Cloud 101CircleEventsBlog
CSA's Continuous Audit Metrics Working Group is expanding! Help shape the future of cloud assurance.

Download Publication

State of Financial Services in Cloud
State of Financial Services in Cloud

State of Financial Services in Cloud

Release Date: 06/05/2023

In recent years, the financial services industry has increasingly adopted cloud services. This trend is expected to continue with the further adoption and integration of cloud service provider functions, replacing traditional technology for banking, commerce, financial transactions, and the exchange of financial data. 

Due to this trend, CSA has been conducting surveys to better understand the adoption of cloud computing technology in the finance industry, bringing together a community of contributors from global banks, fintech, payment processors, insurance companies, financial supervisory authorities, data protection authorities, and other national regulatory bodies. Now, with this latest report, we aim to better understand: 
  • Financial institutions’ level of adoption of cloud solutions and requirements compared to prior surveys conducted in 2019-2020. 
  • Current challenges facing the financial services industry. 
  • Opportunities for CSA to create guidance on protecting financial data and related assets within secure cloud services.
Most evident from this report is that cloud services are becoming well-rooted in all aspects of financial services and are expected to be used for a very long time. No longer is the question as to whether cloud will be adopted, but about the execution of how: how to adopt cloud-native security, how to apply Zero Trust methodologies, and how to educate all relevant stakeholders. 

Key Takeaways:
  • 98% of organizations are using some form of cloud computing, up from 91% in 2020.
  • 57% of organizations currently use multiple cloud providers for their IaaS/PaaS needs. 
  • 59% of organizations store or process regulated banking information within cloud services, with only 25% having no future plans to do so.
  • A common pain point is the need for broader awareness of approaches to auditing cloud services by regulators and auditors. 
  • 65% of organizations use CSA’s CCM and CAIQ to demonstrate adherence to frameworks, establish an internal cloud security controls framework, and establish an internal cloud risk management approach.
Download this Resource

Bookmark
Share
View translations
Related resources
The Six Pillars of DevSecOps - Collaboration and Integration
The Six Pillars of DevSecOps - Collaboration an...
The State of Security Remediation 2024
The State of Security Remediation 2024
Key Management Lifecycle Best Practices
Key Management Lifecycle Best Practices
11 Months to DORA: EU's New Framework For BFSI
11 Months to DORA: EU's New Framework For BFSI
Published: 03/04/2024
To Meet Bold Ambitions and Combat Mounting Threats, Australia Endorses Zero Trust
To Meet Bold Ambitions and Combat Mounting Threats, Australia Endor...
Published: 02/28/2024
The Hidden Certificates in Your Organization: How to Find Them
The Hidden Certificates in Your Organization: How to Find Them
Published: 02/26/2024
3 Critical Steps for Application Security Teams in 2024
3 Critical Steps for Application Security Teams in 2024
Published: 02/23/2024

Acknowledgements

Vinay Patel
Vinay Patel
CISO at Finastra

Vinay Patel

CISO at Finastra

As Finastra’s CISO, Vinay is responsible for establishing an intelligence-led, threat-focused information security program capable of detecting and protecting against emerging cyberattacks targeting Finastra and/or its clients.

Read more

Troy Leach
Troy Leach
Chief Strategy Officer (CSO), CSA

Troy Leach

Chief Strategy Officer (CSO), CSA

Troy Leach has spent more than 25 years advocating for the advancement of responsible, safe technology to improve the quality of living and parity for all.

As the Chief Strategy Officer, Mr. Leach supports Cloud Security Alliance's corporate strategy and ongoing mission to provide new and relevant cloud security awareness, education, research, programs and membership participation. Mr. Leach specifically focuses on external engageme...

Read more

Hillary Baron
Hillary Baron
Senior Technical Director - Research, CSA

Hillary Baron

Senior Technical Director - Research, CSA

This person does not have a biography listed with CSA.

John Yeoh
John Yeoh
Global Vice President of Research, CSA

John Yeoh

Global Vice President of Research, CSA

With over 15 years of experience in research and technology, John excels at executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, Big Data, SecaaS, Quantum). John specializes in risk management, third party assessment, GRC, data protection, incid...

Read more

Daniele Catteddu
Daniele Catteddu
Chief Technology Officer, CSA

Daniele Catteddu

Chief Technology Officer, CSA

Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, ...

Read more

Ryan Gifford
Ryan Gifford
Research Analyst, CSA

Ryan Gifford

Research Analyst, CSA

This person does not have a biography listed with CSA.

Jez Goldstone
Jez Goldstone
Director of Security Architecture, Cloud & Innovation, Barclay Card

Jez Goldstone

Director of Security Architecture, Cloud & Innovation, Barclay Card

This person does not have a biography listed with CSA.

Sean Heide
Sean Heide
Technical Research Director, CSA

Sean Heide

Technical Research Director, CSA

This person does not have a biography listed with CSA.

Erik Johnson
Erik Johnson
Cloud Security Specialist & Senior Research Analyst

Erik Johnson

Cloud Security Specialist & Senior Research Analyst

Worked for the Federal Reserve for many years and volunteered with the CSA with a focus on CCM/CAIQ V4, specifically the STA domain, and developing a comprehensive framework and guidance for defining and managing the cloud shared security responsibility model (SSRM).

I recently retired from the Federal Reserve and am now consulting with the CSA as a Senior Research Analyst with a focus on Zero Trust and Financial Services.

Linke...

Read more

Alex Kaluza
Alex Kaluza
Research Analyst, CSA

Alex Kaluza

Research Analyst, CSA

This person does not have a biography listed with CSA.

Stephen Lumpe
Stephen Lumpe
Creative Director, CSA

Stephen Lumpe

Creative Director, CSA

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training