Banks, clouds and castles; the growth of cloud computing in banking

Share this post:

The castle walls of these incumbent banks are starting to open and the opportunities beyond the constrained world of the fortifications are tremendous

The growth of cloud computing across all industries has been well documented.  Across the board, the barriers to adoption (both perceived and regulatory) are being lowered.  When it comes to Financial Services, to generalise, they have been reluctant to adopt emerging technology; cloud computing has been no exception.  The complex nature of the organisations, coupled with a traditionally (very) cautious risk appetite, had delayed the adoption.  New market entrants have forced a more urgent approach to this paradigm and many banks are now embracing this shift toward digital transformation – powered by cloud adoption.

Every bank’s journey to the cloud is different.  It could be adopting to drive a reduction in time to market for new products and services; to address legacy application and platform issues or to provide cost effective burst capacity (amongst a very wide field of other reasons and drivers).  The path chosen for this journey can often be dictated by budget as well as risk appetite (from both a security and compliance perspective).  Many Tier 1 banks within Europe are currently favouring a more ‘gated’ private cloud deployment over more ‘open’ and cost-effective public cloud offerings.  This becomes more exaggerated when considering the location of regulated personal information such as current account data.

Just to level set – when I talk about the various modes of operation, I’m broadly talking about this:

• Public Cloud – available to the general public or a large industry group and owned by an organisation selling cloud services. Prime advantages are typically seen as lower cost and unlimited scalability leading to rapid provisioning and decommissioning (as well as billing that can now be calculated to the second). Many Software as a Service companies provision within this mode of operation, taking advantage of both the scalability and the lowered cost of operation.
• Private Cloud – either on or off-premise dedicated cloud infrastructure operated solely for an organisation and managed by either themselves or a third party. Prime advantages are more perceived security and compliance control as well as physical separation from other customers.
• Hybrid Cloud – traditional IT and public or private clouds (often both), that remain separate, but are bound together by technology that enables data and application portability, overseen by a control and management plane.

In established banking and financial services organisations, public cloud usage is still broadly isolated to development and test environments (with obfuscated data where applicable) rather than for the core banking platforms and systems.  New market entrants and FinTechs are more boldly exploiting the public cloud as each tier reacts to the task of integrating to their existing IT environment (or lack thereof) and the associated risk appetite.

Today’s security technology (encryption protocols, firewalls, incident and event management to name a few) is such that it can now be argued the data is ’secure’ regardless of where it resides.  Despite this technology led solution to a human led objection, the ‘emotional’ decision to host financial services data in a public cloud platform is often dependent on the risk appetite of the organisation. This is also balanced by the ‘table stake’ that each bank brings to the cloud question.  The larger the organisation, the higher the number of active customers and the public exposure to systemic risk creates a higher degree of scrutiny.  For the new market entrants, the customer’s tolerance to outages and ‘teething problems’ may be more charitably overlooked as their customer base tends to be more technology-aware and forgiving of outages resulting from innovation and boundary-pushing.

It’s become clear that the larger banks have a more cautious risk appetite to the emerging challengers, as well as a more complex existing infrastructure environment which drives a fractured approach to public cloud adoption within the financial services sector.  In addition, the higher the risk and their exposure to regulatory oversight, the lower the propensity to adopt.  This has driven a hybrid approach where organisations have multiple clouds and their core banking systems remain on premise, safely enthroned in the keep, behind the fortifications of their respective castles.  For those who have ventured into the public cloud, they are rewarded with the rapid development of cloud native applications, leveraging the rich functionality that can be found in these environments which is driving a new wave of digital banking solutions – both for FinTechs and innovation-minded incumbents.  The new challenge is to address the demands of the business to harness the power of this new change engine, whilst ensuring that the new horizon doesn’t present the next generation of lock-in.  This hybrid model needs a new way of working – cloud adoption needs to change the operations, the business expectations and the tooling to manage these new paradigms.

Where the question around public cloud versus on premise for infrastructure and platform as a service continues to be a hotly debated topic within the banks of the world, the crusade for adoption of Software as a Service (SaaS) solutions has seemingly been fought and won.  Companies, irrelevant of their size and systemic importance, are a long way through the adoption curve for a wide range of SaaS applications.  The wholesale adoption of these services, frequently hosted in the public cloud (often for both personal and confidential information) raises the question of risk appetite in chain outsourcing, where data could ultimately reside in data centres and organisations that may not have been expressly vetted.  Whilst the risk resides with the SaaS supplier, it does raise questions and should ultimately speed the take up of public cloud once risk functions catch up with this new reality.

When it comes to cloud adoption then small in preference to large, almost insurmountable steps should be considered. The phrase ‘walk before you can run’ is very true here. Focus on quick wins, in line with an overall enterprise cloud strategy, and a ‘cloud momentum and culture’ will be quickly achieved within the organisation. Trust in the new technology is paramount!

Tailor the journey to address the unique business requirements. That begins by understanding the characteristics of specific applications and workloads, and prioritising what to migrate vs modernise based on actual costs and other important business factors, such as the mission critical nature, the complexity of moving to the cloud or the need for rapid updates. This will give a clear understanding of what to retire, what to keep on traditional IT, and what to move to cloud first based on an actual cost/benefit factors.

Specific to mission critical applications, resiliency is of key importance and especially given the current regulator focus in this area. In this context, multi-site, or even multi-cloud options should be considered to achieve maximum service availability.

It’s still early days in the cloud computing journey.  Chapter one is written and those organisations that have taken the first steps into the hybrid world with multiple vendors are starting to reap the early benefits.  There’s much more to be done and the race is only just beginning for Financial Services.  The burden of responsibility, public perception and regulation is ensuring that steps are taken only once they have been debated, reviewed and stress-tested.  The opportunity for unlocking new insights, embedding emerging technology and addressing the needs of the customer in a more direct, effective and personal way is just beginning.  The castle walls of these incumbent banks are starting to open and the opportunities beyond the constrained world of the fortifications are tremendous.