In my previous article, I looked at why cloud is imperative for digital transformation to take place in the financial services market. Many organizations in this space, such as Deutsche Bank, have announced a ‘cloud-first strategy’ over the past few years, with ambitious aims to migrate 80-90% of applications to the cloud by 2020. Some banks and insurance companies are quite mature in their approach to implementing private cloud infrastructure to support critical business applications, yet public cloud solutions are not as widely adopted. Here, I consider why this is the case; as well as the benefits of bringing public and private cloud infrastructure together to deploy hybrid cloud solutions and take advantage of the two distinct worlds.
Questions marks over public cloud adoption
The financial services market is highly regulated and therefore any public cloud solution that is deployed must be fully compliant with any current regulations as well as being capable of anticipating new regulations that have not yet been fully specified by the regulator. These regulations apply to banks and insurance companies’ IT departments but by default, they also apply to public cloud providers: are these worldwide mass market actors ready to discuss and comply?
From a technical prospective, as public cloud solutions are adopted more widely, there is a need to integrate public and private infrastructure seamlessly within the existing operating framework of the company, which can be complex to manage. Many basic Data Center operations have been designed and deployed on private infrastructure (monitoring, patching, backups), but efforts must be made to integrate external infrastructure and public cloud applications.
Finally, customer data confidentiality must also be a top priority for financial services firms, especially in the wake of several high profile security scandals suffered by major brands, such as Tesco Bank last year. Many organizations have concerns over the security of public cloud, and data encryption will therefore be critical to ensuring continuous privacy, as well as Identity and Access Management.
Paving the way for public cloud
One organization that is already embracing public cloud solutions is Dutch banking regulator, De Nederlandsche Bank. The watchdog was one of the first in Europe to state regulations about using cloud-based services and approved the use of Amazon’s public cloud services, AWS, for financial services organizations in 2012. For businesses looking to adopt public cloud services for their financial IT solutions, they should adhere to the following guidelines:
- Ensure conformity within existing financial IT security and data classification rules
- Declare the intention of use to the local regulator
- Expect to be audited by the regulator
- Include exit clauses in any contract
- Ensure capacity to run an appropriate reverse project for business continuity and data recovery
If no official regulations have been set up by central financial institutions (ECB), some agencies have proposed recommendations when providing or using public cloud services in Financial Services, such as the European Union Agency for Network and Information Security (Enisa).
Enabling digital transformation with hybrid, multi-cloud platforms
Where I expect to see greater development is in the deployment of hybrid cloud solutions, whereby front-end services can be run, developed and tested on public clouds (taking advantage of the scalability, flexibility and OPEX models) and back office services can be run in private cloud environments (for increased data security). This is something that we regularly support our clients with, through our Digital Private Cloud and Managed Public Cloud offerings. This enables organizations to develop environments in which legacy applications and cloud-native applications can co-exist together, helping them to compete more effectively in the digital revolution.
There is no doubt that public cloud will be more widely adopted in the coming years but there is still much work to do to overcome technical issues, security and regulations. By partnering with systems integrators and brokers, organizations can assess their existing and future applications portfolio and deploy hybrid solutions that are more agile and “public cloud-like”, while maintaining the security levels of private cloud infrastructures.
Look out for my third and final article in this series where I will look at how financial services businesses can manage their existing applications portfolio and become truly digital enterprises.