Cloud computing is not a new name anymore, and its adoption is growing consistently across various industries. Public cloud is a disruptive technology, irresistible to the Financial Services Industry (FSI) due to its tremendous benefits, including agility, elasticity, time to market and on-demand provisioning, to name a few.
However, there are genuine concerns about the cloud’s adoption in FSI, and cloud providers are also innovating to meet the challenges faced by FSI.
What are the public cloud challenges faced by FSI?
Finance is a business with a high risk of exposure in terms of money, volume of customers, reputation, fraud, crime, and direct impact on economy, hence making it a highly regulated industry.
Considering the above risk factors, FSI has various concerns regarding security, compliance, location of data, vendor lock-in, fear of losing intellectual property, and control on critical core banking systems when it comes to adoption of the public cloud.
According to a report published by ENISA in December 2015, data confidentiality, data breach, compliance, and legal issues were the major concerns for FS clients, and they were more prone to use non-financial applications in public cloud – for example e-mail, software development, and software testing.
Another reason for sluggish adoption of public cloud in FSI are those long-lived legacy systems that need a tremendous amount of expenditure and effort for migration.
What is currently happening in this space?
The perception of public cloud security is changing, and it is becoming accepted that cloud providers do maintain security that often exceeds the security capabilities of private data centres.
On the other hand, regulators have also shown their confidence of the public cloud. Financial Conduct Authority (FCA) released guidance in July 2016 for firms on use of cloud service providers when it comes to outsourcing.
This is encouraging for FSIs and cloud service providers (CSPs); it may change the perception of UK FSI towards acceptability of public cloud by regulatory bodies. However, it is not that straightforward for firms that are operating in multiple geographic locations.
CSPs have also come up with a variety of services to address the challenges. They have designed their public clouds to meet local land regulation. For example, CSPs are now able to ensure the location of data in a defined geographic location or on a reserved physical host.
Innovative cloud solutions like microservices and containerised applications have made it possible to interoperate with other cloud providers to mitigate the risk of vendor lock-in. As a result, many small FS firms and start-ups have started operating fully in public cloud, and major banks have started piloting before they decide on migration.
In summary, financial service firms have been using the private cloud to take advantage of the many benefits of cloud technology. However, a public cloud takes the competitive edge when it comes to fully utilising cloud technology due to the availability of pay as you go (PAYG) cost models, better resilience, and the constant piloting of new features.
Therefore, the FSI is showing an inclination towards the public cloud despite various challenges faced by this highly regulated industry.
Public cloud services are innovating and maturing to meet the FSI challenges, and the culture in the FSI is also adapting to these changes. The security and trust concerns of FSI on public cloud computing are diminishing, and it is just a matter of time when FSI will approve the ‘cloud-first approach’ for public cloud services.
To learn more about staying secure in the cloud, find out what 18 experts advise for effective and secure cloud migration, here.
About the Author: Pranay Mishra is a cyber security professional with more than 15 years of experience in advising global organizations on managing and strengthening their cyber security, primarily in financial and retails sector in USA and UK.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.