CSA is partnering with the Cyber Risk Institute (CRI) to provide the financial community with new resources to map and integrate CSA’s Cloud Controls Matrix (CCM) and CRI’s Financial Services Cybersecurity Profile. To learn more, download our group charter.
The main objective of this working group is to identify and share the challenges, risks and best practices for the development, deployment and management of secure cloud services in the financial services industry.
No Meetings Currently Scheduled
Working Group Leadership
I help enable organisations to safely operate and transact online in the face of dynamic and adaptive threats. After 20 years of attacking and defending top tier firms I founded Resilient Security to provide cyber risk and security advisory, consulting and services.
Jim De Haas
Cloud Security Expert
Seasoned security professional with a demonstrated history of working on critical, complex and highly available banking applications. A technology enthusiast, who enjoys collaborating with cross-functional teams. A strong communicator who can evangelize security across the organisation. Specialised in Cloud Security (Both AWS and Azure), IT Security, training DevOps engineers in security topics and making security understandable to non-secu...
Security Strategy, Threat Management. Senior Director, Information Security Strategy and Threat Mgmt at PayPal.
Innovative leader with a strong technical and business background with a track record of success across multiple technology domains and markets. Senior business management and technical leadership experience in the DOD, Private, and Government sectors. Years of experience in the management of medium to large network and systems engineering teams with significant experience in the management of large multi-million dollar data com...
Cloud Security Research for Financial Services
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
Blockchain DLT Use Cases
Innovative technologies of blockchain and other systems of distributed ledger technology (DLT) have proven their ability to increase security of data during transactions and provide immutable long-term data storage. While blockchain technology is primarily associated with Bitcoin cryptocurrency, many other business models are currently taking advantage of blockchain technology. This paper covers nine use cases beyond cryptocurrency for blockchain.
Cloud Octagon Model
In this document CSA provides an approach to assess risk in SaaS cloud computing. The Cloud Octagon Model stems from an approach conceptualized and implemented by the Cloud Security Group within the Technology & Engineering department, Corporate Information Security Office (CISO), ABN AMRO Bank NV (Netherlands). It counts such aspects as procurement, IT governance, architecture, development and engineering, service providers, risk processes, data classification, and country. The model provides practical guidance and structure to all involved risk parties in order to keep pace with rapid changes in privacy and data protection laws and regulations, and changes in technology and its security implications.
Cloud Usage in the Financial Services Sector
This survey analyzes the level of adoption of cloud solutions and requirements from financial institutions’ perspectives. The study analyzed the cloud usage of financial institutions across three main areas of interest: security concerns, regulatory requirements, and governance aspects.
Cloud Security Initiative for the Financial Sector
To participate, submit your interest to [email protected] and we will contact you to learn more about your experience.
Webinars & Resources
Cloud: Real-World Use and Challenges Across Financial Services
In this webinar Craig Balding, Co-Chair for the Financial Services Working Group will discuss: current cloud use in the financial sector, main security concerns such risk management, threat monitoring and technical controls, ie, key management, and established practices for secure and compliant cloud adoption.
How Financial Services can Leverage the Cloud Securely to Drive Business
In this session, our presenters will use case studies and personal experience to outline key steps that can be taken to secure financial technology innovators, and explain how traditional, cloud and potentially even blockchain technologies can be used by corporations to ensure the security they need to drive business forward.
DLT Security Framework for the Finance Industry
Distributed Ledger Technologies introduce a multitude of value propositions for the financial services industry. The pace of innovation is aggressively picking up in use cases pertaining to finance such as digital assets, tokenization and cryptocurrency. However, the security measures are significantly inadequate to support innovation. There is a growing need for increased vigilance and an industry-standard security framework.
|Regulators urge banks to monitor security of cloud service providers||American Banker||May 01, 2020|
|Capital One fine is latest wake-up call for banks using the cloud||American Banker||August 07, 2020|
|Cloud Is on the Rise in Financial Services and Regulators Are Taking Note||ABA Banking Journal||September 29, 2021|