This blog was written with contributing guest author Nancy Kramer, senior director in the Oracle Information Security and Regulatory Compliance organization, a key partner to the SaaS Cloud Security team.

To help organizations evaluate the security, privacy, and compliance of cloud service providers, we have consolidated the most common concerns and challenges into a case study and checklist reflecting our customers’ feedback. It describes a fictional company called 123 Bank Corp, a composite representation of customers in industries, such as financial services, health care, and other regulated sectors from around the world. We hope that you recognize similarities and opportunities for your organization.

Case study: 123 Bank Corp

123 Bank Corp is a global financial services company subject to a broad range of regulations because of its industry and global footprint. Their board of directors and senior executives mandated that robust information security controls are required to protect the bank’s data as part of their financial services operations.  

The bank made a strategic decision to favor cloud applications for their IT systems to enable innovation and modernize their business processes. They needed cost-effective cloud solutions that could improve efficiency, performance, and resilience, while achieving security and compliance objectives. Business and IT teams determined that they needed the following cloud services:

  • Software-as-a-service (SaaS) applications that integrate financials and personnel management
  • Infrastructure as a service (IaaS), such as compute, database, and artificial intelligence (AI)

Cloud evaluation checklist

123 Bank Corp used a five-step checklist to guide its selection of cloud services from a security, privacy, and compliance perspective, and more. They defined multiple categories of requirements, evaluated cloud providers as companies, and then compared specific cloud services to the bank’s prerequisites.

Solution overview

Follow 123 Bank Corp through their cloud evaluation journey with this case study to learn how they used this five-step checklist for evaluating cloud providers and specific cloud services:

Short on time? Watch the How to Evaluate Cloud Providers webinar about this case study and checklist.    

Checklist breakdown

As noted in the overview, 123 Bank Corp introduced in the first blog post how the global financial services organization sought the right cloud applications and cloud infrastructure to modernize their computing workloads. The second post discussed steps 1 and 2 for identifying security, privacy, compliance, and functional requirements. The third post described how stakeholders identified and researched their top potential suppliers.  The last post details how 123 Bank Corp evaluated the specific cloud services.

More specifically, 123 Bank Corp chose to utilize the following five-step checklist for selecting cloud services:

  1. Identify security, privacy, and compliance requirements for these specific solutions
  2. Define features and functional requirements, including resilience
  3. Generate a short list of suppliers offering relevant cloud solutions 
  4. Research a short list of cloud provider companies for financials, global cloud data centers, and support
  5. Evaluate cloud services against detailed requirements for each cloud service

Lessons learned: 123 Bank Corp’s procurement journey

123 Bank Corp’s approach helped them purchase the best cloud services for their requirements. The formal process used for the evaluation of the vendors and the early identification of security and regulatory requirements also allowed the bank to effectively manage the selection process, while obtaining agreement and alignment from key stakeholders. Performing a comprehensive needs analysis in the first two steps of the checklist made supplier selection more effective because they had defined clear criteria for success.

Get started today

Your organization might find this checklist (and other supporting Oracle resources) helpful for choosing cloud services that align to your requirements for security, privacy, and compliance, as well as other factors, such as resilience, feature sets, and cost management.

For more information on how to apply this checklist to your cloud service procurement process, see the following resources: