By Cary Springfield, International Banker
The Big Data Revolution that has taken hold in recent years is now causing industries around the world to improve their capacity to access and mine data from all sorts of sources. In doing so, existing information-technology (IT) infrastructure is now being put under severe pressure, while increasingly innovative digital solutions continue to be sought, not least in the banking sector. And among the sector’s most transformative digital solutions is cloud computing.
The cloud is proving to be a superior option to boost capacity to handle data, and is now providing an unrivalled level of agility, security and scalability to banks. For use cases such as data analytics, batch processing and data storage, banks can access the cloud as and when required, which means they can utilise such resources more flexibly and efficiently. Cloud computing is also enabling financial institutions to achieve considerable gains in efficiency and reductions in costs, as the technology requires banks to pay for only the services they use. Ultimately, this means that for testing new applications, it is much more cost-effective to do so on the cloud than on existing IT infrastructure.
The British Bankers’ Association (BBA) has identified three key drivers for adoption of public cloud-based services by banks:
Agile innovation. Accessing the cloud can increase banks’ ability to innovate “by enhancing agility, efficiency and productivity”. It can also help banks to reallocate resources away from the administration of IT infrastructure, and towards innovation and fast delivery of products and services to markets.
Risk mitigation.The cloud can help to lower risks associated with traditional technology, such as capacity, redundancy and resiliency concerns. Moreover, the ability of cloud computing to scale can equip banks with more control over issues such as security.
Cost benefits. The cost savings of public cloud solutions are significant, especially given the reduction in initial capital-expenditure requirements for traditional IT infrastructure. During periods of peak customer demand, moreover, the cloud can allow banks to manage computing capacity more efficiently. And when the cloud is adopted for risk-mitigation and innovation purposes, cost benefits arise from the resultant improvements in business efficiency.
From a regulatory perspective, moreover, the scalability of the cloud means that banks can scan potentially thousands of transactions per second, which dramatically improves the industry’s ability to combat financial crime, such as fraud and money laundering.
Although the rate of cloud adoption within the banking industry still has much room for growth, it is clear that some banks are already moving heavily into this new technology. Last month, for instance, Westpac revealed that it is speeding up the process of moving all of its core banking applications into the cloud. According to the Australian banking major, its new private cloud environment, which is based on IBM Cloud technology, is expected to make development 10 times faster and three times cheaper. According to its chief information officer, Dave Curran, the best part of the transition is “the level of automation, with over 100 automated integrations, which means there are 100 tasks that would previously have been manual that we no longer have to waste time with.”
However, there are also significant regulatory implications of cloud adoption for banks, with financial watchdogs around the world concerned about a handful of key issues. Among them is the matter of ensuring service continuity for customers in the face of any potential mishaps on the cloud; banks must ensure that they can transition from the cloud back to their own databases in such scenarios. Other important issues being currently scrutinised include how personal information is stored, how it is used, customer data protection, dependence on third-party providers and security of cloud infrastructure, while the potential for financial data to be mixed with other data on shared servers is also likely to be under the watchful eyes of regulators.
The Bank of England (BoE) is expected to soon begin testing the resilience of banks in the event of a disruption to the cloud, while the central bank’s Prudential Regulation Authority (PRA) is likely to conduct further research into the technology as a possible precursor to implementing regulation. In the United States, meanwhile, the Office of the Comptroller of the Currency is examining the relationships between banks and third-party vendors, such as cloud providers. This is of particular concern given that big tech companies that dominate the cloud-provision sector, such as Microsoft, Google and Amazon, are much less regulated than banks, which means that they must deliver their services whilst being compliant with existing banking rules.
And in January, the European Banking Authority (EBA) published its guidance on the use of cloud-service providers by financial institutions. The recommendations focus mainly on risk management by identifying specific challenges to banks, including “data protection and location, security issues and concentration risk, not only from the point of view of individual institutions but also at industry level, as large suppliers of cloud services can become a single point of failure when many institutions rely on them”.
Security is also a significant challenge when considering an industry-wide migration from traditional IT infrastructure to cloud computing, especially surrounding the issue of customer-data confidentiality. According to the EBA’s recommendations, this should be addressed by banks prior to any cloud outsourcing, by deciding on “an appropriate level of protection of data confidentiality, continuity of activities outsourced, and integrity and traceability of data and systems in the context of the intended cloud outsourcing”. Financial institutions should also check whether measures are required for specific scenarios, including “data in transit, data in memory and data at rest, such as the use of encryption technologies in combination with an appropriate key management architecture”. Indeed, much of the evidence suggests that the cloud can be just as secure as private data centres, while many are predicting that in terms of computing power, the next few years will see the cloud surpass the aggregate power used in all private data centres combined.
Speaking to the Financial Times in April, Microsoft said it believed that the key to successful cloud adoption in financial services “will be a tight partnership between regulators, financial institutions and cloud providers to ensure that the right frameworks, programs and processes are in place as financial services providers increase their usage of cloud services”. But given the multitude of benefits banks are already experiencing from utilising this technology, it seems more a case of when the industry goes full steam ahead with cloud adoption rather than if.