Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Get early access to CSA’s Trusted AI Safety Certification Program—updates, resources & beta invites!

FinCloud Security

Improving the security of global cloud adoption for the financial services industry.

Fincloud Security Overview
Leadership Committee
Events
Resources
Home
Financial Services Initiative

The Financial Services Industry (FSI) adoption of cloud computing services has grown extensively in recent years. This trend is expected to continue with the migration of business applications to the cloud, driven both by increasing maturity, sophistication and resilience of cloud-native services and the declining availability of COTS software for on premises use. This includes both traditional and new and innovative technology for banking, commerce, financial transactions, and the exchange of financial and economic data.

CSA's FinCloud Security engages current industry leaders and includes a Leadership Committee to help identify the topics of most interest to the industry. CSA will develop, assemble and share valuable resources such as use cases, research materials, webinars, education, analyst briefings, assurance frameworks, and extensions of the CCM or STAR program. CSA will also organize and host virtual and in person events with significant financial sector content. If you're interested in learning more, you can email us at [email protected].

Latest News from the Financial Services Industry

How to Protect M&A in FinServ: A Conversation with Visa and Expel
How to Protect M&A in FinServ: A Conversation with Visa and Expel

May 7, 2025

Understanding SAQ A and SAQ A-EP Eligibility: A Streamlined Approach to PCI DSS Compliance
Understanding SAQ A and SAQ A-EP Eligibility: A Streamlined Approach to PCI DSS Compliance

April 28, 2025

AI and Privacy 2024 to 2025: Embracing the Future of Global Legal Developments
AI and Privacy 2024 to 2025: Embracing the Future of Global Legal Developments

April 21, 2025

Final Countdown to Compliance: Preparing for PCI DSS v4.x
Final Countdown to Compliance: Preparing for PCI DSS v4.x

April 14, 2025

Analyzing Annual SOC Data to Inform Your 2025 FinServ Security Strategies
Analyzing Annual SOC Data to Inform Your 2025 FinServ Security Strategies

April 9, 2025

Real-Time Credit Data: Fueling Banking Innovation and Growth
Real-Time Credit Data: Fueling Banking Innovation and Growth

April 9, 2025

View all announcements

Identifying Gaps

How Knowledgable are organizations regarding:

Opportunities in Financial Services

Zero Trust safeguards financial clouds, preserving data integrity.

IoT and edge computing amplifies the complexity of security and privacy.

Blockchain protects sensitive data, transactions, and meets compliance.

Artificial Intelligence requires data care, transparency, ethical considerations.

Quantum computing adds urgency to prepare for future threats.

Source: State of Financial Services in Cloud | CSA

FinCloud Security Initiatives

Learn from the Experts

FinCloud Fridays

A monthly webinar series about the financial industry's unique challenges in cloud.

Upcoming and past webinars
Financial Service Industry Briefings

An industry expert gives a topic-specific presentation. This initiative is only available to CSA members.

Learn about CSA membership

Explore FinCloud Resources

HSM as a Service

This white paper describes the Hardware Security Module as a Service cloud delivery model for key management and cryptographic operations.

Learn more
Mapping to PCI DSS v4

Mapping of the CCM v4 to the latest version of the PCI DSS v4.

Access the mapping and learn more
Financial Service Addendum to the CCM:

A framework for the financial sector toward a secure adoption of cloud services, and to limit the challenge of compliance fatigue for both CSPs and Financial Institutions.

View the CCM Working Group

Join the Conversation

Financial Services Industry Community on Circle

Circle is a platform space for you to connect, collaborate and share knowledge with like-minded professionals from around the world. You will have access to the latest industry trends, best practices, and emerging threats related to the Financial Services Industry.

On Circle, you can access exclusive resources, participate in events, and engage in discussion on the topic of financial services. Whether you are looking to expand your knowledge, build your professional network, or stay on top of the latest trends, this CSA community platform is an essential resource.

View the CommunityLearn about Circle

Leadership Committee

CSA looks to our Leadership Committee to contribute to and advise on the overall strategy and roadmap of FinCloud Security. This committee is made up of participants in security leadership roles within financial institutions, the payment ecosystem (including cryptocurrency), and other organizations that initiate or manage financial data and assets within cloud environments.

This committee is reserved for the participation of individuals who work for an organization that is recognized as a CSA corporate member. Learn more about corporate membership here.

Stefani Alger Headshot Missing
Stefani Alger
SWIFT

Stefani Alger

SWIFT

Imre Bako Headshot Missing
Imre Bako
Commerzbank

Imre Bako

Commerzbank

James Barber Headshot Missing
James Barber
GlobalPay

James Barber

GlobalPay

Rolf Becker
Rolf Becker
Co-Founder and Chair at UBS

Rolf Becker

Co-Founder and Chair at UBS

Rolf A. Becker is Head Service Control Governance at UBS, globally responsible for Cloud Governance regarding Risk and Control over the UBS Group Cloud adoption and for outsourcing to external cloud-based 3rd party services. Previous roles have been the management of the Cyber and Information Security Portfolio reporting to the UBS CISO at a global level, and the management of the Client Data Confidentiality Program Unstructured Data Protec...

Read more

Fred Budd
Fred Budd
Vice President, Information Security Engineering, Mastercard

Fred Budd

Vice President, Information Security Engineering, Mastercard

Fred Budd is serving as Vice President, Cloud Security for Mastercard. In this role, he is responsible for the protection of Mastercard’s cloud platforms and driving the evolution of security practices. Fred has over 20 years of diverse experience in security architecture, technology strategy and governance, privacy and compliance, identity management, telecommunications, IT operations, and product innovation. In the past decade, he has foc...

Read more

Alicia Cade Headshot Missing
Alicia Cade
GCP

Alicia Cade

GCP

David Cross Headshot Missing
David Cross
Oracle

David Cross

Oracle

Tom Deprins Headshot Missing
Tom Deprins
Azure

Tom Deprins

Azure

Jason DeVoe Headshot Missing
Jason DeVoe
Voya

Jason DeVoe

Voya

Thomas Dirk Headshot Missing
Thomas Dirk
Commerzbank

Thomas Dirk

Commerzbank

Aly Farooqui Headshot Missing
Aly Farooqui
IBM

Aly Farooqui

IBM

Jez Goldstone
Jez Goldstone
Director of Security Architecture, Cloud & Innovation

Jez Goldstone

Director of Security Architecture, Cloud & Innovation

Jez is a cyber security expert, leader, innovator with over twenty years of IT experience in the Financial Services and other sectors. He has lead innovation initiatives and teams - focusing on where cyber innovations really add value to solve complex business challenges and open up competitive advantage opportunities. I have a keen interest in how Privacy Enhancing Tech, and specifically FHE, can help solve some of these challenges.

Read more

Christian A. Gorke Headshot Missing
Christian A. Gorke
Commerzbank

Christian A. Gorke

Commerzbank

Sean Gray
Sean Gray
Chase

Sean Gray

Chase

Security Strategy, Threat Management. Senior Director, Information Security Strategy and Threat Mgmt at PayPal.

Read more

Jonathan Gutierrez Headshot Missing
Jonathan Gutierrez
Mastercard

Jonathan Gutierrez

Mastercard

Stacy Hughes Headshot Missing
Stacy Hughes
Voya

Stacy Hughes

Voya

Bill Izzo
Bill Izzo
Director, Cloud Security Governance at Depository Trust and Clearing Corporation

Bill Izzo

Director, Cloud Security Governance at Depository Trust and Clearing Corporation

Innovative leader with a strong technical and business background with a track record of success across multiple technology domains and markets. Senior business management and technical leadership experience in the DOD, Private, and Government sectors. Years of experience in the management of medium to large network and systems engineering teams with significant experience in the management of large multi-million dollar data com...

Read more

Phoebe Kao Headshot Missing
Phoebe Kao
Azure

Phoebe Kao

Azure

Shaun Khalfman Headshot Missing
Shaun Khalfman
Discover

Shaun Khalfman

Discover

David Kliemann Headshot Missing
David Kliemann
IBM

David Kliemann

IBM

Sunil Malik Headshot Missing
Sunil Malik
Discover

Sunil Malik

Discover

Cheri McGuire
Cheri McGuire
Chief Technology Officer, SWIFT

Cheri McGuire

Chief Technology Officer, SWIFT

Ms. McGuire is a technology and cyber security leader with over 30 years in strategy, policy, operations and risk, and spanning the financial, IT, consulting and government sectors. She currently serves as the Chief Technology Officer at SWIFT, a member-owned cooperative providing secure financial messaging services and products that connect more than 11,000 financial organizations globally. In her role as CTO, she has responsibility for th...

Read more

David Nickles
David Nickles
AWS

David Nickles

AWS

David Nickles is a Global Audit Program Manager for FSI’s at Amazon Web Services (AWS). His work focuses on enabling financial services institutions to move their workloads to the cloud by providing sound guidance for building programs to ensure regulatory, governance, risk, compliance, audit, and security control requirements are met, align to industry best practices, and appropriate due diligence activity is completed. Prior to AWS, David...

Read more

Sofia Pogrebynska
Sofia Pogrebynska
IT and Cloud Officer

Sofia Pogrebynska

IT and Cloud Officer

Sofia is a product and technology professional with over 10 years experience leading digital innovation in Fortune 500 firms such as Amazon and PayPal as well as startups, covering a broad range of industries including financial services, e-commerce, programmatic advertising technology. In her role of IT and Cloud Officer at PayPal Sofia leads Technology Oversight of all PayPal products and services in Europe, Middle East and Africa (EMEA)...

Read more

Ronald Ritchey Headshot Missing
Ronald Ritchey
Barclay Card

Ronald Ritchey

Barclay Card

Stephan Scharf Headshot Missing
Stephan Scharf
BlackRock

Stephan Scharf

BlackRock

Nashira Spencer Headshot Missing
Nashira Spencer
DTCC

Nashira Spencer

DTCC

David Stone Headshot Missing
David Stone
Google (GCP)

David Stone

Google (GCP)

Erika Voss Headshot Missing
Erika Voss
Capitol One

Erika Voss

Capitol One

James Wilkins Headshot Missing
James Wilkins
UBS

James Wilkins

UBS

Related Resources

View additional resources related to the advancements in the technology of financial services.

BlogsResearch PublicationsWebinars
Understanding SAQ A and SAQ A-EP Eligibility: A Streamlined Approach to PCI DSS Compliance
Understanding SAQ A and SAQ A-EP Eligibility: A...
Download Now
Final Countdown to Compliance: Preparing for PCI DSS v4.x
Final Countdown to Compliance: Preparing for PC...
Download Now
Real-Time Credit Data: Fueling Banking Innovation and Growth
Real-Time Credit Data: Fueling Banking Innovati...
Download Now
View all Blog Posts
State of Financial Services in Cloud
State of Financial Services in Cloud
CSA has been conducting surveys to better understand the adoption of cloud computing technology in the finance industry, bringing together a community of contributors from global banks, fintech, payment processors, insurance companies, financial supervisory authorities, data protection authorities, and other national regulatory bodies.
Access this report
Cloud Octagon Model
Cloud Octagon Model
The Cloud Octagon Model is an approach to assess risk in SaaS cloud computing. It provides practical guidance and structure to all involved risk parties in order to keep pace with rapid changes in privacy and data protection laws and regulations, and changes in technology. The model stems from an approach conceptualized and implemented by the cloud security group within the Technology & Engineering department, Corporate Information Security Office (CISO), ABN AMRO Bank NV (Netherlands). 
Access this report
Blockchain DLT Use Cases
Blockchain DLT Use Cases
Blockchain technology is primarily associated with Bitcoin cryptocurrency at this point. However, many other business models are currently taking advantage of blockchain technology and other DLT properties without cryptocurrency features. This publication details several use cases including how blockchain could be leveraged in the financial industry for Nostro Bank Account Reconciliations. 
Access this report
View all Research
Security-as-Code: What's Real and What's Possible with Self-Service and Developer Speed Governance

Security-as-Code: What's Real and What's Possible with Self...

TBD
October 26, 2021

Watch now

Governance in the Cloud - Managing Data Regulation

Governance in the Cloud - Managing Data Regulation

Online
November 18, 2022

Watch now

State of Cloud Security for Financial Services

State of Cloud Security for Financial Services

Online
October 28, 2022

Watch now

Financial Data in the Hands of Your Partners: Best Practices for Effective Third-Party Management

Financial Data in the Hands of Your Partners: Best Practice...

Online
December 16, 2022

Watch now

View all Webinars