Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

CSA Official Press Release

Published 11/02/2016

Cloud Security Alliance Releases Chinese Financial Services Report with Ernst & Young China

Cloud Security Alliance Releases Chinese Financial Services Report with Ernst & Young China

Beijing, CHINA – November 1, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and Ernst & Young (EY) China, today released the results of a joint survey, “Financial Services Industry Cloud Adoption Survey: China”. The release was announced in Beijing at the 6th CSA Greater China Region (GCR) Summit. Mao Zuokui Director of Cyberspace Administration of the Ministry of Industry and Information Technology of China, Roman Sheredin Deputy Director of the Federal Communications Agency of Russia, Moctar Yedaly Head of Information Society Division of AUC and Zhang Yaqin CEO of Baidu were among the keynote speakers at the Summit.

The Financial Services Institutions (FSI) industry is heavily regulated internationally, and thus must be cautious about the adoption of new technologies. However, with the improvement of cloud security over the years, many FSIs have become more confident in embracing cloud computing technologies. Having seen this trend, the CSA and its partner, EY China, jointly conducted the “Financial Services Industry Cloud Adoption Survey: China”, which surveyed IT and security professionals in the FSIs in China about their cloud service adoption plans and priorities.

“The goal of this survey was not only to raise awareness around cloud service adoption, but also to provide insight into how finance, government, insurance, and security decision makers take action in their organization within China,” said Aloysius Cheang, Executive Vice President, Asia Pacific for the Cloud Security Alliance. “These actions included consolidating and standardizing the most secure cloud services, knowing what policies would have the most impact, as well as understanding where and how to educate users. The report also aims to provide a clearer picture of cloud adoption and to identify potential gaps that are holding back the adoption of cloud within the FSI sector in China.”

Keith Yuen, Partner, Greater China cybersecurity leader for Ernst & Young noted that, “Cloud computing has reached a tipping point in multiple industries, and FSI is no exception. More and more FSI organizations have adopted or are planning to adopt some form of cloud computing technology. The key is to balance the risks with the benefits this technology offers to business.”

The report publishes key findings in the areas of cloud adoption, IT security budgets, cloud computing and cyber security skills, as well as cloud service compliance and regulations. Key findings include:

  • 47.9% of the FSIs in China say they are developing a Cloud strategy, and 43.8% say they have developed a Cloud strategy, and 8.3% say they have a strict no Cloud policy.
  • 54.2% mention that no Cloud service data security and compliance regulations are predetermined in their organization. This implies that over half of the organizations do not feel the need to define a strategy to address Cloud service data security and compliance regulations within the organization.
  • 37.5% of the respondents say that the top Cloud threat in their organization is the lack of security management leadership. When there is a lack of emphasis on Cloud services regulations and requirements by the organization, it is almost a direct indication that the C-level management will do little to prioritize the initiative.

“FSI’s based in the Asia Pacific and Greater China region are facing an unprecedented challenge in terms of the cyber security environment they operate in,” said Jeremy Pizzala, Partner, Cybersecurity leader of Financial Services Risk Advisory at Ernst & Young. “The rapid adoption of digital business models, including cloud, has exposed FSI’s perimeters like never before and in the process made the task of anticipating and defending against cyber threats more complex. In addition the regions financial regulators are increasing the scope of and penalties associated with cybersecurity regulations, in line with the increasing volumes and sophistication of cyber attacks that the market is witnessing. FSI’s responses need to take a targeted approach, focusing on protecting their ‘crown jewel’ assets and processes and increasingly leveraging the power of data analytics to anticipate and detect threats before they cause significant loss.”

“We would like to thank EY China for their on going support and contributions to this survey, and to our broader efforts to understand and educate the market on cloud adoption in the APAC region,” said Cheang.

The full survey report can be accessed at:

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at, and follow us on Twitter @cloudsa.


Kari Walker for the CSA
ZAG Communications
[email protected]

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.