rapid response.
Learn more about the importance of security in fintech.
For firms looking for guidance about how regulatory agencies apply outsourcing rules to cloud services, recent guidelines issued by the UK Financial Conduct Authority (FCA) offer support for the use of public cloud technology at financial services firms.
In a set of new guidelines released in July, the FCA recognized the need to provide more detail on their approach to financial services firms using a cloud services provider. The guidelines go on to provide a positive endorsement of cloud technology, stating: “We see no fundamental reason why cloud services (including public cloud services) cannot be implemented, with appropriate consideration, in a manner that complies with our rules.”
The new guidelines support the FCA’s effort to foster innovation in order to promote competition in the financial services sector. They state in the report, “Using the cloud can provide more flexibility to the services firms receive, enabling innovation, and bringing benefits to firms, consumers, and the wider market.”
These cloud-friendly guidelines demonstrate a changing attitude towards the cloud in the financial services industry, as discussed recently at our panel, Fintech and the Cloud. Third party cloud providers offer financial firms a number of benefits such as cost savings, increased security, and often, built-in compliance.
Regarding security, the FCA went on to advise firms considering a third party cloud service to agree on a data residency policy with their provider upon beginning their relationship. Building this trusting relationship between firm and provider is key to implementing a secure and effective cloud solution.
Interested in implementing a cloud solution at your firm? To learn more about the benefits of Cloud9, watch this quick tutorial.