The dominance of a handful of cloud service providers in the financial sector raises concerns about operational resilience and the bargaining power vendors have in negotiations with smaller FS players, according to a US Department of the Treasury report.
The report says that cloud services can help financial institutions become more resilient and secure, but that there are some significant challenges that could detract from these benefits. With this in mind, the Treasury has launched an interagency cloud services steering committee to bolster regulatory and private sector cooperation. The current market is concentrated around a small number of providers - Amazon Web Services, Google and Microsoft Azure - which means that if an incident occurs at one, it could affect many financial sector clients concurrently. This concentration likely exists across banking, securities, and insurance markets, says the report but regulators "need to close significant data gaps to assess how the sector might be affected by this type of incident". The dominance of a small group of providers may also give them "outsized bargaining power" that could hurt smaller financial institutions when negotiating contractual terms. Community banks have also told the Treasury that they do not often receive details of incidents or outages impacting their systems, which impacts their ability to fully understand risks associated with cloud services so they can build their technology architecture with appropriate protections for consumers. "While recognising that CSPs provide significant information to financial institutions already, Treasury believes that further efforts are needed to achieve the right balance of information sharing between CSPs and financial institutions," says the report. Many financial institutions also expressed concern that a cyber vulnerability or incident at one provider may have a cascading impact across the broader financial sector. Finally, the talent pool related to cloud services is "well below demand" and providers need to "increase employee engagement experts, and to improve supportive technological tools and adoption frameworks".
Read the report
By on Thu, 09 Feb 2023 00:01:00 GMT
Original link