US Treasury warns that improper use of computing may put financial firms at risk

The US Department of Treasury (USDT) has told financial institutions they are putting themselves at risk by using cloud-based services with undue care.

The department urged the firms to examine their use of cloud services after discovering flaws in cloud data handling. Challenges include an industry-wide over-reliance on a handful of cloud providers such as Amazon, Google and Microsoft, as well as a need for more skilled technology workers.

The department reports risks are especially prevalent in small and medium-sized organisations. 

The USDT emphasised that firms must securely move data to cloud operations to avoid mishandling or exposure to cyberattacks. Companies turning to cloud services are at extra risk if “safe and effective migration” is not thoroughly achieved, said Deputy Secretary of the Treasury Wally Adeyemo.

The USDT highlighted that financial institutions expose themselves to added cyber incidents by relying too heavily on one operational system. A glitch in one cloud company could potentially cripple services across many branches. 

Cloud security

A spokesperson from Google said: “We’re committed to working with financial services customers and regulators to provide them with controls and assurances on risk management, data locality, transparency and compliance.”

In a separate earlier investigation, Chinese intelligence agencies were accused of attacking US firms by hacking into cloud services. 

Treasury officials recommended financial institutions adjust to the new wave of technology, stating it “neither endorses nor discourages cloud service adoption by the sector”.

More regulation coming

The Treasury is also establishing a separate group to study concentration in cloud-computing services, with the possibility of new regulations being introduced to manage potential cyberthreats. In July 2022 reports emerged that Microsoft’s Azure struggled to meet cloud demands. 

Last November, it was announced that cloud service providers in the EU are being subjected to tighter rules. Providers now need to show how quickly they can recover from a cyber attack under law taking effect in 2024.

In 2019, Capital One was fined $80 million for a 2019 cloud hack in which confidential data was leaked in a cloud computing security breach.

Additional cybersecurity coverage

Stay up to date on the latest cybersecurity developments, news and updates. Check out the following articles:

Avatar photo
Eoghan O'Donnell

Eogan was a freelance reporter for, covering technology news across hardware, innovation and security. Now based in London, he is proudly Irish and fluent in Gaeilge.