Cloud Security Alliance Survey Finds Financial Firms are in Search of a Cloud Strategy

View from the Cloud

Cloud Security Alliance Survey Finds Financial Firms are in Search of a Cloud Strategy

By Peter Bernstein, Senior Editor  |  April 27, 2015

When it comes to cloud adoption by enterprises, it is no secret that one of the biggest obstacles to adoption, if not the biggest, has been concerns about security. This means the security of data at rest as well as on the move. The vertical market that has proven to be a difficult one for cloud providers, especially because of the intensity surrounding the need to mitigate risks at almost any cost, has been the financial services sector. Let’s just say that C-levels at banks, insurance companies and all types of investment and wealth management firms around the world have been cloud skeptics. 

Interestingly, according to a survey by the Cloud Security Alliance (CSA), titled How Cloud is Being Used in the Financial Sector, there appears to be an attitudinal sea change.  However, old perceptions can die hard.

Just as background, the report includes responses from more than 100 professionals varying in company size and industries from the Americas, EMEA and APAC regions. The objective of this study is to understand the needs to accelerate the adoption of secure cloud services in the financial industry by analyzing the financial industry's main concerns regarding delivery and management of cloud services.

The higher level findings were that roughly 50 percent of respondents have a solidified, concerted cloud strategy with controls and security being a main concern.

Additional findings of interest include:

  • 61 percent of respondents admitted that a cloud strategy was in the formative stages within their organization;
  • 39 to 47 percent are planning to use a mix of in-house IT, private, and public clouds;
  • 18 percent are planning to use private clouds;
  • None of the respondents have plans to be hosted mostly in a public cloud.  

The survey also found that the higher the electronic channel transaction base among a firm’s customers, the less strict the cloud policy, with only three percent of these types of organizations indicating having a strict cloud policy in place.

“The results of this report are insightful into understanding how the financial services industry is progressing in terms of cloud adoption and how cloud providers can best serve their interests and needs,” said Jim Reavis, CEO of the CSA.  “We hope that cloud providers and financial institutions can use this as guidance to help accelerate the adoption of secure cloud services in the financial industry.”

Dr. Chenxi Wang, Vice President, Cloud Security at CipherCloud noted that: “Cloud has made solid in-roads in this industry with many firms looking to harnessing the power of cloud. There’s plenty of room for growth, particularly for providers who can fill the void for the auditing and data protection controls that are at the top of respondents' cloud wish list.”

The comment about financial services firms looking for increased transparency and better auditing controls can be seen in the findings. Here, 80 percent wanted it from their cloud providers, which, interestingly, is ahead of better data encryption (57 percent). 

In understanding why companies are moving to the cloud, respondents indicated that flexible infrastructure capacity was at top of their list (68 percent), followed closely by the need for reduced time for provisioning (63 percent). The top services and features being adopted when moving to the cloud include CRM (46 percent), application development (45 percent), and email (41 percent).  Again, and a likely reflection of this verticals priorities, backend services (20 percent) and/or virtual desks (14 percent) were not highly prized capabilities.  

The report also delved into the extremely critical area for financial services firms of compliance.  Concerns were:

  • Data protection (75 percent)
  • Corporate governance (68 percent)
  • PCI (News - Alert)-DSS (54 percent)
  • National regulations (47 percent)

Finally, of note is the analysis of the survey results that looked into how decision-makers take action in their organizations to in essence sell their moves to the cloud. This ranges from such things as consolidating and standardizing on the most secure cloud services to knowing what policies will have the most impact to understanding where to focus when educating users.

While the financial services sector has unique requirements security is always at the top of industry lists as a cloud adoption constraint. As the survey indicates, while decision-makers still seem wary of the public cloud as their cloud implementation of choice there is momentum for the cloud and even public services have their place.   

Edited by Dominick Sorrentino
Get stories like this delivered straight to your inbox. [Free eNews Subscription]