Every day companies around the world are finding new and innovative ways of exploiting public cloud technologies. The overall growth of cloud adoption continues to increase at double digit rates and public cloud providers are facilitating unprecedented levels of innovation, agility, insight, and cost reduction.
At the heart of their offering is a fundamental understanding of how to apply technology at scale – hence the term hyperscalers. In contrast, financial services institutions have taken a slow and cautious approach towards cloud adoption. There are understandable reasons for this, but many of the perceived challenges and assumptions on cloud need revaluating as the competitive advantages on offer can only be experienced through cloud technology.
Regulation and compliance
Financial firms have cited regulation and compliance as the biggest challenges to overcome in cloud migration. In a paper published in February 2017 ¹, the BBA identified seven barriers to cloud adoption, which included:
- Approach to ‘important’ and ‘critical’ functions
- Supervision and oversight
- Regulatory authority access
- Risk framework
- Location of data
- Data breaches and monitoring
This list of challenges that banks need to overcome are daunting, however, regulatory authorities globally are engaging in a dialogue around cloud adoption and are providing greater clarity and guidance.
Their attitude is softening as there is a growing appreciation that the obstacles can be overcome, and that the benefits are significant for all stakeholders; the financial services institutions, the regulators and of course the end customers.
Taking services beyond the private boundaries of an organisation raises security concerns at a time when cybersecurity is high on the worry list of most CIOs and CTOs. However, the counterargument to these concerns is that the cloud providers can and do operate security standards that often exceed those of the financial institutions themselves. Their scale and focus on cloud enables them to hire and retain world leading experts and to rapidly and continually apply advanced approaches and technologies, without having to deal with the incumbent legacy IT estates that most financial firms have to contend with.
The costs and complexity of cloud migration can be daunting for many institutions. The business case for deconstructing existing legacy architectures and investing in migration can be hard to make, particularly in light of the step-change requirement typically associated with infrastructure cost reduction programmes (e.g. what does it take to get out of a data centre?). This issue is somewhat mitigated by the rapid rise in tooling that facilitates cloud migration. Furthermore, adopting a ‘cloud first’ approach avoids the issue altogether. However, in the long term the question becomes one of whether financial institutions can keep building on their legacy architecture and processes and stay compliant, competitive and cost effective. Increasingly, when compared to cloud enabled organisations, the answer will be a resounding “no”.
Data and data architecture
Managing the confidentiality, availability and integrity of data is an existing challenge for IT executives and one that is exacerbated by moving to public cloud. A secondary consideration is also how data should be architected in a typical hybrid private / public cloud model, since this is likely to be the adoption model of choice for some time. Taking the first issue, cloud providers are able to deliver comprehensive ways of ensuring confidentiality through encryption of data in transit and at rest, and extensive access control and monitoring of data changes. In addition to this, they provide advanced database technologies for data integrity (Google’s recently launched Cloud Spanner product being a great example). Architecting data for a hybrid cloud model must consider cost, latency as well as integrity. Despite the challenging nature of such a hybrid model, this is a key opportunity to address long standing data architecture deficiencies inherent in many legacy estates.
Culture and organisation
To fully exploit the cloud a fundamental change in culture and organisation is required. Arguably, this is both the biggest challenge and opportunity for many financial service institutions. Delivering on agility requires the effective adoption of Agile methods, coupled with DevOps practices. In addition, Agile represents a change in the engagement between IT and the Business. DevOps challenges organisational silos that exist across: Development, Support, Testing, Infrastructure, Security, and Compliance. Both DevOps and cloud adoption significantly changes the role of the IT infrastructure team.
Some of these internal teams, impacted by the kind of change needed to gain the maximum benefit from newer technologies and approaches, are likely to be highly resistant. Historically their roles been to protect the business from the potentially devastating impacts that a poorly governed IT implementation (i.e. change) can have. In contrast, a growing awareness of the sort of empowerment and step change that these same technologies and approaches can bring should encourage business stakeholders to press for acceleration.
The resolution to this tension must come from ‘top-down’ leadership, delivering a well-articulated vision for the role of cloud, combined with a change management programme that is highly inclusive.
There can be no doubt that cloud technology will have a profound impact on the future of IT delivery for financial services organisations. The simple truth is that the public cloud offers enormous competitive advantage that cannot be realistically or economically achieved using existing on-premises architectures.
The opportunity to free IT from many of their current constraints, and thus free the business from the constraints of IT, should be a source of optimism for both. Overcoming the many obstacles to cloud adoption takes dedication, persistence, imagination and time, as well as expertise that is scarce in today’s market.
¹ Banking on Cloud: A discussion paper by the BBA and Pinsent Masons, May 2017