ENISA Cloud and Finance Workshop

Download as pdf or txt
Download as pdf or txt
You are on page 1of 15

Cloud Computing - Cyber Security Challenges

for the Finance Sector


Dr. Evangelos Ouzounis
Head of Unit – Secure Infrastructures and Services - ENISA
European Union Agency For Network And Information Security
Positioning ENISA activities

2
Cloud Opportunities for Finance Sector

Economies of Scale Support innovation


• Better ROI • Easier deployment of new
services
• More efficient resource utilization
also means cost savings • Faster time to market

High Resiliency Standardised solutions

• Better back up services • Better patch management

• Better business continuity • Better software update


management
• Portable and interoperable
Cloud Challenges for Finance Sector

Isolation Failures Compliance Risks


• One Cloud customer might be • Provide enough evidence for
able to influence the resources of taking care of data
another (CPU, Memory)
• Prove prudent risk management
• ..or have access to another
customers’ data (data breach) practices

Loss of Governance Vendor Lock-in


• Control sufficiently the resources • Always have exit strategy
in the Cloud
• Properly remove the data from
• This also affects security the Cloud

Presentation Title | Speaker Name


ENISA’s study

Objectives of the study

• Identify the status on cloud adoption in EU and


elsewhere

• Identify good practices at technical and policy level

• Recommend good practices to be used by banks and


regulators

• Propose recommendations to policy makers, banks


and Cloud providers
Cloud Adoption - Status
• Existing regulations and policies focus on finance core operations and do
not cover sufficiently cloud cyber security

• Challenges with data jurisdiction and data protection rules

• Not enough understanding/knowledge on cloud challenges by


regulatory authorities

• Unclear regulatory and policy environment makes difficult deployment


of Cloud for financial institutions

• Many standards in the cloud area complicate both financial institutions


and regulators to deploy cloud, as none of them is widely accepted

• ad-hoc implementations focus on clouds in non-core business; limited


strategic view
Has your Financial Institution developed a
detailed corporate risk assessment for Cloud
Computing?
Main challenges to cloud computing
Which regulations mainly impact
Cloud adoption?
How do you ensure compliance?
Recommendations
Cooperation between FIs, NFSA and CSPs
- Good practices and guidelines in the area of Cloud security
- EU wide harmonization of legal and regulatory requirements

Risk assessment and cloud strategy


- FI to develop a corporate risk assessment and strategy for deploying
Cloud

Transparency & Assurance


- CSPs to provide proven evidence of good cyber practices (incident
handling, resilience, .. ) in use

Awareness campaigns
- FI, NFSA and CSP to co-operate on bridging the knowledge and awareness
gap on cyber security of cloud
Next Steps

• ENISA remains ready to:


- Provide more expert support where useful and needed to
address the identified challenges
- Continue as a catalyst for the needed information
exchange, cooperation and discussions between FIs,
regulators and CSPs
- Continue the established cooperation with the regulatory
authorities
Co-operation with other initiatives
• The SecuRe Pay (Security of Retail Payment
Systems) working group, namely
- secure communication,
- secure customer authentication
- incident reporting

• The Task Force on IT Risk Supervision


- Transversal IT risk identification and analysis
- IT risk and experiences - Cloud computing
- Guidelines on the assessment of IT risk
- Cooperation and training
Conclusions
• cloud modernizes the Financial Sector and achieves significant
business benefits
• cyber security is key enabler for the smooth cloud adoption
• existing policies and regulations do not cover fully cyber security
challenges related to cloud
• policy makers are not fully aware of the major cyber security
challenges
• Plethora of good practices on cloud but not focused on finance sector
• limited information sharing among public and private sector on major
cloud incidents affecting finance sector

ENISA will co-operate with policy makers (e.g. EBA, NFSAs) & private
sector (e.g. banks, cloud providers) to accelerate cloud adoption in the
finance sector

14
Thank you

PO Box 1309, 710 01 Heraklion, Greece


Tel: +30 28 14 40 9710
[email protected]
www.enisa.europa.eu

You might also like