On December 7, 2015, the European Union Agency for Network and Information Security published a report on the secure use of cloud computing in the finance sector. ENISA makes recommendations to financial institutions, national regulators as well as cloud service providers that aim to facilitate the secure adoption of cloud services in the finance sector. According to ENISA, the following are key issues that are hampering the adoption of cloud services by financial institutions: (i) financial institutions and their national regulators are unconvinced about the security benefits of cloud computing even though security is considered very important by CSPs and risk assessments have been carried out by various expert bodies, including ENISA; (ii) lack of detailed guidance on the relevance of national regulations for cloud computing; and (iii) guidance from national regulators on meeting regulatory requirements when adopting cloud computing needs to be further developed. ENISA makes several recommendations, including: (i) national regulators, financial institutions and CSPs should develop effective communication and collaboration to assist the cloud market to evolve quicker; (ii) financial institutions should develop a cloud computing strategy, adopting a risk-based approach to moving to the cloud; (iii) CSPs should work to increase the level of transparency about cloud offerings for financial institutions and their regulators; and (iv) the European Commission, European Agencies and industry bodies should work together to improve the understanding of cloud computing.
The report is available at: https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/cloud-in-finance.