Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Other Opportunities
Event Partnerships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events
Learn and network while you earn CPE credits.
Events
Virtual Events & Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Micro-Trainings
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Zero Trust Advancement Center
CxO Trust
CloudBytes Webinars
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
Zero Trust Architecture
View more
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Incident Response
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Other Opportunities
Event Partnerships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events
Learn and network while you earn CPE credits.
Events
Virtual Events & Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Micro-Trainings
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Zero Trust Advancement Center
CxO Trust
CloudBytes Webinars
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
Zero Trust Architecture
View more
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Global Security Database (GSD)
Incident Response
Top Threats
View all topics
Circle
Events
Blog
Sign In

Research Topic

Financial Services

Latest ResearchWorking Group
Cloud Usage in the Financial Services Sector
Cloud Usage in the Financial Services Sector

Download

Research Topics
About Topic
Working Group
Discussion Community
Publications
Home
Research
Financial Services
The world of IT banking has changed considerably in the past four years in terms of the adoption and usage of cloud computing technology. The finance industry has moved from “dipping their toe” in the cloud, through experiments and proof of concepts, to material and structural use cases supporting key products and services. A shift in the concerns of financial institutions is visible. The focus has moved from technical issues to regulatory and contractual concerns. Themes like education and skill set have come to the fore (perhaps in part driven by adoption of agile practices as exemplified by DevOps). 

What is CSA’s role in helping secure financial services?
The Financial Services working group reaches a global audience and brings together financial service institutions, financial supervisory authorities, data protection authority, and other national regulatory bodies. This group hosts monthly knowledge sharing sessions with its members; and when able, hosts face-to-face meetings in conjunction with industry conferences. 

Together our members discuss and identify commonly acceptable best practices that will help manage the technical security risks related to cloud adoption, and facilitate compliance with laws and regulations. 

CSA is partnering with the Cyber Risk Institute (CRI) to provide the financial community with new resources to map and integrate CSA’s Cloud Controls Matrix (CCM) and CRI’s Financial Services Cybersecurity Profile. To learn more, download our group charter


Financial Services Stakeholder Platform

Discuss this topic in Circle

Have an interesting article or video on this topic that you want to share? Anyone can join the discussion community for this topic to share ideas or ask questions.

View discussion community

Participate in Financial Services Research

The main objective of this working group is to identify and share the challenges, risks and best practices for the development, deployment and management of secure cloud services in the financial services industry.

View the working group

Press MentionSourceDate
Regulatory Implications from 2019 Capital One Hack and Recent Conviction of Former AWS EngineerJD SupraAugust 26, 2022
View all

Cloud Security Research for Financial Services

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Cloud Usage in the Financial Services Sector

Cloud Usage in the Financial Services Sector

This survey takes the temperature of cloud computing in the financial sector and provides guidance to accelerate adoption of secure cloud services. These takeaways will inform the Financial Services working group and serve as actionable items to address the concerns and opportunities associated with cloud computing and financial services.

Access this report
Cloud Octagon Model

Cloud Octagon Model

The Cloud Octagon Model is an approach to assess risk in SaaS cloud computing. It provides practical guidance and structure to all involved risk parties in order to keep pace with rapid changes in privacy and data protection laws and regulations, and changes in technology. The model stems from an approach conceptualized and implemented by the cloud security group within the Technology & Engineering department, Corporate Information Security Office (CISO), ABN AMRO Bank NV (Netherlands). 

Access this report
Blockchain DLT Use Cases

Blockchain DLT Use Cases

Blockchain technology is primarily associated with Bitcoin cryptocurrency at this point. However, many other business models are currently taking advantage of blockchain technology and other DLT properties without cryptocurrency features. This publication details several use cases including how blockchain could be leveraged in the financial industry for Nostro Bank Account Reconciliations. 

Access this report
View All Research

Webinars

Security-as-Code: What's Real and What's Possible with Self-Service and Developer Speed Governance
Security-as-Code: What's Real and What's Possible with Self...

October 26 | TBD

Learn more

Blog Posts

Treading Sensibly - Not Blindly - Into the Metaverse
Read Now
Cyber Resilience – Lessons From Ukraine
Read Now
CSA and the Cyber Risk Institute: CCM Addendum for the Financial Sector
Read Now