Cloud Hosting

As organizations in the financial sector continue to migrate IT and business services to the cloud and adopt other cloud offerings, it is important that financial institutions understand the risks associated with each. A U.S. Treasury report issued on February 8, 2023, showed that regulators are closely monitoring how the financial sector uses cloud services. With cloud service providers becoming more assertive in shifting risks to their customers, financial institutions may experience higher levels of regulatory scrutiny.

Over the past decade, the financial services sector has steadily migrated many information technology (IT) functions to cloud service providers everything from video teleconferencing to internal communications to customer-facing applications. However, models of adoptions and associated risk vary widely across the sector. As the Financial Services Sector Risk Management Agency , the U.S. Department of the Treasury issued a report on February 8, 2023, assessing these risks and associated challenges affecting the financial sector.

At its most basic level, cloud computing is a means by which organizations can access on-demand network services and infrastructure without having to host their own servers. It is flexible and scalable, so companies can easily add or remove resources as needed. The financial sector, in particular, has found cloud services to be valuable for a range of purposes, such as supporting remote work and using cloud-native capabilities.

Financial institutions are motivated to increase cloud adoption due to benefits such as cost reduction, quicker deployment of new IT assets, faster product and service development, and improved security and resilience. However, these benefits bring with them both risks and other challenges that organizations in the financial sector should consider as they migrate their IT and business functions to the cloud.

In its report, Treasury found as a symptom of rapid adoption of cloud services across the sector the vast majority of financial institutions have implemented cloud services, but at significantly varied maturity levels. A survey by the American Bankers Association (ABA) in 2021 revealed that more than 90 percent of banks surveyed reported maintaining some form of data, applications, or operations in the cloud. Furthermore, more than 80 percent of those surveyed reported being in the early stages of adopting cloud services. Only 5 percent of the surveyed banks described their use of cloud technology as mature.

Various types of cloud offerings public, private, and hybrid exist to cater to diverse service requirements. Public cloud, for instance, allows multiple customers, or "tenants," to share resources. Private cloud, by contrast, is an environment operated exclusively for a single organization, either on or off premises, and allows the cloud to be tailored to meet specific needs, such as security, compliance, or performance. A hybrid model incorporates both public and private cloud services alongside in-house data centers and is the preferred choice for many large financial institutions.

In contrast, some smaller and mid-sized institutions have adopted models using purely public cloud environments, significantly reducing their cost and data center usage but also increasing their risk. If set up properly, public cloud services can offer a resilient and secure setting. However, the level of resilience and security for a specific cloud service may differ dramatically depending on the provider, service, configuration, provisioning, and management. And, importantly, not all of these functionalities may be accessible in every situation.

Treasury has highlighted six primary obstacles to the adoption of cloud technology in the financial industry:

Treasury plans to take a number of steps to assist financial institutions in mitigation risk from the operational disruption of cloud services. As a preliminary step, Treasury plans to establish a Cloud Services Steering Group to address issues raised in this report. The Steering Group's functions will include:

In light of this regulatory focus on how financial institutions are using cloud technologies, financial institutions can take several steps to mitigate the regulatory and security risks associated with cloud adoption.

Read the original:
Banking in the Cloud: How Financial Institutions Can Mitigate the ... - JD Supra