Insight

Financial Risks?

Cloud

As the financial sector embraces cloud technologies Roberto Mircoli, CTO at Virtustream, the cloud management and infrastructure firm bought by Dell EMC in 2015, asks, what are the critical factors for success?

Today, to maintain competitive advantage, financial institutions need to be increasingly agile and quick in how they respond to fast-changing customer expectations and ultimately beat their competitors.

This summer the European Banking Authority (EBA) published a report that provided analysis of the risks and opportunities relating to the adoption of new innovative technologies including outsourcing core banking and payment systems to the public, hybrid and private cloud.

In recent years, there has been increasing interest from financial institutions in working with cloud service providers and although that interest was initially focused on migrating non-core applications to the cloud, the EBA found that many financial institutions are now exploring how to migrate core mission critical systems to the cloud.

According to Roberto Mircoli, CTO at Virtustream, the underlying concern of course is that in such a security‑intensive and highly‑regulated industry, no one size ‘cloud’ fits all.

“So while it’s key that cloud providers standardise to very high service standards, those who also provide specialised service offerings and keep themselves open to individual use cases and customers’ requirements – e.g., for mission critical workloads ‑ clearly have an edge.

This is precisely what Virtustream was built for, combined with a very high level of automation which reduces human intervention in the most complex IT operation processes, increasing efficiency and lowering risk exposure.”

The EPA report goes on to outline two main criteria that need to be met to ensure financial institutions are making the move to cloud correctly. These include ‘choosing the right cloud service partner (CSP) on its journey’ and ‘ensuring the internal organisation can meet the needs for this transformation alongside its CSP partner’.

On finding the right CSP Mircoli says financial institutions must select the partner that is right and suitable for their needs.

“This will depend on the project in question, the institution’s overall strategy and the regulatory requirements that the organisation must meet. The organisation must also consider what data is appropriate and necessary to migrate to the cloud; remembering that they don’t necessarily need to take an ‘all or nothing’ approach to cloud services.

Likewise, any CSP that an institution works with must have a firm understanding of the relevant compliance landscape. It is important to be able to demonstrate that a judgment call can be made when required. For example, this involves documenting the reasonable action that has been taken to prevent or mitigate a data breach or loss, creating a full ‘audit trail’ and evidence of the company’s compliance.”

The role of IT teams

The EBA report also went on to outline how the role of IT staff in financial institutions could possibly undergo a significant transformation with increased cloud outsourcing services, whereby roles convert into support and consultation for cloud service selection, engagement and management.

Mircoli says this is where the adoption of an enterprise‑class cloud provider with managed public cloud services that deliver private cloud attributes is really important, as this strategically enables a new operating model for IT; one that is based on business outcomes and has close alignment between IT and the business.

“What I mean by this is having an operating model in place that delivers the ability to quickly implement new ideas so that the organisation can tap into new revenue streams and acquire new customers; a model that lowers complexity and – with that ‑ also actively improves the risk posture.

Adopting a cloud operating model across all areas of the business is probably the most difficult part of the transformation. The key aspect to remember here is that it means working more closely with the business; it means adopting an IT operating model that is services and software product-oriented, not technology or project-oriented.”

Ed Says...

As cloud services become more integral to the whole organisation, so CSPs are going to quickly become part of the financial/banking infrastructure. However, the risks involved in outsourcing data to the cloud carry wider potential consequences for any financial institution.