The
Cloud Usage in the Financial Services Sector v2 survey/paper is in development and ready for working group members to add feedback and additional questions/answers related to current cloud usage in the financial services industry. Below are some related topics from the paper proposed by the working group co-chairs, in which questions and answers for the upcoming survey are being developed from within the document. Some of these topics have Q&A's ready to be reviewed, and others can use further detail, or different types of questions to represent the entire Financial Services Industry. Work on the paper/survey is being done in the following shared Google document:
https://docs.google.com/document/d/1IWJfD5ejEO1nxm1ycbZlEPo-G0mFoTHYXvg9i975WVo/
- Data privacy/sharing: GDPR / Schrems 2
- Vendor risk assessments: SaaS provider -> subcontractor to CSP
- Encryption/key
- Secrets (short lived etc) lifecycle management:
- Compliance infra for SaaS/PaaS decentralized/centralized environments
- Application / Ops: end-to-end understanding/visibility, maturity, documentation (DevOps as a forcing function highlighting gaps in Application teams understanding and appreciation for Ops) / Incident Preparedness within Ops
- Agile maturity: how are orgs benchmarking their maturity within agile adoption
- BCP: region migration (e.g. in response to geo-political events): tension between availability zones vs region (particularly in context of SaaS providers)
- SOC: logging/visibility/response, level of integration with internal/3rd party SOCs
- SaaS integration with SOC - is it happening?
------------------------------
Alex Kaluza
Research Coordinator
Cloud Security Alliance
------------------------------