Trust and Regulation were the greatest influencing factors, report found
SEATTLE: The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, recently issued its latest survey report, State of Financial Services in Cloud. The survey found that while the use of cloud services is increasing, the pace of adoption is dependent on the speed at which cloud service providers (CSP) and financial services can meet security and operational expectations as well as demonstrate adherence to regulations.
“Throughout the survey and supporting interviews conducted, several themes emerged,” said Troy Leach, Chief Strategy Officer, Cloud Security Alliance, and one of the report’s lead authors. “Financial services has increasingly embraced cloud computing for business-critical functions and management of regulated data. Most commonly raised topics were transparency of data protection controls, adherence to diverse global regulations and confidence in professionals to provide adequate oversight. These key areas not only explain rationale for recent cloud adoption but also serve as a forecast for what practices must continue to evolve.”
- Cloud adoption continues to increase within the financial services sector with 98 percent of respondents reporting that their organization is using some form of cloud computing. This is up from 91 percent in 2020.
- Multi-cloud is the new reality for financial services with 57 percent of organizations surveyed reporting they currently use multiple cloud service providers (CSPs) for their IaaS/PaaS needs.
- Zero Trust was cited as the top priority by respondents, followed by cloud regulation, multi-cloud management, and shared security responsibility.
- The majority of financial services use cloud computing for regulated data with 59 percent saying they store or process regulated banking information within cloud services, and only 25 percent having no future plans to do so. However, only 28 percent of respondents said they are using public cloud services for the majority of their regulated workloads, an 18-percent increase from 2020.
- Ninety-one percent of respondents reported their concern with security and operational issues resulting from CSP-initiated cloud service changes as High or Medium.
- Only nine percent of respondents felt that they had a highly robust cloud security program.
- Sixty-five percent of those surveyed use the Cloud Controls Matrix (CCM) and Continuous Assessment Initiative Questionnaire (CAIQ) to demonstrate adherence to frameworks, establish internal cloud security controls framework, and establish an internal cloud risk management approach.
The findings of this report will be used by CSA’s soon-to-be-launched Financial Services Leadership Council. Composed of financial service representatives, CSPs, and other relevant organizations, this committee will identify priorities pertaining to research, education, analyst briefings, assurance frameworks, and programs and use them to guide future research, standards requirements, training, and education.
Many of the questions in this year’s survey were the same as originally developed by the CSA Financial Services Industry Working Group. Additional questions were included so as to better understand the current state of awareness for the CCM and Security, Trust, Assurance, and Risk (STAR) program along with other topics identified by the CSA analysts, and other industry experts. Additionally, dozens of interviews were conducted with Chief Information Security Officers, Chief Risk Officers, and other leaders responsible for cloud architecture, as well as data governance within financial services.