Security of data, specifically, was such an issue that it was named as four out of the top five concerns.
Security of data, specifically, was such an issue that it was named as four out of the top five concerns.

A large number of security concerns – particularly data security concerns – have financial services firms apprehensive about adopting cloud computing, according to the “How Cloud is Being Used in the Financial Sector” study from the Cloud Security Alliance (CSA).

In a survey of 102 global participants – less than 50 percent had a solidified cloud strategy – from banking and credit unions, insurance groups, investment firms, and government organizations, “security concerns” were unanimously cited as a reason not to adopt the cloud, according to the study.

Security of data, specifically, was such an issue that it was named as four out of the top five concerns.  

For 60 percent of respondents, confidentiality of data was the biggest concern, while 57 percent cited loss of control of data, 55 percent cited data breaches, and 42 percent cited data loss, according to the study. Legal and compliance issues was cited by 51 percent of respondents.

Chenxi Wang, CSA corporate member and report contributor and VP of Cloud Security and Strategy at CipherCloud, told SCMagazine.com in a Thursday email correspondence that financial groups are always concerned about data incidents, but those worries are kicked up a notch when it comes to the cloud.

“With cloud, the concerns are amplified due to the lack of control and lack of visibility,” Wang said. “If there is a way to de-value the data going into the cloud, either through encryption, masking, or some kind of information dispersal techniques before the data hits the cloud, it will alleviate a lot of the concerns over data incidents with respect to cloud computing.”

In the report, 42 percent of respondents said that data encryption solutions have been implemented for the cloud, and 61 percent indicated that ownership of the encryption keys is a concern. Wang said that, for data going into the cloud, organizations can use encryption offered by the cloud service provider, or a solution offered by a third party.