Digitally savvy consumers are expecting more and more from their banking and financial institutions these days. But companies in this vertical still have yet to come up with industry best practice for leveraging secure cloud infrastructure for digital transformations, according to a new study out today by the Cloud Security Alliance. The report shows that financial companies are still slow to come off the line for cloud adoption, with only about of third of financial services firms reporting an existing cloud strategy, and the majority of non-adopting firms citing security and regulatory concerns as the top impediment.

However, the industry is poised for growth in this area. This forward motion is interestingly pushed by the smallest and largest of financial services firms, which have the highest current cloud strategy adoption rate of 40 and 35 percent respectively. These figures likely are the result of a current cycle of competition and disruption over digital consumers that has small and nimble players eating the big financial companies' lunch. Heather Cox, Heather Cox, chief client experience digital and marketing officer for global consumer banking at Citi, explained the phenomenon last week at IBM InterConnect.

"We have new people stepping into our landscape every single day. The payments and banking space is being fundamentally transformed. It has been said that people need banking, but they don't necessarily need banks," she said. "As I stare at these new entrants, the role that we big banks have played forever and everybody thought had such a certain future, simply doesn't hold any longer. We need to think differently."

As the small disruptors cause the deep pocketed goliaths to rethink their IT and digital strategy, their shift to the cloud will likely cause the collective movement toward cloud strategies in the industry overall. According to the survey, overall an additional 61 percent of companies report having some kind of cloud strategy in the works. But security and regulatory pressures still remain tantamount when executing on these strategies. The report showed that financial services firms' willingness to move to the cloud often depends on a cloud provider's ability to offer a number of desired security features, including increased operational transparency, strong encryption, real-time logs and remote auditing.

Click here for Talkin' Cloud's Top 100 CSP list

"It is significant that even in a highly regulated industry like financial services, that is generally considered to be the most mature in terms of security best practices, they are still struggling to keep up with the pace of cloud and implement proactive security strategies," says Jim Reavis, co-founder of the Cloud Security Alliance.

According to Reavis, financial services tend to lean toward a best-in-class approach for cloud that mixes a wide variety of SaaS, along with purpose-built cloud applications for IaaS. He believes this presents the largest opportunity for partners.

"These many clouds do not have out of the box integration with each other, and the industry needs to provide consulting, managed services and innovation to secure these clouds in concert with each other," he says, explaining that the best opportunities to add security value in the process revolve around data security, visibility and identity management. "Brokering will likely be a strategic part of these solutions."