Secure Cloud Adoption: New Resources On Effective Practices

U.S. Treasury, FSSCC have made a new suite of resources available to provide financial services institutions with advice on effective practices for secure cloud adoption.

Secure Cloud Adoption
(Image: Adobe Stock / Generated with AI by Slowlifetrader)

A suite of resources for financial services institutions on effective practices for their secure cloud adoption journey is now available from the U.S. Department of the Treasury and the Financial Services Sector Coordinating Council (FSSCC). These five documents are the result of a year-long public-private partnership of the Financial and Banking Information Infrastructure Committee (FBIIC) and the FSSCC.

Treasury formed the Cloud Executive Steering Group (CESG) in May 2023 at the direction of the Financial Stability Oversight Council (FSOC). The goal was to help close the gaps identified in its landmark report on the Financial Services Sector’s Adoption of Cloud Services. The resulting documents are intended to arm financial institutions of all sizes with effective practices for secure cloud adoption and operations, and to establish a continuing effort and partnership to begin to address the gaps identified in Treasury’s report.

These practices include:

  • Establishing a common lexicon that may be used by financial institutions and regulators in discussions regarding cloud.
  • Enhancing information sharing and coordination for examination of cloud service providers.
  • Assessing existing authorities for cloud service provider (CSP) oversight.
  • Establishing best practices for third-party risk associated with cloud service providers, outsourcing, and due diligence processes to increase transparency.
  • Providing a roadmap for institutions considering comprehensive or hybrid cloud adoption strategies including an update to the Financial Sector’s Cloud Profile.
  • Improving transparency and monitoring of cloud services for better “security by design.”

“The completion of these two efforts is the culmination of nearly two years of collaboration to further protect our financial system,” said Deputy Secretary of the Treasury Wally Adeyemo. “The CESG is now a proven model and a new way for the financial services sector to effectively address our most significant cybersecurity challenges.”

“Our financial system is essential infrastructure for the entire economy, and it is deeply reliant on a handful of powerful Big Tech cloud service providers,” commented Consumer Financial Protection Bureau Director Rohit Chopra. “Our work will help protect the financial industry from outages and disruption by leveling the playing field between financial firms of all sizes and big cloud service providers.”

“Banks and other financial services firms know they must adapt to new technologies, but many have been uncertain as to how to do so safely and soundly,” said Acting Comptroller of the Currency Michael J. Hsu. “Today’s publications mark a significant step forward by providing a roadmap and helpful resources for banks of all sizes. These documents also clarify cloud service providers’ responsibilities for ensuring a secure and resilient financial system.”

“These documents are an important step forward in the CESG’s effort to make the cloud safer and more resilient within and beyond the financial services industry,” said Bill Demchak, Chairman and CEO, PNC Financial Services Group. “The strong partnership between public- and private-sector leaders allows us to take a more holistic, collaborative approach to defending against evolving threats.”

The CESG model represents a public-private partnership between Treasury, FBIIC, FSSCC, and cloud service providers (CSPs). Clear explanations for the utility and application of the documents can be found on the U.S. Treasury website. The website also includes links to the FSSCC-led outputs so that financial institutions can consult them at any part of their cloud services adoption journey and risk management process.

The documents offered are:

  • Cloud Profile 2.0
  • Financial Sector Cloud Outsourcing Issues and Considerations
  • Transparency and Monitoring for Better “Secure-by-Design”
  • Cloud Lexicon
  • Coordinated Information Sharing and Examinations Initiative

Under joint FBIIC and FSSCC leadership, the U.S. Treasury and FSSCC plan to publish additional items related to cloud cyber incident response coordination and cloud concentration risk as they are completed throughout the year.

Click here for more news and insights about the financial industry.

Business Continuity, Cyber, Enterprise Risk, Featured, Financial, Security, Technology

Best Practices, Business Resiliency, Cloud Adoption, Cloud Executive Steering Group, Cloud Security, Cybersecurity, Financial Services, Financial Services Sector Coordinating Council, FSSCC, U.S. Treasury

Sponsored Content
Featured Video

Webinars, Podcasts & Videos

Business Continuity Webinar

Did You Miss Our Latest Business Continuity Webinar?

It's not too late! You can still watch the “Business Continuity Exercise Planning and Facilitation Techniques To Start Now” video webinar.

facility resilience webinar

From Prevention To Action: The Role Of Facilities Management In Handling Emergencies And Maintenance

This free webinar on facility resilience will provide actionable strategies to safeguard assets, protect lives, and ensure operational continuity.

adaptive decision-making

Listen Now: Decision-Making During A Crisis

Robert C. Chandler, Ph.D, Founder and Principal of Emperiria discusses his research on adaptive decision-making in this podcast.

Receive the latest articles in your inbox

Share to...