Financial services firms still cagey about cloud computing
Cloud computing is becoming more prevalent throughout the financial sector but many firms say they are less than halfway to having a firm cloud strategy in place, with controls and security remaining primary concerns.
In a new survey carried out by the Cloud Security Alliance, How Cloud is Being Used in the Financial Sector, 61 per cent of respondents admitted that a cloud strategy is only in the formative stages within their organisation, with 39-47 per cent planning to use a mix of in-house IT, private, and public clouds, and 18 per cent planning to use private clouds. None of the respondents have plans to host a majority of their applications or systems in a public cloud.
The results of the survey also showed that the more a firm’s customer base uses electronic transaction channels, the less strict the cloud policy that firm takes, with only 3 per cent of these types of organisations indicating having a strict cloud policy in place.
“The results of this report are insightful into understanding how the financial services industry is progressing in terms of cloud adoption and how cloud providers can best serve their interests and needs,” said Jim Reavis, chief executive of the CSA. “We hope that cloud providers and financial institutions can use this as guidance to help accelerate the adoption of secure cloud services in the financial industry.”
Financial services firms are also eager to see increased transparency and better auditing controls (80 per cent) from their cloud providers, even more so than better data encryption (57 per cent). In understanding why companies are moving to the cloud, respondents indicated that flexible infrastructure capacity was at top of their list (68 per cent), followed closely by the need for reduced time for provisioning (63 per cent). The top services and features being adopted when moving to the cloud include CRM (46 per cent), application development (45 per cent), and email (41 per cent), rather than back-end services (20 per cent) or virtual desks (14 per cent).
Finally, in looking at compliance regulation requirements when moving to the cloud, at the top of the list was data protection (75 per cent) corporate governance (68 per cent) PCI-DSS (54 per cent) and national regulations (47 per cent).
“The responses overall showed a very active market for cloud services in the financial services sector,” said Chenxi Wang, vice president, cloud security and strategy at CipherCloud, which sponsored the report. “Cloud has made solid in-roads in this industry with many firms looking to harnessing the power of cloud. There’s plenty of room for growth, particularly for providers who can fill the void for the auditing and data protection controls that are at the top of respondents’ cloud wish list.”
The survey also looked to gain insight into how finance, government, insurance, and security decision-makers take action in their organisations, from consolidating and standardising on the most secure cloud services, to knowing what policies will have the most impact, to understanding where to focus when educating users.
The report includes responses from more than 100 professionals varying in company size and industries from the Americas, EMEA and APAC regions. Sponsored by CipherCloud, the survey was conducted by the CSA Financial Services Working Group, as a first step in building a situation map to show how different cloud solutions are deployed in the financial sector.
As a follow up to the survey, the CSA Financial Services Working Group plans to identify 2015 deliverables to address the concerns and opportunities for cloud computing best practices within the financial services industry. The Financial Services Working Group is led by Juan Francisco Losa, head of innovation, engineering and software development IT Risk, Fraud & Security at BBVA, and Mario Maawad, Security Manager at CaixaBank. Companies and individuals interested in becoming involved in the working group should contact firstname.lastname@example.org.