Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
Train my entire team
Get Involved
Become an Instructor
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Artificial Intelligence
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
Train my entire team
Get Involved
Become an Instructor
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Artificial Intelligence
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Top Threats
View all topics
Cloud 101CircleEventsBlog
Sign In
Gain exclusive access to CSA’s extensive network of cloud security experts by becoming a corporate member. Learn how today.

FinCloud Security

Improving the security of global cloud adoption for the financial services industry.

Fincloud Security Overview
Leadership Committee
Events
Resources
Home
Financial Services Initiative

The Financial Services Industry (FSI) adoption of cloud computing services has grown extensively in recent years. This trend is expected to continue with the migration of business applications to the cloud, driven both by increasing maturity, sophistication and resilience of cloud-native services and the declining availability of COTS software for on premises use. This includes both traditional and new and innovative technology for banking, commerce, financial transactions, and the exchange of financial and economic data.

CSA's FinCloud Security engages current industry leaders and includes a Leadership Committee to help identify the topics of most interest to the industry. CSA will develop, assemble and share valuable resources such as use cases, research materials, webinars, education, analyst briefings, assurance frameworks, and extensions of the CCM or STAR program. CSA will also organize and host virtual and in person events with significant financial sector content. If you're interested in learning more, you can email us at [email protected].

Identifying Gaps

How Knowledgable are organizations regarding:

Opportunities in Financial Services

Zero Trust safeguards financial clouds, preserving data integrity.

IoT and edge computing amplifies the complexity of security and privacy.

Blockchain protects sensitive data, transactions, and meets compliance.

Artificial Intelligence requires data care, transparency, ethical considerations.

Quantum computing adds urgency to prepare for future threats.

Source: State of Financial Services in Cloud | CSA

FinCloud Security Initiatives

Learn from the Experts

FinCloud Fridays

A monthly webinar series about the financial industry's unique challenges in cloud.

Upcoming and past webinars
Financial Service Industry Briefings

A monthly webinar series about the financial industry's unique challenges in cloud.

Learn about CSA membership

Explore FinCloud Resources

HSM as a Service

An upcoming white paper describing the Hardware Security Module as a Service cloud delivery model for key management and cryptographic operations.

View the Key Management Working Group
Mapping to PCI DSS v4

An upcoming document mapping a requirements comparison between CCM v4 and PCI DSS c4.

View the CCM Working Group
Financial Service Addendum to the CCM:

A framework for the financial sector toward a secure adoption of cloud services, and to limit the challenge of compliance fatigue for both CSPs and Financial Institutions.

View the CCM Working Group

Join the Conversation

Financial Services Industry Community on Circle

Circle is a platform space for you to connect, collaborate and share knowledge with like-minded professionals from around the world. You will have access to the latest industry trends, best practices, and emerging threats related to the Financial Services Industry.

On Circle, you can access exclusive resources, participate in events, and engage in discussion on the topic of financial services. Whether you are looking to expand your knowledge, build your professional network, or stay on top of the latest trends, this CSA community platform is an essential resource.

View the CommunityLearn about Circle

Leadership Committee

CSA looks to our Leadership Committee to contribute to and advise on the overall strategy and roadmap of FinCloud Security. This committee is made up of participants in security leadership roles within financial institutions, the payment ecosystem (including cryptocurrency), and other organizations that initiate or manage financial data and assets within cloud environments.

This committee is reserved for the participation of individuals who work for an organization that is recognized as a CSA corporate member. Learn more about corporate membership here.

Related Resources

View additional resources related to the advancements in the technology of financial services.

BlogsResearch PublicationsWebinars
Standards for Quantum-Safe Security and the Financial Industry
Standards for Quantum-Safe Security and the Fin...
Download Now
Financial Services Knows It Needs to Do More to Protect Data in the Cloud
Financial Services Knows It Needs to Do More to...
Download Now
Strong Winds Behind Financial Service Adoption of Cloud (As Long as We Stay Between the Buoys)
Strong Winds Behind Financial Service Adoption ...
Download Now
View all Blog Posts
State of Financial Services in Cloud
State of Financial Services in Cloud
CSA has been conducting surveys to better understand the adoption of cloud computing technology in the finance industry, bringing together a community of contributors from global banks, fintech, payment processors, insurance companies, financial supervisory authorities, data protection authorities, and other national regulatory bodies.
Access this report
Cloud Octagon Model
Cloud Octagon Model
The Cloud Octagon Model is an approach to assess risk in SaaS cloud computing. It provides practical guidance and structure to all involved risk parties in order to keep pace with rapid changes in privacy and data protection laws and regulations, and changes in technology. The model stems from an approach conceptualized and implemented by the cloud security group within the Technology & Engineering department, Corporate Information Security Office (CISO), ABN AMRO Bank NV (Netherlands). 
Access this report
Blockchain DLT Use Cases
Blockchain DLT Use Cases
Blockchain technology is primarily associated with Bitcoin cryptocurrency at this point. However, many other business models are currently taking advantage of blockchain technology and other DLT properties without cryptocurrency features. This publication details several use cases including how blockchain could be leveraged in the financial industry for Nostro Bank Account Reconciliations. 
Access this report
View all Research
Security-as-Code: What's Real and What's Possible with Self-Service and Developer Speed Governance
Security-as-Code: What's Real and What's Possible with Self...

October 26 | TBD

Learn more

View all Webinars