Connect with us

Hi, what are you looking for?


Cloud Security

Financial Firms Searching for Cloud Strategy: CSA Survey

While a growing number of financial services organizations are moving their data and applications to the cloud, most of them do not have a concerted cloud strategy with appropriate controls and security, according to a new report from the Cloud Security Alliance.

While a growing number of financial services organizations are moving their data and applications to the cloud, most of them do not have a concerted cloud strategy with appropriate controls and security, according to a new report from the Cloud Security Alliance.

More than half, or 61 percent, of respondents said cloud strategy at their respective organizations was “in the formative stages,” the CSA said in a report released Thursday. Most of them do not have a formal cloud migration policy in place and cloud adoption remains very ad hoc in this sector, the report found.

Financial services organizations are interested in the cloud for the same reason other industry sectors are: flexibility. About 68 percent cited flexible infrastructure capacity as the top reason driving cloud adoption, and 63 percent said they needed to reduce the time necessary to provision systems and users. The respondents were more interested in front-facing cloud applications such as CRM, application development, and email, rather than backend services or virtual desks, the survey found.

Cloud StrategyHowever, none of them planned to use only public clouds, and most of them planned to have a hybrid environment. It could be due to regulatory concerns or the fact they are working with highly sensitive information. Between 39 to 47 percent of the respondents planned to use a mix of in-house IT, private, and public clouds, the survey found. Just 18 percent planned to use private clouds. Among organizations with a strict private-cloud-only policy, 86 percent cited security and compliance concerns as the top reasons, and 79 percent cited concerns over privacy and data retention.

Rather than worrying about a concerted cloud strategy, these respondents from financial services firms were more focused on accountability. About 80 percent said they wanted to see increased transparency and better auditing controls from their cloud providers. A little more than half, or 57 percent, wanted better data encryption tools and 51 percent wanted to receive logs in real-time. Other top features included remote auditing and forensics/e-discovery tools.

“The service itself and, more importantly, how the cloud provider accommodates these top features will determine how readily a particular cloud service is embraced,” the survey said.

Since the financial services sector is highly regulated, so it’s no surprise that compliance is very much at the top of mind. Three-quarters of survey respondents focused on regulatory requirements surrounding data protection, and 68 percent named corporate governance as a concern. Just over half, of 54 percent, listed PCI-DSS, which covers payment card security, as a concern, followed by 47 percent who were concerned about national regulations.

Small companies with 500 or less employees and large enterprises with more than 5,000 employees were more likely to have adopted cloud strategies, the survey found.

Advertisement. Scroll to continue reading.

The extent the firm’s client base was “digitalized,” or likely to carry out at least half of their interactions via electronic means such as online banking, mobile, and ATMs, influenced the institution’s cloud plans, the survey suggested. Firms with highly digitalized clients were less likely to have a strict cloud policy. The survey found that 19 percent of companies with less than 25 percent of digitalized customers had a strict no-cloud policy. The report showed a very active market for cloud services in the financial services sector, said Dr. Chenxi Wang, vice-president of cloud security and strategy at CipherCloud, which commissioned the report.

The report, prepared by the CSA Financial Services Working Group, is based on survey responses from more than 100 banking, insurance, and investment firm executives in North and South America, Europe/Middle East, and Asia/Pacific regions. The “How Cloud is Being Used in the Financial Sector” survey ran from September to October last year.

The survey was designed to identify the financial industry’s main concerns regarding delivery and management of cloud services. The CSA Financial Services Working Group will use the insights gleaned from the survey to work on related projects to accelerate the adoption of secure cloud services among financial organizations.

The financial services industry is increasingly adopting cloud services, and the report highlights areas cloud providers should focus on to meet industry needs. “We hope that cloud providers and financial institutions can use this as guidance to help accelerate the adoption of secure cloud services in the financial industry,” said Jim Reavis, CEO of the CSA.

The full report from the CSA is available online.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...