Survey: Cloud Risk Growing in Financial ServicesCloud Security Alliance's Troy Leach Warns That Regulators Are Eying 3rd-Party Risk
The use of cloud by financial services firms has risen from 91% to 98%, and multi-cloud for critical operations has risen dramatically, triggering greater risk and regulatory scrutiny, said Troy Leach, chief strategy officer at the Cloud Security Alliance, citing an upcoming survey.
The survey shows that only 33% of financial firms are not using cloud for critical operations. Regulators globally are increasingly looking at third-party risk as supply chain transparency and assurance rise on the agenda, Leach said.
Leach emphasized the need for understanding that it's a complex and dynamic area, and he said he hopes banking regulators do not over-regulate. He also warned end users about a lack of understanding of shared responsibilities and advised them to keep up to date with global regulations, to collect and retain data, and to monitor to demonstrate to regulators that they are compliant.
In this video interview with Information Security Media Group at RSA Conference 2023, Leach discussed:
- Key findings in the Status of Cloud in Financial Services survey;
- The regulatory climate for cloud and third-party risk;
- Understanding shared responsibilities with cloud providers.
Troy Leach, who leads strategy for the nonprofit Cloud Security Alliance, sits on several advisory boards as an expert in information security and financial payments. Leach founded a consulting practice that advises firms on opportunities to leverage blockchain technology, zero trust and various cloud services to create safe and trusted environments. Previously, Leach helped establish and lead the PCI Security Standards Council, which creates global standards and certification programs, as CTO and chief standards architect.