December 28, 2015 By David Strom 3 min read

The ENISA report titled “Secure Use of Cloud Computing in the Finance Sector,” published in December 2015, showed just how far European banks and other financial institutions lag behind with respect to perceptions and usage of cloud computing in their businesses.

While more than 87 percent of those institutions are already using some form of cloud computing, their knowledge of basic cloud technologies and best practices is either sadly disappointing or shocking, depending on your perspective.

There’s a Need for More Information Regarding Cloud Security

The study was sponsored by the European Union Agency for Network and Information Security (ENISA is its French acronym) and had input from the Cloud Security Alliance, an international best practices body. The authors, Rossen Naydenov, Dimitra Liveri, Lionel Dupre and Eftychia Chalvatzi, developed two survey instruments: one for financial and cloud service providers, and the other for the national regulatory bodies in various EU countries. The surveys were followed up with a series of phone calls. More than 40 entities participated.

Results showed that there is a big perception gap between financial institutions and security professionals regarding cloud security. Many regulators mistakenly see outsourcing and cloud computing as similar entities. For example, almost half of the financial institutions surveyed have not developed a cloud risk assessment even though they are aware of specific risks associated with cloud computing.

There are many misunderstandings about the cloud, from the basic underlying technologies to which regulations are relevant for cloud computing and how to improve cloud security. Some survey respondents blamed the confusing patchwork of cloud security regulations across the EU as the main obstacle for implementing cloud initiatives.

It seems Europe’s attitudes about the cloud are behind the times, especially when compared to North America: Many surveyed felt security and privacy were the biggest limitations for cloud adoption. Almost a quarter of survey respondents from the regulatory bodies believed public cloud services should never be used in the finance sector.

Inside Banking and the Cloud

Nevertheless, not everything is gloom and doom with EU cloud adoption; the report highlighted several exemplary case studies. For example, the Dutch national banking regulatory body has put together guidelines for how financial institutions and banks can deploy Amazon Web Services (AWS), and a top Spanish bank, Bankinter, is already using it as an integral part of its credit risk simulation application.

The bank was able to run millions of simulations in the AWS cloud and decreased the average time to solution from 23 hours to 20 minutes. It also dramatically reduced processing time and the overall cost of these applications. This is a good example of how cloud computing can be used to do something that would be either impossible or else very difficult to do on-premises.

Cloud Security Recommendations

What I found most useful is that the report concluded with a series of recommendations that can be used by financial institutions around the globe:

  • Regulatory bodies should define best practices and de facto cloud security standards to help facilitate better incident information sharing and increase the trustworthiness of cloud computing.
  • Regulators should make current national legislation more similar across countrie as well as define baseline requirements and guidance on cloud computing throughout the European financial sector.
  • Everyone should adopt a similar set of minimum cloud security and privacy requirements.
  • Cloud service providers should disclose the location of their data centers and the number of staff that have access to confidential data or critical components. They should also be required to periodically update this information.
  • Organizations should adopt a risk-based approach when moving to the cloud and their cloud security strategy should be aligned with their own corporate risk assessments.
  • Finally, various EU and other international standards bodies should do a better job of informing financial institutions and others about the benefits and risks of cloud computing.

More from Banking & Finance

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today