Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Download Publication

Home
Publications
State of Financial Services in Cloud
State of Financial Services in Cloud

State of Financial Services in Cloud

Release Date: 06/05/2023

Working Group: Financial Services Industry

In recent years, the financial services industry has increasingly adopted cloud services. This trend is expected to continue with the further adoption and integration of cloud service provider functions, replacing traditional technology for banking, commerce, financial transactions, and the exchange of financial data. 

Due to this trend, CSA has been conducting surveys to better understand the adoption of cloud computing technology in the finance industry, bringing together a community of contributors from global banks, fintech, payment processors, insurance companies, financial supervisory authorities, data protection authorities, and other national regulatory bodies. Now, with this latest report, we aim to better understand: 
  • Financial institutions’ level of adoption of cloud solutions and requirements compared to prior surveys conducted in 2019-2020. 
  • Current challenges facing the financial services industry. 
  • Opportunities for CSA to create guidance on protecting financial data and related assets within secure cloud services.
Most evident from this report is that cloud services are becoming well-rooted in all aspects of financial services and are expected to be used for a very long time. No longer is the question as to whether cloud will be adopted, but about the execution of how: how to adopt cloud-native security, how to apply Zero Trust methodologies, and how to educate all relevant stakeholders. 

Key Takeaways:
  • 98% of organizations are using some form of cloud computing, up from 91% in 2020.
  • 57% of organizations currently use multiple cloud providers for their IaaS/PaaS needs. 
  • 59% of organizations store or process regulated banking information within cloud services, with only 25% having no future plans to do so.
  • A common pain point is the need for broader awareness of approaches to auditing cloud services by regulators and auditors. 
  • 65% of organizations use CSA’s CCM and CAIQ to demonstrate adherence to frameworks, establish an internal cloud security controls framework, and establish an internal cloud risk management approach.
Download this Resource

Bookmark
Share
View translations
Related resources

Related Resources

PublicationsBlogs
Map the Transaction Flows for Zero Trust
Map the Transaction Flows for Zero Trust
Download Now
Top Concerns With Vulnerability Data
Top Concerns With Vulnerability Data
Download Now
Using Asymmetric Cryptography to Help Achieve Zero Trust Objectives
Using Asymmetric Cryptography to Help Achieve Z...
Download Now
View all publications
The Lost Art of Visibility, in the World of Clouds
The Lost Art of Visibility, in the World of Clouds
Published: 11/20/2024
Group-Based Permissions and IGA Shortcomings in the Cloud
Group-Based Permissions and IGA Shortcomings in the Cloud
Published: 11/18/2024
9 Tips to Simplify and Improve Unstructured Data Security
9 Tips to Simplify and Improve Unstructured Data Security
Published: 11/18/2024
How AI Changes End-User Experience Optimization and Can Reinvent IT
How AI Changes End-User Experience Optimization and Can Reinvent IT
Published: 11/15/2024
View all blogs
View all webinars

Acknowledgements

Vinay Patel
Vinay Patel
Chief Information Security Officer, Zendesk

Vinay Patel

Chief Information Security Officer, Zendesk

As Finastra’s CISO, Vinay is responsible for establishing an intelligence-led, threat-focused information security program capable of detecting and protecting against emerging cyberattacks targeting Finastra and/or its clients.

Read more

Troy Leach
Troy Leach
Chief Strategy Officer (CSO), CSA

Troy Leach

Chief Strategy Officer (CSO), CSA

Troy Leach has spent more than 25 years advocating for the advancement of responsible, safe technology to improve the quality of living and parity for all.

As the Chief Strategy Officer, Mr. Leach supports Cloud Security Alliance's corporate strategy and ongoing mission to provide new and relevant cloud security awareness, education, research, programs and membership participation. Mr. Leach specifically focuses on external engageme...

Read more

Hillary Baron
Hillary Baron
Senior Technical Director - Research, CSA

Hillary Baron

Senior Technical Director - Research, CSA

John Yeoh
John Yeoh
Global Vice President of Research, CSA

John Yeoh

Global Vice President of Research, CSA

With over 15 years of experience in research and technology, John excels at executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, Big Data, SecaaS, Quantum). John specializes in risk management, third party assessment, GRC, data protection, incid...

Read more

Daniele Catteddu
Daniele Catteddu
Chief Technology Officer, CSA

Daniele Catteddu

Chief Technology Officer, CSA

Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, ...

Read more

Ryan Gifford
Ryan Gifford
Research Analyst, CSA

Ryan Gifford

Research Analyst, CSA

Jez Goldstone
Jez Goldstone
Director of Security Architecture, Cloud & Innovation

Jez Goldstone

Director of Security Architecture, Cloud & Innovation

Jez is a cyber security expert, leader, innovator with over twenty years of IT experience in the Financial Services and other sectors. He has lead innovation initiatives and teams - focusing on where cyber innovations really add value to solve complex business challenges and open up competitive advantage opportunities. I have a keen interest in how Privacy Enhancing Tech, and specifically FHE, can help solve some of these challenges.

Read more

Sean Heide
Sean Heide
Technical Research Director, CSA

Sean Heide

Technical Research Director, CSA

Erik Johnson
Erik Johnson
Cloud Security Specialist & Senior Research Analyst, CSA

Erik Johnson

Cloud Security Specialist & Senior Research Analyst, CSA

Worked for the Federal Reserve for many years and volunteered with the CSA with a focus on CCM/CAIQ V4, specifically the STA domain, and developing a comprehensive framework and guidance for defining and managing the cloud shared security responsibility model (SSRM).

I recently retired from the Federal Reserve and am now consulting with the CSA as a Senior Research Analyst with a focus on Zero Trust and Financial Services.

Linke...

Read more

Alex Kaluza
Alex Kaluza
Research Analyst, CSA

Alex Kaluza

Research Analyst, CSA

Stephen Lumpe
Stephen Lumpe
Senior Graphic Designer, CSA

Stephen Lumpe

Senior Graphic Designer, CSA

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Join this Working Group
View all Working Groups

Related Certificates & Training