In this article called “Why do banking institutions no longer fear the cloud?” Information Age does an excellent job describing the benefits of cloud computing, but doesn’t shed much light on how bank security and third party management requirements continue to challenge large scale cloud deployments. In the UK, financial services have found some relief because the Financial Conduct Authority (FCA) provided guidance regarding how regulated firms can outsource to the cloud, but no such guidance is yet available to US Banks. Instead each US bank must convince its regional inspectors that it has appropriately managed 3rd party risk. While this doesn’t prevent adoption of cloud services for non-strategic solutions, such as Microsoft’s Office 360, analysis of big data, or for specialized cloud solutions such as Finastra’s, it does still raise unique concerns that must be addressed:
“Martin Häring, chief marketing officer at Finastra, says there has been “a significant turnaround in banks’ attitudes to the use of cloud in financial services over the last few years – and there’s no doubt this is being driven in part by PSD2 and open banking.”
“In the past, banks and financial institutions showed hesitation in adopting cloud-based offerings, citing potential security concerns and risks associated with migrating from on-premises systems. Today, it’s more common for financial institutions to embrace cloud-based applications, as they realise the benefits they can deliver in terms of cost reduction and efficiency.”
He rightly points out, too, that many banks have stuck with private cloud solutions. Cloud security has been a long-held concern. However, he finds that public cloud adoption in banking is now growing. “With Azure, Microsoft has seen strong cloud adoption in the financial services industry, with more than 80% of the world’s largest banks and more than 85% of the global, systemically important financial institutions now using their solution”, he comments.
For IT and data security reasons, as well as for regulatory compliance, banks have, in the past, felt it necessary to follow a closed approach to their systems and customer data.
This was the norm, but they are now being pushed to adopt open banking by opening up their systems to collaborate with a wide range of partners. This new approach to banking is forcing them to need to change.
Slow to change
However, change doesn’t happen overnight in the banking sector. Banks have, therefore, taken a slow and cautious approach towards adopting public and hybrid clouds. “While they recognise it can be beneficial in delivering agility, innovation and cost reduction, there have previously been concerns around regulation, security, data and legacy technology, says Häring.
Educating businesses from the top to the bottom of their organisational structures remains the biggest challenge. Banks now need to adopt an increasingly cloud-focused culture, and this must be pervasive throughout their organisations. After all, every type of cloud has proven to be viable for hosting solutions. Over the course of time, this will create more confidence in the technology to the point that it will become commonplace.
Cultural change
Yet to achieve this, banks must adopt a cloud-focused culture throughout their organisations. First, there is the perception that the cloud isn’t secure. To some people that is just a myth, but data security is as crucial as it has always been – whether or not the looming spectre of compliance to the EU’s Global Data Protection Regulations falls on 25th May 2018. Protecting your customer data, software and systems has always been an imperative – one that can be achieved with all the types of cloud.
So Häring is perhaps right to cite that cloud providers, such as Microsoft, “have already demonstrated that they can offer services securely to multiple industries on a global basis. In addition, there are multiple regulatory, privacy and security rules that these providers must adhere to, and with the GDPR deadline fast approaching, these services can only become even more secure.”
The article continues with an effort to link the Open Banking initiative to the need for institutions to adopt cloud computing, which is a tenuous link at best. It’s very last sentence jams in the terms artificial intelligence and machine learning for no reason that I can discern.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group