The U.S. Department of the Treasury and the Financial Services Sector Coordinating Council (FSSCC) have made resources available to financial services firms on best practices for secure cloud adoption.
The documents and resources are intended to arm financial institutions with effective practices for secure cloud adoption and operations.
These resources stem from a public-private partnership between the Financial and Banking Information Infrastructure Committee (FBIIC) and the FSSCC. Further, the U.S. Department of the Treasury established the Cloud Executive Steering Group (CESG) in May 2023 to help close the gaps identified in Treasury’s report on the Financial Services Sector’s Adoption of Cloud Services. The gaps include:
• Establishing a common lexicon that may be used by financial institutions and regulators in discussions regarding cloud.
• Enhancing information sharing and coordination for examination of cloud service providers.
• Assessing existing authorities for cloud service provider (CSP) oversight.
• Establishing best practices for third-party risk associated with cloud service providers, outsourcing, and due diligence processes to increase transparency.
• Providing a roadmap for institutions considering comprehensive or hybrid cloud adoption strategies including an update to the Financial Sector’s Cloud Profile.
• Improving transparency and monitoring of cloud services for better “security by design.”
“The completion of these two efforts is the culmination of nearly two years of collaboration to further protect our financial system,” Deputy Secretary of the Treasury, Wally Adeyemo said. “The CESG is now a proven model and a new way for the financial services sector to effectively address our most significant cybersecurity challenges.”
Clear explanations for the utility and application of the documents can be found at the U.S. Treasury website. The website also includes links to the FSSCC-led outputs so that financial institutions can consult them at any part of their cloud services adoption journey and risk management process.
“Our financial system is essential infrastructure for the entire economy, and it is deeply reliant on a handful of powerful Big Tech cloud service providers,” Consumer Financial Protection Bureau Director Rohit Chopra said. “Our work will help protect the financial industry from outages and disruption by leveling the playing field between financial firms of all sizes and big cloud service providers.”
The FSSCC is an industry-led, non-profit organization that coordinates critical infrastructure and homeland security activities within the financial services industry. Their members consist of financial trade associations, financial utilities, and financial firms.
“These documents are an important step forward in the CESG’s effort to make the cloud safer and more resilient within and beyond the financial services industry,” Bill Demchak, chairman and CEO, PNC Financial Services Group, said. “The strong partnership between public- and private-sector leaders allows us to take a more holistic, collaborative approach to defending against evolving threats.”
The FBIIC is a committee consisting of 18 member organizations from across the regulatory community at both the federal and state level. The Department of the Treasury’s Assistant Secretary for Financial Institutions chairs the committee.