Media365
[The content of this article has been produced by our advertising partner.]
Hong Kong’s financial sector is entering a new phase of digital transformation. Cloud infrastructure is rapidly becoming foundational to modern banking operations, supporting everything from digital platforms to fintech collaboration and data-driven financial services.
The pace of adoption is notable. The Hong Kong Monetary Authority (HKMA) has observed that cloud-related initiatives now account for roughly 80 per cent of reportable technology outsourcing projects among banks, with many involving critical systems.
As cloud adoption expands, attention is shifting from migration to resilience. Financial institutions must ensure their security architecture keeps pace with increasingly complex hybrid and multi-cloud environments.
Securing the API economy
APIs now underpin many digital financial services, connecting banks with fintech platforms, partners and customer-facing applications. While APIs enable faster innovation and ecosystem collaboration, they also introduce new attack surfaces. Continuous API discovery, monitoring and protection against automated abuse are becoming essential to safeguarding sensitive financial data and maintaining service resilience.
Protecting cloud-native development
Banks are increasingly deploying applications through containerised environments and DevSecOps pipelines. These technologies improve agility and accelerate service delivery, but they also introduce new security considerations around secrets management, machine identities and access control. Securing cloud-native workloads from development through to production is therefore, becoming a critical component of cyber resilience in the financial sector.
Maintaining control over encryption and cryptographic keys
Encryption remains one of the most effective safeguards for financial data. Yet according to the 2026 Thales Data Threat Report, organisations in Hong Kong report that only about half (49%) of sensitive data stored in the cloud is encrypted.
For financial institutions operating in highly regulated environments, stronger governance over cryptographic keys is increasingly important. Approaches such as Bring Your Own Key (BYOK) and Bring Your Own Encryption (BYOE) allow organisations to retain ownership and control of encryption keys while still leveraging the scalability of cloud platforms.
These priorities reflect a broader shift in how financial institutions approach cybersecurity in cloud environments. From Thales’ work with banks on data protection and encryption strategies, institutions are placing greater emphasis on maintaining control of cryptographic keys, improving visibility across hybrid environments, and building security architectures capable of adapting to emerging threats.
Another area gaining attention is preparation for the quantum era, a priority also highlighted in the HKMA’s Fintech Promotion Blueprint. As advances in quantum computing continue, financial institutions will need to assess how future cryptographic standards could affect long-term data protection. The 2026 Thales Data Threat Report shows that 59% of organisations in Hong Kong now view “harvest now, decrypt later” attacks as the leading quantum-related risk, underscoring the need to build crypto-agile architectures that can evolve with emerging cryptographic requirements.
For Hong Kong’s financial sector, secure innovation depends on embedding strong security foundations alongside technological progress. By strengthening API protection, securing cloud-native workloads and maintaining control over encryption and cryptography, banks and fintech firms can continue to innovate while preserving the trust that underpins Hong Kong’s role as a leading international financial centre.
Download the Thales compliance brief to explore how financial institutions can operationalise the HKMA Practice Guide on Cloud Adoption.
