In this article we take a look at how cloud computing is impacting the financial services industry and set out some of the key principles that management need to focus on when developing a strategy for their organisation’s adoption of cloud computing.
Reducing capital expenditure
The advent of cloud computing means that previous costly expenditure incurred in buying server hardware is no longer an obstacle. Rather than purchasing dedicated hardware which typically resulted in high Capital Expenditure (CapEx) costs, organisations can now fund projects based on Operational Expenditure (OpEx), with the ensuing benefits to the annual bottom line. As a result, organisations are effectively renting computing power on a per-project basis, allowing them to increase flexibility and agility. It is now much more feasible to spin up and spin down new rented hardware environments to prototype and test new services for their partners and customers prior to putting into a production environment.
Reduce the barriers to innovation
Another key benefit of cloud computing is that it offers financial institutions a greater degree of agility and flexibility throughout the various lifecycle stages of launching a new product or service. From the initial “scratch pad” development and testing environment through to eventual production phases, institutions can leverage cloud computing unconstrained by previous physical hardware costs. This results in a greater degree of flexibility and efficiency in the testing and innovation process.
Avoiding cloud lock in
Thankfully, cloud computing is not immune to the basic rules of economics, which means that the growth in the number of cloud computing infrastructure providers has resulted in increased price competition for their services. Although Amazon’s EC2 (Elastic Compute Cloud) gets the bulk of cloud publicity, other providers such as Terremark and Rackspace are also significant. The key for IT managers seeking to take advantage of the wide choice of cloud computing vendors and competitive pricing is to avoid being locked in with one provider. The solution is to put in place an infrastructure that allows the organisation to quickly and seamlessly switch services between choice of vendors - depending on the organisation’s needs and the service providers’ pricing.
Infrastructure as a service provider
One option to achieve this is to use a broker architecture that ensures an organisation does not hard-wire its infrastructure into a single cloud provider. This approach enables organisations to easily choose between cloud service providers and manages the subtle differences between the various providers, in terms of pricing, how an organisation connects to them and how it manages the associated keys and so on.
As Gartner notes (1) “Customers will be able to consume multiple cloud services in a more user-friendly fashion, with the complexities of managing multiple service providers throughout the supply chain reduced significantly, if not removed all together.” This level of interaction via a broker architecture means an organisation is not hard-wiring all its systems to one cloud service provider and allows them to leverage the best cloud service provider based on specific requirements and pricing.
Apart from cost, the other concern with outsourcing computing resources is the guarantee of service availability. If a financial services organisation is using its own datacentre, it can mitigate and prepare for outages. However, if it is using a cloud computing service, it has to put all its trust in the cloud service provider delivering on its Service Level Agreement (SLA). The recent high-profile outages at Amazon and Microsoft Azure, as well as security issues at DropBox and Sony, only add to the argument that cloud computing poses substantial risks for enterprises. Consequently it is advisable for an organisation to build redundancy into their cloud-based infrastructure and to put in place an infrastructure that proactively monitors the service. This means the user does not have to wholly trust the cloud service provider as they have set up another infrastructure to deal with any outages or SLA breaches. This infrastructure typically involves a cloud broker providing an audit trail capturing details of outages and providing useful independent information in the event of a billing dispute with a cloud service provider. Additionally, it is prudent for an organisation to spread their business between multiple cloud service providers to ensure a continuation of service should one provider have an outage.
Security concerns around cloud computing continue to be a major issue within the financial services sector. Given the obvious sensitivity of data and the regulated environment within which most financial service providers operate, IT needs to be sure that any data exposed on the cloud is actually protected. Even though the cloud service provider will provide assurances of privacy, the financial institution must augment this approach with its own safeguards also. Enterprises have spent millions of dollars on security infrastructure, including identity and access management, data security and application security. They have also spent years rolling out and implementing critical controls to mitigate security risks and are now loathe to, and would be foolish to throw away these processes at the “first sign of a cloud instance”.
Consequently, the majority of financial services organisations are initially using cloud services for more controlled activities including financial modeling, testing data and leveraging its computing power for developing new applications. Ultimately, for cloud computing to gain full acceptance within the financial services world, cloud services must be seamlessly integrated into existing security platforms and processes.
Another key concern around cloud computing services is the topic of governance. It is important to apply a layer of governance to the usage of cloud computing, since of course, all cloud computing services have to be paid for. Often these services are linked to the corporate credit card, so it is important to ensure usage is managed properly.
One way to achieve effective management is to avoid an ad hoc system where developers are given issued key to use cloud services, such as Amazon EC2, as they wish. If virtual machines in the cloud are not switched off when no longer needed, this can result in high costs that can negate the advantages of cloud computing. A more cost effective option is to manage cloud services usage centrally. This approach allows an organisation to manage usage, insert alerts and apply role-based restrictions and meter service usage. It also enables effective governance regarding cloud services usage and reassures the corporation’s CIO, that billing costs will be well managed. The central management of cloud service usage also enables effective governance as it provides access to an audit trail indicating usage. This information is critical to ensure compliance within regulations such as Sarbanes-Oxley among others.
Future directions for cloud computing in financial services
Financial services organisations are starting to use cloud computing technologies in a number of areas, in particular for mobile applications, innovation testing and micro-banking. We look at each in turn.
Mobile applications are ideally suited to running in the cloud because it is often infeasible to connect mobile clients directly into internal systems, whereas all mobile clients can readily connect to publicly-available cloud services. Banks are now offering mobile applications to online banking customers and partners. Within the insurance industry, companies often want to give mobile applications to agents who will then be able to request quotes, get status updates and send in reports on accidents via a mobile interface. In this case rather than opening up a path into the system, mobile applications are provided by the cloud and then connect back into internal system.
Mobile banking apps
The challenge in managing cloud computing and mobile applications is the difficulty of linking these applications into internal infrastructure. This infrastructure typically resides behind the firewall, so an IT manager has to square the circle between the cloud and all existing enterprise infrastructure. Gateway technologies can help link from the cloud to the internal infrastructure.
New Service R&D
Financial services organisations are also increasingly leveraging the computing power that cloud services offer for research and development and testing of new services prior to any attempt at going into production. For example, the concept of “cloud bursting” enables organisations to leverage computing power on demand to run tests or do financial modeling without the huge investment of buying a data centre.
Many IT managers have been wary of cloud computing because of the prospect of private and sensitive data being sent up to third-party cloud services. However, with the development of technologies enabling the tokenisation of data, there is now an opportunity to replace any private information with a random token that can be sent to the cloud service provider, and then swapped back with the real data when retrieved. In this way, the private data is never sent to the cloud provider. Usage of tokenisation will certainly help the broader adoption of cloud computing within the financial services industry.
Another trend emerging is the adoption in developing countries of cloud whereby micro banks are running their entire business on cloud computing. In such greenfield scenarios where there has been limited prior investment in technology, it makes a lot of sense for micro banks to leverage cloud computing as opposed to making the capital expenditure on actual data centres.
To conclude, while there are certainly obstacles to the adoption of cloud computing within financial services, it is clear it offers huge benefits and will continue to evolve and grow in adoption within the sector.
1. Gartner, Inc., Predicts 2012: Cloud Services Brokerage Will Bring New Benefits and Planning Challenges, Daryl C. Plummer, et al, November 22, 2011.
Get HelpContact Us
Follow Us on: