Europe: big perception gap between financial institutions and security professionals on cloud security

These are among the findings of the ENISA report titled “Secure Use of Cloud Computing in the Finance Sector,” published in December 2015. According to research, cited by securityintelligence.com, while over 87% of those institutions are already using some form of cloud computing, their knowledge of basic cloud technologies and best practices is either sadly disappointing or shocking.

Results showed that there is a big perception gap between financial institutions and security professionals regarding cloud security. Many regulators mistakenly see outsourcing and cloud computing as similar entities. For example, almost half of the financial institutions surveyed have not developed a cloud risk assessment even though they are aware of specific risks associated with cloud computing.

There are many misunderstandings about the cloud, from the basic underlying technologies to which regulations are relevant for cloud computing and how to improve cloud security. Some survey respondents blamed the confusing patchwork of cloud security regulations across the EU as the main obstacle for implementing cloud initiatives.

It seems Europe’s attitudes about the cloud are behind the times, especially when compared to North America: many surveyed felt security and privacy were the biggest limitations for cloud adoption. Almost a quarter of survey respondents from the regulatory bodies believed public cloud services should never be used in the finance sector.

The study was sponsored by the European Union Agency for Network and Information Security (ENISA is its French acronym) and had input from the Cloud Security Alliance, an international best practices body. The authors developed two survey instruments: one for financial and cloud service providers, and the other for the national regulatory bodies in various EU countries. The surveys were followed up with a series of phone calls. More than 40 entities participated. The report is available at: https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/cloud-in-finance.