This study identified several causes for this slow uptake, including: inconsistent regulatory guidelines on cloud deployment, and concerns about security and data privacy jurisdictions across EU Member States. For example, almost half of the Financial Institutions surveyed have not developed a cloud risk assessment even though they are aware of specific risks associated with Cloud Computing. Furthermore, although NFSAs are also aware of the risks of cloud computing, they are insufficiently informed about the security measures implemented by CSPs at all times.
CSPs have difficulties offering services to Financial Institutions due to differences in security and privacy requirements across EU member states, such as the implementation of privacy requirements that are the responsibility of national Data Protection Authorities (DPAs) and not of NFSAs.
ENISA, in cooperation with the European Banking Authority (EBA), held a workshop in October 2015 to further enhance and validate the results. Participants openly discussed the challenges and debated about the possible causes and potential solutions. Following the discussions and analysis, ENISA issues „Secure Use of Cloud Computing in the Finance Sector“ that includes the following key recommendations:
Udo Helmbrecht, Executive Director of ENISA, said: “The secure adoption of cloud computing will offer significant competitive advantages to the financial institutions. ENISA will work with all relevant stakeholders to support in this direction”.
For full report:
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/cloud-in-finance
The World of Smart ID Solutions
