The ENISA report titled “Secure Use of Cloud Computing in the Finance Sector,” published in December 2015, showed just how far European banks and other financial institutions lag behind with respect to perceptions and usage of cloud computing in their businesses.

While more than 87 percent of those institutions are already using some form of cloud computing, their knowledge of basic cloud technologies and best practices is either sadly disappointing or shocking, depending on your perspective.

There’s a Need for More Information Regarding Cloud Security

The study was sponsored by the European Union Agency for Network and Information Security (ENISA is its French acronym) and had input from the Cloud Security Alliance, an international best practices body. The authors, Rossen Naydenov, Dimitra Liveri, Lionel Dupre and Eftychia Chalvatzi, developed two survey instruments: one for financial and cloud service providers, and the other for the national regulatory bodies in various EU countries. The surveys were followed up with a series of phone calls. More than 40 entities participated.

Results showed that there is a big perception gap between financial institutions and security professionals regarding cloud security. Many regulators mistakenly see outsourcing and cloud computing as similar entities. For example, almost half of the financial institutions surveyed have not developed a cloud risk assessment even though they are aware of specific risks associated with cloud computing.

There are many misunderstandings about the cloud, from the basic underlying technologies to which regulations are relevant for cloud computing and how to improve cloud security. Some survey respondents blamed the confusing patchwork of cloud security regulations across the EU as the main obstacle for implementing cloud initiatives.

It seems Europe’s attitudes about the cloud are behind the times, especially when compared to North America: Many surveyed felt security and privacy were the biggest limitations for cloud adoption. Almost a quarter of survey respondents from the regulatory bodies believed public cloud services should never be used in the finance sector.

Inside Banking and the Cloud

Nevertheless, not everything is gloom and doom with EU cloud adoption; the report highlighted several exemplary case studies. For example, the Dutch national banking regulatory body has put together guidelines for how financial institutions and banks can deploy Amazon Web Services (AWS), and a top Spanish bank, Bankinter, is already using it as an integral part of its credit risk simulation application.

The bank was able to run millions of simulations in the AWS cloud and decreased the average time to solution from 23 hours to 20 minutes. It also dramatically reduced processing time and the overall cost of these applications. This is a good example of how cloud computing can be used to do something that would be either impossible or else very difficult to do on-premises.

Cloud Security Recommendations

What I found most useful is that the report concluded with a series of recommendations that can be used by financial institutions around the globe:

  • Regulatory bodies should define best practices and de facto cloud security standards to help facilitate better incident information sharing and increase the trustworthiness of cloud computing.
  • Regulators should make current national legislation more similar across countrie as well as define baseline requirements and guidance on cloud computing throughout the European financial sector.
  • Everyone should adopt a similar set of minimum cloud security and privacy requirements.
  • Cloud service providers should disclose the location of their data centers and the number of staff that have access to confidential data or critical components. They should also be required to periodically update this information.
  • Organizations should adopt a risk-based approach when moving to the cloud and their cloud security strategy should be aligned with their own corporate risk assessments.
  • Finally, various EU and other international standards bodies should do a better job of informing financial institutions and others about the benefits and risks of cloud computing.

More from Banking & Finance

How to Spot a Nefarious Cryptocurrency Platform

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…