The Cloud Security Alliance (CSA) and Ernst & Young (EY) China have released the results of a joint survey into the adoption of cloud computing by the financial services industry in China, saying adoption has reached a tipping point within the industry.
Keith Yuen, partner and Greater China cyber security leader for Ernst & Young, said: "More and more FSI organizations have adopted or are planning to adopt some form of cloud computing technology. The key is to balance the risks with the benefits this technology offers to business."
Jeremy Pizzala, partner, cyber security leader of financial services risk advisory at Ernst & Young, said: "FSIs based in the Asia Pacific and Greater China region are facing an unprecedented challenge in terms of the cyber security environment they operate in. The rapid adoption of digital business models, including cloud, has exposed FSIs' perimeters like never before and in the process made the task of anticipating and defending against cyber threats more complex.
"In addition the region's financial regulators are increasing the scope of and penalties associated with cyber security regulations, in line with the increasing volumes and sophistication of cyber attacks that the market is witnessing. FSIs' responses need to take a targeted approach, focusing on protecting their 'crown jewel' assets and processes and increasingly leveraging the power of data analytics to anticipate and detect threats before they cause significant loss."
The report publishes key findings in the areas of cloud adoption, IT security budgets, cloud computing and cyber security skills, as well as cloud service compliance and regulations.
Key findings include:
- Forty eight percent of the FSIs in China say they are developing a cloud strategy, and 44 percent say they have developed a cloud strategy, and eight percent say they have a strict ‘no-cloud' policy.
- Fifty four percent said their organization had no predetermined compliance regulations around putting data into the cloud. "This implies that over half of the organizations do not feel the need to define a strategy to address cloud service data security and compliance regulations within the organization," EY said.
- Thirty eight percent of respondents said the top cloud threat in their organization was the lack of security management leadership. "When there is a lack of emphasis on cloud services regulations and requirements by the organization, it is almost a direct indication that the C-level management will do little to prioritize the initiative," EY said.