Feb. 8 (UPI) — A U.S. Treasury Department issued a report on Wednesday warning that more work is needed to mitigate the risks associated with financial services moving to the cloud.
While the report did not place any requirements for cloud-based financial services or endorse or discourage the use of any specific provider or services, the department said it found more cybersecurity incident response engagement, more staff support and greater transparency are likely needed.
“There is no question that providing consumers with secure and reliable financial services means greater demand for cloud-based technologies,” said Deputy Secretary of the Treasury Wally Adeyemo in a statement. “Treasury is committed to working with financial regulators, industry partners, and cloud service providers to drive greater collaboration and transparency. By building trust, cooperation, and collaboration at the outset, we can promote safe and effective migration for financial institutions that choose to adopt cloud services.”
The Treasury Department also announced it is launching a Cloud Services Steering Group within the next year to strengthen regulatory and private sector cooperation on cloud-based financial services.
The steering group will work to implement recommendations, including closer domestic cooperation among U.S. regulators on cloud services, additional tabletop exercises with the private sector and development of best practices for cloud adoption frameworks and cloud contracts.
The report found “insufficient transparency to support due diligence and monitoring by financial institutions” and “gaps in human capital and tools needed to securely deploy cloud services.”
It also highlighted concerns about cyber vulnerability, with financial institutions expressing concerns that a security incident at one cloud service provider could cascade across the broader financial sector.
“While cloud services can have potential benefits for resilience and security, financial institutions are still exposed to risks associated with technical vulnerabilities at CSPs and face practical challenges to mitigating such risks or migrating their operations to another provider,” the Treasury Department said in a statement.
The report noted that the current cloud financial service market is concentrated around a small number of CSP’s and if an incident happens it could “affect many financial sector clients concurrently.”
According to the report, a patchwork of global regulatory approaches “can make it nearly impossible for U.S. financial institutions to adopt cloud consistently at a global scale, reducing CSP use in the market and raising costs for cloud adoption strategies, which ultimately impacts consumers.”
The Treasury report on the benefits and challenges of cloud-based financial services was developed with members of the Financial and Banking Information Infrastructure Committee.
It was developed using major input from U.S. financial regulators, trade associations, think tanks and private sector stakeholders, according to the Treasury Department.