In a survey carried out by the Cloud Security Alliance, How Cloud is Being Used in the Financial Sector, 61 per cent of respondents admitted that a cloud strategy is only in the formative stages within their organisation, with 39-47 per cent planning to use a mix of in-house IT, private, and public clouds, and 18 per cent planning to use private clouds. None of the respondents have plans to host a majority of their applications or systems in a public cloud. Yet outside of the financial services sector 88% of enterprises utilise public cloud in some way, shape or form. So why are financial services providers lagging behind?
Before discussing the rewards available for a financial services organisation in the cloud and why adoption is slow, it is important to get an understanding of the regulatory backdrop. In October 2014 the Financial Conduct Authority (FCA) launched Project Innovate, an initiative to foster innovation in the cloud. The key driver behind this project was to understand in more detail where the regulatory framework needed to be amended in order to foster innovation. It has been broadly recognised by the UK Government and the FCA that in order to foster innovation and remain at the leading edge of the financial services industry innovation needs to be embraced and promoted. Interestingly it is often down to the location and movement of data the cloud encourages that drives some of the regulatory challenges. Indeed, the FCA defined the following three points as significant:
- Cloud customers may have less scope to tailor the service provided.
- Cloud customers may also have to accept that cloud service providers will move their data around; however, in some cases, cloud customers may be able to specify which overall geographic region in which their data is stored.
- Firms should also consider the risks associated with outsource service providers who may contract out part of their operation to other cloud providers. This may occur without the firm initially realising
Companies should also be aware of new legislation and how it impacts a move to the cloud, specifically new EU Digital Single Market strategy and reform of EU Data Protection legislation. The exact form of the cloud service adopted, whether PaaS, SaaS, IaaS or another flavour of cloud does not change how an organisation adheres to regulatory requirements and when outsourcing to a third party the organisation must still be aware of their obligations under the relevant regulations. Despite the significance of the three points identified by the FCA the Finntech industry in the UK is already booming and offering some of the larger financial organisations a view of how cloud can deliver genuine rewards.
Gartner predict that public cloud spending in 2016 will grow to $204bn globally and demand for IaaS will rocket, but that has to exclude many financial services firms who are reticent in their uptake of cloud services. What would the total spending be if the financial services industry were to get on board? So with the backdrop of a heavily regulated industry, albeit one that is trying to incorporate cloud, how do new and traditional financial services organisations begin the lengthy process of unlocking benefits in the cloud? Benefits already realised in other less regulated markets such as content and digital media.
I firmly believe the answer lies not in adopting an ‘everything in the cloud’ strategy but in pursuing the goal of Hybrid IT. Hybrid IT is defined as an approach to enterprise computing in which an organization provides and manages some information technology (IT) resources in-house but uses cloud-based services for others. When talking about cloud the first thing that often comes to mind is the public cloud providers and from an enterprise perspective how this pillar is being adopted today. In Q1 2015 AWS reported revenues of £1.57bn, just slightly more than that sum its four nearest competitors Salesforce, Microsoft, IBM and Google. So with a public cloud market of more than $3bn in Q1 alone I would be reasonably confident in suggesting that financial services organisations are no different to other industries where shadow IT and un-regulated use of public cloud services is prevalent.
A great example of hybrid cloud adoption is Suncorp Bank Australia who, in 2013, launched a virtual private cloud and virtual data center, and the bank is now in the process of moving more than 2,000 applications and large parts of its core banking system to the AWS Cloud. As part of its “all-in” strategy with AWS, Suncorp also decided to exit a disaster recovery (DR) site designed to support 12,000 virtual desktop users, in addition to other critical applications. To do so, the bank worked with NetApp cloud experts to deploy a private storage solution with a direct connection to AWS.
Many of the customers and prospects I talk to today discuss the challenges of managing shadow IT in their organisations but also recognise that public cloud could form a cornerstone of their IT strategy. Indeed, according to a Cisco report in 2015, the number of unauthorized cloud apps being used in the enterprise is 15 to 20 times higher than CIOs predicted. Hybrid IT offers organisations the opportunity to incorporate public cloud into the IT strategy where appropriate. The challenge for financial services organisations is to understand their application portfolio in detail and to overlay regulatory requirements on top of those applications. Other industries can often approach this piece of work from a different angle, ie which applications are cloud ready, financial services organisations need to ensure that regulatory requirements are also met. Once applications have been classified according to cloud readiness and adherence to regulatory requirements it is possible to build a Hybrid IT strategy where certain applications can be migrated to the cloud.
It is the adoption of a hybrid strategy that will deliver the most significant benefits to financial services organisations, however Gartner point out that a hybrid cloud computing model is still two to five years away from achieving mainstream adoption, with just 15% of enterprises consciously adopting a hybrid approach. In the past I have spent time with organisations who have treated the move to the cloud as a binary decision, I either will or I won’t. The complexities of managing multiple IT environments will not go away, however technologies that allow you to move workloads effectively and efficiently across multiple IT environments is becoming more readily available. Imagine if your Hybrid IT environment consisted of access to a public cloud for cheap, flexible compute. Your revenue generating applications are managed by yourself in a collocated environment as you do not wish to lose control. Regulated applications sit in the cloud with a 3rd party cloud provider to ensure data location and for longer term projects your 3rd party provider offered an enterprise cloud. It is when all these clouds align that you will reap the rewards of migrating to the cloud.