Follow Us

Follow us on Twitter  Follow us on LinkedIn
 

07 December 2015

ENISA: Why Cloud adoption in the Finance Sector is still lagging


Limitations to a consistent regulatory framework and the broad adoption of good practices deters financial institutions from taking advantage of the benefits of cloud computing.

Cloud Computing is currently widely used in several sectors, however, its adoption in the Financial Sector remains low.  European Union Agency for Network and Information Security (ENISA) engaged Financial Institutions (FI), National Financial Supervisory Authorities (NFSA) and Cloud Service Providers (CSP) in a study to analyse the slow uptake of cloud services and provide possible explanations related to the speed of adoption of these services by the financial sector.

This study identified several causes for this slow uptake, including: inconsistent regulatory guidelines on cloud deployment, and concerns about security and data privacy jurisdictions across EU Member States.  For example, almost half of the Financial Institutions surveyed have not developed a cloud risk assessment even though they are aware of specific risks associated with Cloud Computing.  Furthermore, although NFSAs are also aware of the risks of cloud computing, they are insufficiently informed about the security measures implemented by CSPs at all times.

CSPs have difficulties offering services to Financial Institutions due to differences in security and privacy requirements across EU member states, such as the implementation of privacy requirements that are the responsibility of national Data Protection Authorities (DPAs) and not of NFSAs.

ENISA, in cooperation with the European Banking Authority (EBA), held a workshop in October 2015 to further enhance and validate the results.  Participants openly discussed the challenges and debated about the possible causes and potential solutions.  Following the discussions and analysis, ENISA issues "Secure Use of Cloud Computing in the Finance Sector" that includes the following key recommendations:

  • Financial Institutions, National Financial Supervisory Authorities and Cloud Service Providers should co-operate to develop a consistent regulatory framework for the secure adoption of Cloud computing based on widely used good practices and standards,
  • Financial Institutions should develop and implement a risk assessment approach to cloud computing and integrate it with existing corporate risk management processes
  • Cloud service providers should do their utmost to enhance the transparency of their service offerings and comply with any regulatory provision and widely accepted good practices and standards in the area.

Press release

Full report

Press release_EBA



NA


< Next Previous >
Key
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information



Add new comment