Cloud services can help financial institutions become more resilient and secure, but a recent report from the Treasury Department found that there are some challenges that can take away from these benefits.
The agency earlier this year issued the report, which looks at potential benefits and challenges associated with the increasing trend of financial sector firms adopting cloud services.
Todd Conklin, deputy assistant secretary at the Department of Treasury’s Office of Cybersecurity and Critical Infrastructure Protection, broke down some of these challenges during an Atlantic Council event on July 17.
“Cloud is no longer an emerging technology with the financial sector for software-as-a-service,” Conklin said. “Nearly every single financial institution, whether it be small or large, is leveraging cloud for multiple elements of software-as-a-service applications.”
For smaller institutions, Conklin explained that many of them were almost forced to move to the cloud “before they were even ready as an organization.” He explained how the availability of technology talent is a big challenge for those smaller institutions.
“The point that we wanted to pivot to in our next steps is how do we then rethink the shared responsibility model, knowing that there’s not a widespread availability of cybersecurity talent – let alone cloud-specific cybersecurity talent especially for our smallest institutions,” Conklin said.
According to the report, public cloud offerings are deployed using a shared responsibility model – meaning both cloud service providers and financial institutions need to take actions to secure and monitor the cloud environment.
“How do we make sure that we’re leveraging the public-private partnership and engagement with cloud providers, not just to drive more transparency on their back ends, but to get them to kind of recalibrate their shared responsibility model,” he added.
Addressing gaps in human capital is just one gap Conklin said the report addresses. However, in response to the report, Conklin said the Treasury Department’s Financial and Banking Information Infrastructure Committee (FBIIC) launched a series of next steps and established a cloud executive steering group to address these gaps.
“We want to make sure there’s a partnership,” he said. “We’re not approaching this as beating the cloud providers over the head … the landscape has really shifted over the last few years. Let’s make sure we’re recalibrating, not accusing one over the other.”