Originally posted on Compare the Cloud here.
Ask any CIO and COO if they’re concerned about using the cloud and they’ll often cite concerns around data security, compliance and transparency as significant barriers to adopting cloud computing services.
Yet individual business areas are often keen to take advantage of the benefits that these technologies offer, leading to the rapid growth of shadow IT systems, where internal stakeholders procure their own cloud-based services without the knowledge or control of the IT management – it can take as little as 15 minutes and credit card to get set up.
Unsurprisingly, millennials are often at the forefront of this trend – as ‘digital natives’, they are familiar with cloud based technology, particularly where employers have adopted a ‘bring your own device’ strategy that encourages greater use of personal mobiles, laptops and tablets. In financial services, traditionally a sector with one of most complex and highly regulated IT environment, pressure for the rules to recognise the benefits and flexibility offered by solutions is growing.
This month the UK Financial Conduct Authority (FCA) published long awaited guidance on using the cloud, which are a first step – if not a comprehensive guide – to their expectations of regulated firms in financial services.
Data compiled by the International Data Corporation shows global spending on cloud services is set to rise from $70 billion in 2015 to more than $141 billion in 2019, with $6.8 billion spent by the banking sector alone in 2015.
Spending on software as a service – which enables clients to access applications through their own devices without managing or controlling the underlying infrastructure – will continue to dominate, making up nearly two-thirds of predicted total spend.
From a business perspective, managing these disparate cloud environments creates unnecessary complexity and cost, often amplifying operational and regulatory risks. In financial services 52 percent of firms we surveyed last year raised compliance concerns as a high-risk factor.
One of the most frequent concerns we hear is around maintaining data security and protection. Users of cloud services retain oversight of, and accountability for, their data, and good governance is key to developing scalable programmes that can incorporate continuous improvements.
As best practice, cloud service users should regular include assessment of market and technical requirements and incorporate regular security updates into their contracts with service providers.
So what should IT executives do? The first and most important step is to recognise – and celebrate – the fact that cloud technology is here to stay.
Ease of access to cloud technology, and the breadth of solutions it offers, from payroll services to smart, searchable audits, means that it is more important than ever for IT to be seen as a partner that enables rather than blocks access to new technology.
Effectively balancing the benefits and risks of cloud technology should feel like a joint venture between IT departments and the wider business, not command and control from the centre. Process owners should ‘own’ the supporting systems, while IT executives should steer and advise on best practice.
One of the biggest challenges in moving towards this model is embedding a good understanding of the risks and challenges across the Board and senior management team. While Board members are not expected to understand how the technology works, they should have a clear view of the associated risks and mitigating actions. However, they can often be the furthest removed from how these solutions are used day-to-day across the business, which make it difficult to take a considered view of cloud technology.
Rapid growth in the use of cloud technology should be matched by greater collaboration within businesses, between users and providers and between firms and regulators. While we welcome the FCA’s guidance, we don’t believe it has gone far enough, or sufficiently recognises the nuances in public and private cloud environments.
To be a truly useful guide for firms – and further its regulatory requirements to promote innovation and completion – the regulator needs to recognise that it needs to respond to the way the cloud is used today too.