While cloud computing is widely used, its adoption in the financial sector remains low. ENISA, the European Union Agency for Network and Information Security, looked at Financial Institutions (FI), National Financial Supervisory Authorities (NFSA) and Cloud Service Providers (CSP) to analyse the slow uptake of cloud service. The aim; explanations for the slow adoption of these services by the financial sector.
This study found several causes: inconsistent regulatory guidelines on cloud deployment, and concerns about security and data privacy jurisdictions across EU states. For example, almost half of the Financial Institutions surveyed have not developed a cloud risk assessment even though they are aware of specific risks associated with the cloud. Although NFSAs are also aware of the risks of cloud computing, they aren’t informed about the security measures by CSPs at all times.
CSPs have difficulties offering services to banks due to differences in security and privacy requirements across EU member states, such as the privacy requirements that are the responsibility of national Data Protection Authorities (DPAs) and not of NFSAs.
ENISA, with the European Banking Authority (EBA), held a workshop in October 2015. Participants discussed the possible causes and solutions. ENISA issued its report “Secure Use of Cloud Computing in the Finance Sector” that suggested:
– Financial Institutions, National Financial Supervisory Authorities and Cloud Service Providers should co-operate to develop a consistent regulatory framework for the secure adoption of cloud computing based on widely used good practices and standards;
– Financial Institutions should develop and implement a risk assessment approach to cloud computing and integrate it with existing corporate risk management processes
– and cloud service providers should offer transparency in their service offerings and comply with any regulatory provision and widely accepted good practices and standards.
Udo Helmbrecht, Executive Director of Crete-based ENISA, said: “The secure adoption of cloud computing will offer significant competitive advantages to the financial institutions. ENISA will work with all relevant stakeholders to support in this direction.”
For the full report visit the ENISA website.
ENISA separetly has brought out a report on the security of smart homes.
The Internet of Things (IoT) is an emerging concept where interconnected devices and services collect, exchange and process data. In the context of “Smart Homes” IoT and traditional devices and services integrate in a home to enhance quality of life. New Smart Home devices and services appear at a pace, from various manufacturers which may have a limited experience of cyber security. Yet, it is often necessary to integrate these devices in the “Home Area Network” to provide connectivity for data exchange.
Due to these interdependencies, numerous cyber threats appear with consequences for security, health and safety. Hence, sys the agency manufacturers, vendors, developers, and users need to understand how to secure devices and services.
In Smart Homes, the security can be difficult to implement within a heterogeneous ecosystem which integrates several types of devices and services, which usually have limited security due to their weak capacities (whether CPU or battery for example). Moreover the service they provide usually relies on remote infrastructures for cloud storage, analytics or even remote access to the devices.
For the full report visit – https://www.enisa.europa.eu/activities/Resilience-and-CIIP/smart-infrastructures/smart-homes/security-resilience-good-practices.
Picture by Mark Rowe; door, Cambridge.
