Videos & Podcasts

The Importance of Collaborating with Regulators on Cloud Best Practices

Thu, Mar 3, 2022


Mike Meriton, Co-founder and COO, and John Bottega, President of the EDM Council, round out their discussion with Tim Brooks, Worldwide Technology, about EDM Council’s Cloud Data Management Capabilities (CDMC) framework that is available for all industries, and what it has been like to involve the regulators in these processes.

Meriton further shares that they conducted their first open training course in early November 2021. They trained the first 55 people virtually, and they all received digital certification.

Meriton shares that the EDM Council is having a serious discussion on appropriately involving regulators throughout the process. He says that there are a few challenges, and it’s difficult for companies to sit in the same room with regulators to build things because it requires phenomenal internal approvals from compliance. The EDM Council figured out how to move quickly with the cloud providers, the financial institutions, tech providers, and the consultancy firms to construct the framework. The forum includes regulators like the Federal Reserve, the FCC, and the bank of England.

At the same time, the EDM Council is doing briefing sessions, getting feedback from the regulators, and factoring that back as input into the framework. One of the documents they published first was “The 14 Key Controls for Protecting Sensitive Data”. Meriton explains that they had 12 controls for sensitive data and not 14. While controls look like they’ll protect the cross-border movement of data, Meriton maintains it would be better if there was a dedicated control that managed and audited sensitive data and provided transparency. That’s what the regulators need to see, and that applies across all jurisdictions with individual regulators, he notes.

Bottega shares that he had the privilege of holding the chief data officer position for the New York Federal Reserve, so he had the opportunity to see both the public and the private sectors. He was highly impressed with the people dedicated to doing the right thing in their work. Global regulators, anxious to seek solutions, are now welcoming solutions from the private sector. Hence, the opportunity here is not that they’re going to just blanketly adopt any standard. But when they see that the private sector is getting together and proposing manageable solutions, they want to hear about them.

According to Meriton, so many companies participated in the forum that the framework was downloaded thousands of times within just a few days. Obviously, they wanted to see the final product for themselves, and were glad to see that the major cloud companies not only stood behind but participated in the joint panels.

Microsoft, Google, Amazon, and IBM were in moderated discussions with Meriton and Bottega, talking about how they worked together to build this framework, pointing out that that’s “unheralded” — competitors with billions of dollars in revenue at stake, working together.