ENISA: Why Cloud adoption in the Finance Sector is still lagging

07 December 2015

Limitations to a consistent regulatory framework and the broad adoption of good practices deters financial institutions from taking advantage of the benefits of cloud computing.

Cloud Computing is currently widely used in several sectors, however, its adoption in the Financial Sector remains low.  European Union Agency for Network and Information Security (ENISA) engaged Financial Institutions (FI), National Financial Supervisory Authorities (NFSA) and Cloud Service Providers (CSP) in a study to analyse the slow uptake of cloud services and provide possible explanations related to the speed of adoption of these services by the financial sector.

This study identified several causes for this slow uptake, including: inconsistent regulatory guidelines on cloud deployment, and concerns about security and data privacy jurisdictions across EU Member States.  For example, almost half of the Financial Institutions surveyed have not developed a cloud risk assessment even though they are aware of specific risks associated with Cloud Computing.  Furthermore, although NFSAs are also aware of the risks of cloud computing, they are insufficiently informed about the security measures implemented by CSPs at all times.

CSPs have difficulties offering services to Financial Institutions due to differences in security and privacy requirements across EU member states, such as the implementation of privacy requirements that are the responsibility of national Data Protection Authorities (DPAs) and not of NFSAs.

ENISA, in cooperation with the European Banking Authority (EBA), held a workshop in October 2015 to further enhance and validate the results.  Participants openly discussed the challenges and debated about the possible causes and potential solutions.  Following the discussions and analysis, ENISA issues "Secure Use of Cloud Computing in the Finance Sector" that includes the following key recommendations:

Press release

Full report

Press release_EBA


NA