Resources on effective practices for secure cloud adoption were published Wednesday by the Treasury Department in conjunction with an financial institution industry group, the agency said.
According to Treasury, the resources, a group of documents, were “intended to arm financial institutions of all sizes with effective practices for secure cloud adoption and operations.”
The resources, published in conjunction with the Financial Services Sector Coordinating Council (FSSCC) – a group representing technology interests of banks and large credit unions – also help to address gaps identified last year in the Treasury’s report on financial services adoption of cloud services.
The gaps addressed, Treasury said, include:
- Establishing a common lexicon that may be used by financial institutions and regulators in discussions regarding cloud.
- Enhancing information sharing and coordination for examination of cloud service providers.
- Assessing existing authorities for cloud service provider (CSP) oversight.
- Establishing best practices for third-party risk associated with cloud service providers, outsourcing, and due diligence processes to increase transparency.
- Providing a roadmap for institutions considering comprehensive or hybrid cloud adoption strategies including an update to the Financial Sector’s Cloud Profile.
- Improving transparency and monitoring of cloud services for better “security by design.”