The US Department of Treasury (USDT) has told financial institutions they are putting themselves at risk by using cloud-based services with undue care.
The department urged the firms to examine their use of cloud services after discovering flaws in cloud data handling. Challenges include an industry-wide over-reliance on a handful of cloud providers such as Amazon, Google and Microsoft, as well as a need for more skilled technology workers.
The department reports risks are especially prevalent in small and medium-sized organisations.
The USDT emphasised that firms must securely move data to cloud operations to avoid mishandling or exposure to cyberattacks. Companies turning to cloud services are at extra risk if “safe and effective migration” is not thoroughly achieved, said Deputy Secretary of the Treasury Wally Adeyemo.
The USDT highlighted that financial institutions expose themselves to added cyber incidents by relying too heavily on one operational system. A glitch in one cloud company could potentially cripple services across many branches.
A spokesperson from Google said: “We’re committed to working with financial services customers and regulators to provide them with controls and assurances on risk management, data locality, transparency and compliance.”
In a separate earlier investigation, Chinese intelligence agencies were accused of attacking US firms by hacking into cloud services.
Treasury officials recommended financial institutions adjust to the new wave of technology, stating it “neither endorses nor discourages cloud service adoption by the sector”.
More regulation coming
The Treasury is also establishing a separate group to study concentration in cloud-computing services, with the possibility of new regulations being introduced to manage potential cyberthreats. In July 2022 reports emerged that Microsoft’s Azure struggled to meet cloud demands.
Last November, it was announced that cloud service providers in the EU are being subjected to tighter rules. Providers now need to show how quickly they can recover from a cyber attack under law taking effect in 2024.
In 2019, Capital One was fined $80 million for a 2019 cloud hack in which confidential data was leaked in a cloud computing security breach.
Additional cybersecurity coverage
Stay up to date on the latest cybersecurity developments, news and updates. Check out the following articles:
Generative AI is about more than just automating sales and marketing. It’s about making it more personal, too.
Amazon and Microsoft trade blows over cloud competition
Chetna Gogia, Chief Human Resources Officer at GoKwik: “Go deep in acquiring the right knowledge before you advise on HR practices to management”
In this Coffee with HR interview, we speak to Chetna Gogia, Chief Human Resources Officer at GoKwik. She has over 20+ years of experience leading HR functions across various sectors