Towards Secure Cloud-Computing in FinTechs – An Artefact for Prioritizing Information Security Measures

Abstract

The number of FinTechs has been proliferating over the last decades. While their innovative offerings inherit disruptive potential, the security of their cloud services remains a fundamental issue. Tight budgets and the need for rapid product development force FinTechs to focus on the most necessary information security measures (ISMs) that ensure regulatory compliance and avoid customer losses due to security incidents. The question arises of how FinTechs should prioritize ISMs. To answer this question, we follow design science research to develop an artifact by which cloud service using and providing FinTechs can obtain a prioritized list of ISMs. Our resulting artifact builds upon extant research on FinTechs and information security (IS), relevant regulatory frameworks, and the shared responsibility model for cloud services. Our research contributes to the conceptualization of integrated ISM prioritization for FinTechs and provides practitioners with a structured prioritization approach based on a standardized logic.