In conversation with Antoine Moreau
Read on as Antoine Moreau, CIO of Regnology, shares more on Rcloud’s end-to-end security architecture, our ongoing collaboration with Google Cloud and more.
Antoine Moreau, CIO of Regnology
As a global leader in the regulatory reporting space, Regnology understands that technological stability is vital to a safe and sustainable financial future. We’ve prioritized creating a comprehensive framework to protect our clients from potential vulnerabilities, help them manage their data in the safest environment and achieve the highest security levels for our RegTech and SupTech solutions.
Upholding this commitment requires adherence to proper standards and processes for security information management. Recently, our Rcloud platform completed its System and Organization Controls Type 2 (SOC 2) certification – the highest set of international information security standards. This certification, combined with our ongoing ISO/IEC 27001 and ISO/IEC 22301 compliance, gives us a stable foundation to support innovation and provide solutions to pressing regulatory challenges.
As we continue to expand globally – in North America and APAC, in particular – these certifications demonstrate our commitment to the safety, security and privacy of existing clients and new prospects alike. While these measures apply to all of Regnology’s products and services, they are of particular importance for Rcloud, which we launched in partnership with Google Cloud in 2022.
A state-of-the-art cloud platform, Rcloud provides augmented regulatory reporting capabilities that bring greater efficiency, scalability and security across all of Regnology’s solutions. Rcloud enables seamless delivery of cloud native software, deployment/configuration and operations through a fully aligned, one-stop service offering. Leveraging the power of Google Cloud’s infrastructure, Rcloud addresses the challenges our clients face due to higher data quality standards, increased reporting volumes and frequent regulatory changes.
Rcloud is equipped with streamlined platform operations powered by container orchestration, infrastructure-as-code and an easy-to-use UI. These features enable self-service planning and execution of deployments, software configuration and workflow automation. Additionally, a combination of vertical and horizontal scaling helps clients to flexibly start, suspend and shut down instances on demand. By accessing Regnology’s services via Rcloud, clients immediately benefit from our most recent innovations and technological developments.
Rcloud leverages a shared responsibility model to ensure security, also called “Shared Fate”. As an infrastructure and service provider, Google Cloud acts as a sub-processer of Regnology’s customer data and must make assurance reports and certifications. It must also deliver disaster recovery solutions, monitored infrastructure within SLOs and a high level of data center security.
On the flipside, Regnology acts as a processor of personal data as instructed by its clients. Our team is responsible for the secure development and operation of our SaaS solution, which enables full compliance and effective isolation of client instances. It’s also on us to implement some of the architectural best practices mapped out by industry standards, including business continuity and disaster recovery.
Regnology’s partnership with Google Cloud is a case study in dedication to security compliance, ensuring the safety and privacy of our clients’ highly sensitive data.
Antoine Moreau CIO
Regnology
Regnology’s partnership with Google Cloud is a case study in dedication to security compliance, ensuring the safety and privacy of our clients’ highly sensitive data. Google Cloud’s IT architecture and processes are certified with all relevant industry requirements – including ISO/IEC 27001 and SOC 1,2 and 3 – and offer robust encryption capabilities.
Google Cloud creates and shares mappings of industry-leading security and privacy controls with standards from around the world. It also consistently undergoes independent verification to help demonstrate full compliance. This range of regularly updated and publicly viewable certifications cements Rcloud’s position as the ideal solution suite for financial institutions looking to simplify, scale and create efficiencies in the regulatory reporting process.
Google Cloud’s core system architecture was built to provide defense in depth, at scale and by default. It enforces strict separation between administrative tools and different development stages of the client environment. Google’s Kubernetes – the base platform for Rcloud – can be deployed in a single or multiple regions across multiple availability zones.
Google’s Cloud Armor function scans external traffic with a Web Application Firewall. If suspicious network traffic or a change in standard network patterns is detected, it will block the offending traffic and trigger an alert. When it comes to identity and access management, Google Cloud has robust authentication capabilities, validating each user against their internal data source. This enables clients to retain full control over their user access authentication.
By minimizing data storage and only using essential information for role-based access control, Rcloud significantly reduces the potential impact of data breaches. This ensures a robust, privacy-respecting environment that both maintains functionality and fosters user trust.
Rcloud affords clients the ability to have their dedicated Kubernetes clusters referred to as a “space” – a self-contained, isolated environment that provides a distinct layer of security and autonomy, unlocking the ability to tailor resources and configurations to the client’s specific needs. This arrangement enables robust, scalable application deployment and management within the space.
Rcloud also leverages detection capabilities from Google Cloud Security Command Center (SCC), a cloud native security solution that monitors nearly everything in the environment, enabling the Regnology team to detect, investigate and respond rapidly to security threats. This results in reduced risk, improved compliance and simplified security operations.
Insight
Discover the different deployment options for financial institutions in their regulatory reporting needs, pros and cons for the cloud options, and the shift from traditional in-house systems to managed services for greater flexibility, cost efficiency, and access to specialized expertise.
WeiterlesenInsight
Explore the pros and cons of the two main types of regulatory reporting systems, and how RegTech solutions are helping to support a move to third-party offerings.
WeiterlesenInsight
Let’s explore the nuances of how Basel IV will present itself across four key regions, each with its own unique timeline and calculation approach.
Weiterlesen