The European Network and Information Security Agency (ENISA) has published a report on the secure use of cloud computing in the finance sector (the Report).

The ENISA notes that whilst cloud computing is widely used in several sectors its adoption in the financial sector remains low, with the vast majority of financial institutions still relying on in-house infrastructure.

The Report, which is based on a study to analyse the slow uptake of cloud services and provide possible explanations related to the speed of adoption of these services by the financial sector, sets out good practices and recommendations to financial institutions (FIs), national financial supervisory authorities (NFSAs) and cloud service providers (CSPs) to support the secure adoption of cloud services in the finance sector.

The recommendations include the following:

• NFSAs, FIs and CSPs to cooperate on extending national good practices and standards in the areas of cloud governance and risk management;
• NFSAs to define practices and standards for incident information sharing;
• NFSAs to define minimum security requirements for adoption of cloud computing in FIs;
• FIs to develop a cloud strategy in order to define their approach to cloud computing;
• CSPs to continue their efforts to provide transparency and assurance to NFSAs and FIs;
• EU institutions in cooperation with CSPs to create information campaigns to better inform both regulators and FIs about the security risks and opportunities connected to the use of cloud computing; and
• EU institutions in cooperation with NFSAs to continue their work on harmonizing the legal and regulatory environment within the EU.

The Report has also been acknowledged by the European Banking Authority.

View Why Cloud adoption in the Finance Sector is still lagging, 7 December 2015