by Henry Duncombe
• Compliance issues are being addressed, making the public cloud feasible for financial services companies
• Public cloud offerings can help financial services companies with productivity and digital transformation
• Like all technology, the public cloud needs significant knowledge, management and internal governance to ensure it delivers on its promises
Financial services organisations spend almost twice the industry average on technology. Despite this, the funds they devote to the public cloud are half that of any other sector. (Source: Gartner’s IT Key Metrics 2016.)
As a shared resource that operates at scale, bespoke public cloud products are not available; this has – to date – made the sector reticent about adopting the technology.
Perhaps more than any other industry, financial services companies need to be whiter-than-white when it comes to security in order that they can manage risk and meet rightfully stringent compliance regulations. (Despite the sector being the most targeted by cyber attacks, financial services organisations are not the most likely to suffer an actual breach.) In addition, although the business case for using the public cloud stacks up, they have not been confident that the regulator would perceive it as safe practice.
But, while the financial services and banking sectors are necessarily security-focused, they need to balance this with the need to modernise and digital transformation. As proven big spenders on technology, they offer a major opportunity for public cloud providers, who are adapting their offerings to meet the industry’s requirements.
There is definitely an increased appetite for public cloud technology in the financial services sector and some key factors can be attributed to the tide turning in favour of its adoption.
1. Contracts adapted for financial services companies
Public cloud providers, such as Microsoft (with its Azure product) and Amazon Web Services, acknowledged that the one-size-fits-all approach of cloud computing didn’t provide the agreements required by financial services companies. Also recognising the commercial opportunity, they set out to remedy the situation and offer increased flexibility.
The result is contract addendums, which focus on the terms and conditions that an industry regulator would expect any financial services company to agree with a third party provider in order to use them and remain compliant. These special contracts enable the cloud provider to give clients operational visibility to the level that is required by the auditors and regulators, thereby providing assurance that regulations are met.
2. Endorsement by the industry regulator
Around the same time, in part driven by its remit to promote competition and therefore innovation, the Financial Conduct Authority (FCA) undertook a consultation into the suitability of the public cloud for the financial services sector.
Concluding that there was no reason why cloud services should not be adopted (assuming the necessary considerations were implemented), the consultation was the vote of confidence that financial services companies needed.
Those that had not previously implemented public cloud services because they were concerned about how that would position them with the regulator were given the green light.
3. Introduction of UK-based data centres
Traditionally, public cloud data centres tended to be located in Europe. While not an issue in theory, financial services companies were wary of the additional complication of their data being under a different jurisdiction, which potentially added an additional layer of uncertainty.
To further target the sector, public cloud providers began to build data centres in the UK, often in close proximity to London where the majority of financial services companies are based. With these data centres now no further away than their legacy equivalent, confidence that the public cloud was a realistic business solution was further consolidated.
4. Changing attitudes to technology use and ownership
The world is moving towards a ‘software as-a-service’ (SaaS) environment in which organisations access IT applications via the cloud instead of purchasing them outright to sit on their own servers. Companies increasingly use it for standard non-line of business applications with Microsoft Office 365 being the most prevalent example.
The take up of cloud-based technology is also being driven by ‘Shadow IT’. Users bypass their internal IT department (perceiving them to be ‘slow to respond’), opting instead to resolve a technology problem quickly themselves through sourcing what they need from the cloud. (This is however potentially risky for the organisation and needs to be managed, as discussed in our previous blog post, Shadow IT makes it easy to unwittingly compromise compliance – but the solution isn’t as hard as you might think).
5.The perception of cloud security is improving
People are progressively realising that the public cloud is secure; the security breaches are nearly always down to it being used in an insecure fashion with these often not being technical but related to people or processes. To prevent these errors as far as possible, access controls need to be configured, encryption used, and risk assessments conducted.
The public cloud saves time and money and is a gateway to digital transformation
In addition to being used for business software, the flexibility and freedom offered by the public cloud increasingly makes it the go-to option as organisations embark on digital transformation projects, such as developing their own software or applications.
For financial services companies, the advantages are numerous. The public cloud saves time (applications have be developed or updated more quickly) and money (because it is paid for on a per use basis). Its scaleability means that large numbers of users can be quickly and easily brought on-board – key when there are peak periods of demand for example – and have fast access to the wide range of features that are already built, proven and immediately available.
BUT – public cloud technology does not solve all IT issues
However, for all its clear advantages, like anything ‘new’, there is a lot of hype. The public cloud is not a panacea for all technology issues; it is only economical for certain applications and when it’s used correctly. For example, just ‘lifting and shifting’ on-premise systems to the cloud rarely works from a technical point of view and can result in increased costs and complexity. In addition poor planning leads to some on-premise systems being retained, thus building up the technical debt.
It’s essential therefore to have the right partner who can advise and assist with which applications are suitable for the public cloud.
To find out more about the role of the public cloud in financial services, whether it could be right for your organisation and if so for which applications please get in touch.