THE ROLE OF NIST CYBERSECURITY FRAMEWORK IN THE ADOPTION OF CLOUD-NATIVE TECHNOLOGIES IN THE FINANCIAL SERVICE SECTOR

Kamilu Nurudeen Adebola

doi:10.34218/IJCET_16_03_031

Authors

Kamilu Nurudeen Adebola Visa Europe Technology, Warsaw, Poland. Author

DOI:

https://doi.org/10.34218/IJCET_16_03_031

Keywords:

NIST Cybersecurity Framework, Cloud-Native Technologies, Financial Services Sector, Cybersecurity, Information Security, Risk Management, Compliance, Financial Technology (FinTech)

Abstract

Digital innovations, including cloud-native technologies, are continuously transforming the financial services sector. Financial institutions are embracing cloud-native adoptions to deploy artificial intelligence and machine learning models that address their operational threats, deficiencies, and compliance. Nonetheless, these adoptions introduce significant cybersecurity concerns that require the integration of validated and adaptable frameworks like the NIST cybersecurity framework (NIST CSF). By employing the systematic-narrative hybrid literature review methodology, this paper examined the role of the NIST CSF in the cloud-native technology adoption in the financial services sector. Literature from academic databases such as Google Scholar, Scopus, ResearchGate, IEEE Xplore, and ScienceDirect, as well as NIST and IBM publications, was extracted for the review. The review concluded that the NIST CSF is a structured guideline for handling cybersecurity risks in the financial services sector, with the potential to improve scalability, compliance, resilience, and governance. By balancing regulatory compliance with dynamic security infrastructure development, the framework can also be adapted for unique challenges in decentralised environments. Organisational culture and management support were also identified as factors that enhance the effectiveness of NIST CSF integration for cloud-native adoptions.

References

Anthony, B. (2024). Enabling Seamless Interoperability of Digital Systems in Smart Cities Using API: A Systematic Literature Review. Journal of Urban Technology, 31(4-5), 123-156. https://doi.org/10.1080/10630732.2024.2427543

Wu, F. T., Lee, W. B., Ku, C. C. Y., Wu, Y. S., & Shih, C. Y. (2024). Integrating ISO 27001, Nist Csf 2.0, and Cyber Defense Matrix for Enhancing Organizational Cybersecurity Governance. Nist Csf. https://dx.doi.org/10.2139/ssrn.4991340

Amine, A. M., Chakir, E. M., Issam, T., & Khamlichi, Y. I. (2023). A Review of Cybersecurity Management Standards Applied in Higher Education Institutions. International Journal of Safety & Security Engineering, 13(6). DOI: 10.18280/ijsse.130614

Arif, T., Jo, B., & Park, J. H. (2025). A Comprehensive Survey of Privacy-Enhancing and Trust-Centric Cloud-Native Security Techniques Against Cyber Threats. Sensors, 25(8), 2350. https://doi.org/10.3390/s25082350

Cedar IBSI Fintech Lab (2024). How Cloud-Native Infrastructure is Reshaping Core Banking Systems. Retrieved from: https://www.cedaribsifintechlab.com/how-cloud-native-infrastructure-is-reshaping-core-banking-system/#:~:text=Capital%20One%20now%20uses%20cloud,future%20of%20core%20banking%20systems.

Confidently, L. A. O., Chakraborty, M., & Kundan, A. P. (2021). Monitoring Cloud-Native Applications. https://doi.org/10.1007/978-1-4842-6888-9

Dimakopoulou, A., & Rantos, K. (2024). Comprehensive Analysis of Maritime Cybersecurity Landscape Based on the NIST CSF v2. 0. Journal of Marine Science and Engineering, 12(6), 919. https://doi.org/10.3390/jmse12060919

D'Onofrio, D. S., Fusco, M. L., & Zhong, H. (2023). CI/CD Pipeline and DevSecOps Integration for Security and Load Testing (No. SAND-2023-08255). Sandia National Lab.(SNL-NM), Albuquerque, NM (United States). https://doi.org/10.2172/2430395

Douglis, F., & Nieh, J. (2020). Microservices and containers. IEEE Internet Computing, 23(6), 5-6. https://doi.org/10.1109/MIC.2019.2955784

Fathima, S. A. (2025). AI-Driven Insights for Risk Management in Banking: Leveraging Cloud-Native Technologies for Scalability. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 1(01), 34-44. https://doi.org/10.63282/3050-9262.IJAIDSML-V6I1P104

Ferrari, R. (2015). Writing narrative style literature reviews. Medical writing, 24(4), 230-235. https://doi.org/10.1179/2047480615Z.000000000329

Gade, K. R. (2022). Cloud-Native Architecture: Security Challenges and Best Practices in Cloud-Native Environments. Journal of Computing and Information Technology, 2(1).

Hinterschweiger, M., Neumann, T., & Saporta, V. (2018). Risk sensitivity and risk shifting in banking regulation. Bank of England Financial Stability Paper, (44). https://ssrn.com/abstract=3299411

IBM (2024). The compelling need for cloud-native data protection. https://www.ibm.com/think/insights/compelling-cloud-native-data-protection

Ibrahim, A., Valli, C., McAteer, I., & Chaudhry, J. (2018). A security review of local government using NIST CSF: a case study. The Journal of Supercomputing, 74, 5171-5186.https://doi.org/10.1007/s11227-018-2479-2

Jimmy, F. N. U. (2023). Cloud security posture management: tools and techniques. Journal of Knowledge Learning and Science Technology ISSN: 2959-6386 (online), 2(3). https://doi.org/10.60087/jklst.vol2.n3.p622

Konate, M., Kouraogo, P. J., & Harouna, O. H. (2025). A Web Platform Based on the NIST CSF for Assessing and Monitoring the Cybersecurity of SMEs and Critical Infrastructures. Open Journal of Applied Sciences, 15(1), 274-284. https://doi.org/10.4236/ojapps.2025.151018

Kratzke, N., & Quint, P. C. (2017). Understanding cloud-native applications after 10 years of cloud computing-a systematic mapping study. Journal of Systems and Software, 126, 1-16.

Kumar, T. V. (2015). CLOUD-NATIVE MODEL DEPLOYMENT FOR FINANCIAL APPLICATIONS. International Journal of Current Engineering and Scientific Research (IJCESR) 2 (9):114-123.

Legapriyadharshini, N., Thirumalaikumari, T., Senbagam, K., Sarasu, R., Basha, H. A., & Malathi, P. (2024, March). Integration of AI and Cloud-Native Technologies for Personalized Mobile Banking Experiences. In 2024 International Conference on Recent Innovation in Smart and Sustainable Technology (ICRISST) (pp. 1-6). IEEE. https://doi.org/10.1109/ICRISST59181.2024.10921880

Leshchenko, B., Snisar, B., Stupak, A., & Osadchyi, V. (2024). Integrating DevSecOps into the software development lifecycle: A comprehensive model for securing containerized and cloud-native environments. CPITS II 2024-Cybersecurity Providing in Information and Telecommunication Systems, (3826), 153-161. https://ceur-ws.org/Vol-3826

Mavlutova, I., Spilbergs, A., Verdenhofs, A., Natrins, A., Arefjevs, I., & Volkova, T. (2022). Digital transformation as a driver of the financial sector sustainable development: An impact on financial inclusion and operational efficiency. Sustainability, 15(1), 207. https://doi.org/10.3390/su15010207

Möller, D. P. (2023). NIST cybersecurity framework and MITRE cybersecurity criteria. In Guide to Cybersecurity in Digital Transformation: Trends, Methods, Technologies, Applications and Best Practices (pp. 231-271). Cham: Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-26845-8_5

Molnar, V., & Sabodashko, D. (2024). Comparative analysis of cybersecurity in leading cloud platforms based on the NIST framework. Social Development and Security, 14(6), 68-80. https://doi.org/10.33445/sds.2024.14.6.8

Mustyala, A. (2023). Migrating Legacy Systems to Cloud-Native Architectures for Enhanced Fraud Detection in Fintech. EPH-International Journal of Science And Engineering, 9(1), 16-26. https://doi.org/10.53555/ephijse.v9i1.236

Nutalapati, P. (2024). A Review on Cloud Computing in Finance-Transforming Financial Services in the Digital Age. DOI : 10.55083/irjeas.2024.v12i03005

Oghogho, O. T., Akano, T. D., Erhabor, E. O., Ezeadi, S. C., & Akinyemi, B. T. (2025). Assessing Costs and Preventative Strategies of Cloud Security Breaches on the US Financial Services Sector. International Journal of Research Publication and Reviews, 6(3). 1537-1543. http://dx.doi.org/10.55248/gengpi.6.0325.1149

Olutimehin, A. T. (2025). Assessing the effectiveness of cybersecurity frameworks in mitigating cyberattacks in the banking sector and its applicability to decentralized finance (DeFi). Available at SSRN 5133050.

Oyeniran, O. C., Modupe, O. T., Otitoola, A. A., Abiona, O. O., Adewusi, A. O., & Oladapo, O. J. (2024). A comprehensive review of leveraging cloud-native technologies for scalability and resilience in software development. International Journal of Science and Research Archive, 11(2), 330-337. https://doi.org/10.30574/ijsra.2024.11.2.0432

Pandey, P., & Patel, A. (2025). Integrating Security in Cloud-Native Development: A DevSecOps Approach to Resilient Software Systems. In Data Governance, DevSecOps, and Advancements in Modern Software (pp. 169-196). IGI Global Scientific Publishing. DOI: 10.4018/979-8-3373-0365-9.ch009

Quillen, N. C. (2022). Tools Engineers Need to Minimize Risk around CI/CD Pipelines in the Cloud (Doctoral dissertation, Capella University).

SetinelOne (2025). Cloud Security Facts. https://www.sentinelone.com/cybersecurity-101/cloud-security/cloud-security-statistics/#:~:text=80%25%20of%20companies%20have%20encountered,of%20attacks%20comprise%20failed%20audits.

Shackelford, S. J. (2017). The law of cyber peace. Chi. J. Int'l L., 18, 1. Retrieved from http://chicagounbound.uchicago.edu/cjil/vol18/iss1/1

Shin, D., Kim, J., Pawana, I. W. A. J., & You, I. (2025). Enhancing cloud-native DevSecOps: A Zero Trust approach for the financial sector. Computer Standards & Interfaces, 103975. https://doi.org/10.1016/j.csi.2025.103975

Simonova, A. (2020). An analysis of factors influencing national institute of standards and technology cybersecurity framework adoption in financial services: a correlational study. Capella University.

Subramanyam, S. V. (2021). Cloud computing and business process re-engineering in financial systems: The future of digital transformation. International Journal of Information Technology and Management Information Systems (IJITMIS), 12(1), 126-143. https://doi.org/10.34218/IJITMIS_12_01_011

Suganya, R. V., & Venkateshwaran, G. (2023) CLOUD-DRIVEN INNOVATION IN BANKTECH: TRANSFORMING THE FINANCIAL LANDSCAPE. ISSN : 0975-802X

Teoh, C. S., Mahmood, A. K., & Dzazali, S. (2017). Is NIST CSF applicable for developing nations? A case study on Government Sector in Malaysia. http://aisel.aisnet.org/pacis2017/101

Theodoropoulos, T., Rosa, L., Benzaid, C., Gray, P., Marin, E., Makris, A., ... & Tserpes, K. (2023). Security in cloud-native services: A survey. Journal of Cybersecurity and Privacy, 3(4), 758-793. https://doi.org/10.3390/jcp3040034

Thompson, A. (2022). AI-Driven Insights for Risk Management in Banking: Leveraging Cloud-Native Technologies for Scalability. International Journal of AI, BigData, Computational and Management Studies, 3(4), 1-10. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I4P101

Turnbull, D., Chugh, R., & Luck, J. (2023). Systematic-narrative hybrid literature review: A strategy for integrating a concise methodology into a manuscript. Social Sciences & Humanities Open, 7(1), 100381. https://doi.org/10.1016/j.ssaho.2022.100381

Varga, D. (2017). Fintech, the new era of financial services. Vezetéstudomány-Budapest Management Review, 48(11), 22-32. https://doi.org/10.14267/VEZTUD.2017.11.03

Wang, Y., Zhu, M., Yuan, J., Wang, G., & Zhou, H. (2024). The intelligent prediction and assessment of financial information risk in the cloud computing model. arXiv preprint arXiv:2404.09322. https://arxiv.org/abs/2404.09322

White, G. B., & Sjelin, N. (2022). The NIST cybersecurity framework. In Research anthology on business aspects of cybersecurity (pp. 39-55). IGI Global. https://doi.org/10.4018/978-1-6684-3698-1.ch003

Matsikidze, H., & Kyobe, M. (2020, November). A Proposed Cyber security framework for auditing in financial institutions. In 2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON) (pp. 0276-0281). IEEE. https://doi.org/10.1109/IEMCON51383.2020.9284861

Goodwin, S. (2022, March). The need for a financial sector legal standard to support the NIST Cybersecurity Framework. In SoutheastCon 2022 (pp. 89-95). IEEE. https://doi.org/10.1109/SoutheastCon48659.2022.9764006

Udroiu, A. M., Dumitrache, M., & Sandu, I. (2022, June). Improving the cybersecurity of medical systems by applying the NIST framework. In 2022 14th International Conference on Electronics, Computers and Artificial Intelligence (ECAI) (pp. 1-7). IEEE. https://doi.org/10.1109/ECAI54874.2022.9847498

Vadisetty, R. (2024, November). Efficient large-scale data based on cloud framework using critical influences on financial landscape. In 2024 International Conference on Intelligent Computing and Emerging Communication Technologies (ICEC) (pp. 1-6). IEEE. https://doi.org/10.1109/ICEC59683.2024.10837096

NIST (2018). History and Creation of the CSF 1.1. https://www.nist.gov/cyberframework/history-and-creation-framework

NIST (2024). The NIST Cybersecurity Framework (CSF) 2.0. https://doi.org/10.6028/NIST.CSWP.29