On May 23, 2019, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert on the importance of storing customer and data in a cloud environment in a secure fashion. Titled “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features,” the risk alert addresses proper cloud storage practices, and in particular, what potential problems the registered investment adviser and broker-dealer community should be on guard for to avoid or control. OCIE hinted at some of the problems in its opening paragraph: “Although the majority of these network storage solutions offered encryption, password protection, and other security features designed to prevent unauthorized access, examiners observed that firms did not always use the available security features. Weak or misconfigured security settings on a network storage device could result in unauthorized access to information stored on the device.”
Click here for the full GT Alert.