Financial sector's growing focus on cloud resiliency in 2023

The Cloud Security Alliance (CSA) has released a comprehensive report highlighting key aspects of data resiliency within the financial sector, emphasising regulatory compliance, cloud adoption strategies, and security practices.

The survey conducted by CSA, and commissioned by the Depository Trust & Clearing Corporation (DTCC), reflects the cautious but increasing adoption of cloud technologies by financial institutions (FIs), which are also embracing multi-cloud strategies to prevent vendor lock-in and enhance data sovereignty.

Troy Leach, Chief Strategy Officer at Cloud Security Alliance, commented on the findings, stating, "Resiliency of third-party cloud services and the protection of data has become increasingly important to the financial service industry and those with regulatory oversight as the supply-chain continues to be targeted by cyber threats. With several new regulations for resiliency being enacted in 2025, it is important for security and governance professionals to understand the expectations and prepare now for the next generation of regulation and technology complexities."

The report outlines differences in data resiliency approaches between financial and non-financial institutions, delving into cloud adoption frameworks, confidence levels in services, and regional challenges. It also underscores the relevance of advanced technologies such as containerisation and serverless computing in increasing workload resiliency, in addition to advocating for regular policy reviews and security assessments beyond what regulations require.

Tim Cuddihy, Managing Director and Group Chief Risk Officer at DTCC, remarked on the necessary balance FIs must maintain, saying, "In order to better safeguard against the ever-evolving landscape of cyber threats and operational challenges, financial institutions must adopt a measured approach to data resiliency, one that involves a careful balance between strategic objectives, technological adoption, and regulatory compliance."

The report notes that while 78% of financial institutions currently utilise single-cloud environments for their simplicity and cost-effectiveness, there is a growing trend towards adopting multi-cloud strategies to bolster resilience. Comparatively, a significant portion of FIs (60%) are prioritising disaster recovery preparedness, whereas 58% focus on improving infrastructure scalability and availability—figures that are notably higher than their non-financial counterparts.

Surveyed respondents raised concerns over internal challenges related to cloud and cybersecurity skills gaps (49%), as well as the inadequacy of identity and access management systems (31%).

Generative artificial intelligence (GenAI) also emerged as a noteworthy concern in the report, with data privacy and integrity leading these worries. Twenty-six percent of financial institutions and 24% of non-financial institutions cited this as a top concern.

The questionnaire for this survey was co-developed by DTCC and CSA's Data Security Working Group and conducted online, garnering 872 responses from IT and security professionals across a wide range of organisations. Members of CSA Financial Leadership Committee, CSA Research team, and CSA Data Security Working Group analysed and interpreted the data to highlight the distinctions between financial and non-financial respondents.