Credit Bureau Makes the Cloud Its Business

A major concern among business and IT leaders—particularly those operating in the financial services arena—is managing data and handling transactions in the cloud. However, at the Caribbean Credit Bureau (CCB), an independent service provider that supports various business and financial functions (including credit reports for financial services firms such as banks, credit institutions and merchants), the cloud has moved into the mainstream of the business.

“We handle a lot of private information—from sensitive consumer data to account-related information—all subject to regulations and best practices for our members,” points out general manager Niko Kluyver.

The organization, which was established in 2004 and caters to firms in the Caribbean region, requires a robust IT framework to operate effectively and securely. Yet, when the CCB examined its business and IT strategy, executives decided that a more agile and cost-effective model was in order.

“We didn’t want to build our own data center and support all the technology and expertise associated with it,” Kluyver explains. So, after examining different options, “We decided that the cloud was the right approach.”

However, the CCB couldn’t move forward without stringent security and privacy protections in place, including strong encryption of all personal data. After surveying the marketplace, the credit bureau turned to CipherCloud, a firm that develops secure gateways that encrypt sensitive data locally before storing it in the cloud.

“Nothing leaves the portal without getting encrypted first,” Kluyver stresses. “That satisfied our legal, regulatory and best-practice requirements.” In addition, the technology supports two-factor authentication and streamlines efficient rollouts with CCB’s clients.

The cloud platform architecture also supports assurance audits, including an ISAE 3000 audit for internal controls, sustainability, and compliance with laws and regulations, “In the past, we had a variety of partnered and hosted solutions in place,” Kluyver recalls. “We had to be much more focused on making sure that upgrades were handled correctly and IT tasks were being addressed in the most efficient way possible. We had to be extremely alert about the quality of our partnerships.”

Cross-Functional Team

The CCB used a cross-functional team to examine technology options and make design and purchasing decisions. It included a team of programmers, a business analyst, a project manager, a privacy expert, a security specialist, an IT assurance auditor, a representative from CipherCloud and Kluyver.

“The key focus all along was integrity of data, uptime, business continuity, data security and privacy,” he notes. “There are laws and regulations that we had to abide by—including some that deal with cross-border issues—but we also wanted to ensure that we were putting excellent business processes and best practices in place, such as those promoted by the Cloud Security Alliance” [CSA].

In addition, the CCB had to know it was providing the highest level of privacy at all times. The transition went smoothly, and the bureau has realized clear benefits, including lower CAPEX and IT costs, a more robust and flexible IT platform, and the ability to approach the business and IT in a more efficient way.

“We understand that there is no need to hug the server,” Kluyver says. “A cloud-based approach allows us to approach the business with the highest level of expertise, efficiency and security.”