- The U.S. Department of the Treasury documented the benefits of cloud technology in financial services, but warned of challenges posed by increased market consolidation, security risks and IT talent gaps in a Wednesday report.
- Financial services firms need better staff support, transparency and cyber incident response engagement from cloud service providers in order to ease the transition to IaaS, PaaS and other cloud capabilities, the report said.
- Treasury will launch an interagency Cloud Services Steering Group in the next year to address the challenges and promote engagement between the financial sector and CSPs.
Burdened by basements packed with legacy systems and risk averse top-floor executives, banks were initially slow to the cloud. The benefits of migration, demand for digital services and the emergence of industry-specific cloud solutions helped break down resistance, and federal authorities have taken notice.
Described as a “first-of-its-kind report,” the document was produced in coordination with the Treasury-chaired Financial and Banking Information Infrastructure Committee. Financial regulators, private-sector companies, trade associations and think tanks provided additional input.
Federal oversight of financial services remains neutral on the operational and service technologies regulated entities deploy, according to the report. Current regulations require financial institutions to manage tech-related risk, even when operations are outsourced to third parties, such as CSPs.
The report does not impose specific requirements or new standards regarding cloud adoption. Instead, it identifies industry concerns and practical challenges to continued migration, recommending cooperation among financial companies, regulators and CSPs to enhance transparency, security and resilience.
Six broad concerns are highlighted in the report:
- Insufficient transparency by CSPs may undermine risk management and monitoring
- Talent gaps and shortages of critical cloud skills
- Industrywide exposure to CSP breaches and outages
- Cloud market consolidation
- Imbalances in vendor contracts and services
- Lack of uniform international standards
In one case singled out by the committee, a smaller bank was unable to secure its preferred backup configuration from its SaaS provider. A larger financial institution was concerned about the transfer of encryption key protocols when switching service providers. The report also noted U.S. banks felt they had more difficulty obtaining audit rights from CSPs than counterparts based elsewhere.
Companies credited cloud with reduced technology costs, rapid deployment of new IT assets and stronger security and resilience, the report said. Those hesitant to migrate cited contracting and skills challenges, as well as regulatory compliance.
Despite challenges, banks have amped up cloud adoption. Core workload volume in the cloud has more than doubled in the last year, according to a December report by Accenture, which analyzed nearly 100 banks.
“There is no question that providing consumers with secure and reliable financial services means greater demand for cloud-based technologies,” Wally Adeyemo, deputy secretary of the Treasury, said in a release accompanying the department’s Wednesday report.