Cloud computing for financial service providers: Now the opportunities outweigh the risks
By Juergen Luebeck, Aug 20, 2020 in Industry
Until recently, regulatory requirements have been the main obstacle. But by this time, however, German financial service providers are increasingly using the opportunities of the cloud in the course of digitization.
This leads to rather specific challenges for the migration and provision of data. Advantage: The maturity level of established cloud offerings and supporting technological solutions available today enables the whole financial industry to leverage the added value of these solutions to meet all regulatory requirements – more efficiently and securely than in purely local environments.
Reasons and drivers for moving to the cloud
Both a curse and a blessing: financial service providers possess very large amounts of data. Literally a treasure trove that – if used correctly – contains knowledge and insights that can enable them to react in real time to changing market conditions and secure decisive competitive advantages.
A prerequisite for this is that this data has to be consistent at all times and across all systems – and must be available in accordance with regulatory requirements.
A key driver for moving data into the cloud is therefore the ability to reliably provide it across distributed environments.
The other driver is the issue of cost savings: Using cloud solutions can significantly reduce expenditure on infrastructure, compute power and storage capacity. Not only is it often less expensive to provide data storage in the cloud than on-premises, for example – the gain in flexibility and elasticity also leads to considerable cost savings.
In addition, the cloud ensures that hardware and software systems are always provided in line with the latest technical and regulatory standards. Financial service providers are therefore investing in their digital future and acting cost-consciously at the same time.
More and more financial service providers consider the cloud as the starting point for digital-based business models and future corporate success. It is no longer a question of whether they should use cloud solutions, but for which applications and in which operating form they do best. Data consistency and availability are decisive factors for more flexibility and agility – e.g. to shorten time-to-market or accelerating the concept-to-cash cycle with the help of the cloud.
Specific challenges and perceived hurdles...
Until now, financial service providers have mostly moved smaller non-critical applications to the cloud to gain experience and take the first steps in digital application development. In order to exploit the full innovation and productivity potential, it is now necessary to transfer business-critical data and applications to the cloud.
However, decision-makers are still struggling with this, leaving competitive advantages untapped. This is often only because the specific challenges and perceived hurdles seem high – or they simply do not know that solutions already exist that meet the technology, security and compliance requirements.
Know-how and understanding
The great cloud potential and the relevance of the availability of business-critical data for the implementation of future digital business models are not yet fully recognized by experts and management alike. Obstacles are the lack of technological know-how and experience in the implementation and operation of new technologies. Especially in interaction with systems that are not being moved to the cloud or won’t be moved until a later date.
Here, the first step is to build up a fundamental understanding of digital business models and their processes in distributed environments and the specialist departments. Dealing with new technologies also changes the demands on the employees involved in many areas of a company.
Security and availability
In addition to general security concerns about potential cloud providers, financial service providers avoid migrating business-critical data to the cloud primarily for fear of downtime, loss of control or data loss.
To counter this, the infrastructure needs to be designed in such a way that downtime or data loss can be sustainably reduced or at best completely eliminated. Hybrid or multi-cloud models now offer the highest level of reliability and data resilience.
Initially, this requires the secure and consistent migration of data to the cloud, giving full access to this data during the migration, which can take several weeks.
However, this elementary requirement does not only apply to data migration, but extends to the entire life cycle of highly complex and integrated systems. Real competitive advantages only arise when business-critical data is consistently available at any time, any place and at any time. Between on-premises and cloud environments as well as in multi-cloud environments.
Regulation and compliance
Perhaps the greatest hurdle is the concern about possible problems with regulation and the requirements of the Federal Financial Supervisory Authority (BaFin) in Germany. In many cases, financial service providers are of the unfounded opinion that their regulations prevent them from outsourcing data and services to the cloud and to cloud providers.
It is worth taking a look at the details and the three main BaFin guidelines that ensure compliance:
- BAIT – the banking supervisory requirements for IT regulate topics such as IT security, data protection and application development
- MaRisk – the minimum requirements for risk management define requirements for the implementation of IT security, especially with regard to risk management
- MaComp – the minimum requirements for the compliance function provide guidance for the practical implementation of conduct, organisation and transparency obligations
They are supplemented by the requirements catalogue Cloud Computing (C5) of the German Federal Office for Information Security (BSI), which defines the requirements cloud providers have to meet. In addition, the hosting partner has to ensure that all essential compliance guidelines are observed.
These guidelines are much more help than obstacle or hurdle – and they need to be adhered to. Banks and financial service providers must be able to rely one hundred percent on a partner for the migration and replication of their data to meet all compliance requirements.
By choosing the right external partners, whose managed cloud and data services meet not only the high security, performance and availability requirements but also the regulatory requirements, nothing will block the way to a successful use of the cloud.
... and how to solve them
Key to the full innovation and productivity potential of cloud computing is a comprehensive data management or LiveData strategy that ensures data consistency and availability across all interfaces and locations – regardless of the amount of data.
Such a fundamental strategy opens up innovative individual application scenarios for the successful use of a company's own data treasure. The automated process guarantees complete data consistency – at any time and on all systems involved, in a wide variety of contexts and especially in production environments.
The following application examples from financial service providers show in detail what such a strategy can look like:
To optimally meet both business and regulatory requirements for availability and performance, the case of a US commercial and retail bank and its implementation of big data applications for credit card fraud detection and credit risk analysis illustrates how such a strategy can look like in detail.
Optimal data availability and reliability in a complex system of multi-regional cloud locations is illustrated by a large financial institution using WANdisco solutions for uninterrupted cloud-based business operations and meeting all regulatory requirements flawlessly.
Likewise the current example of a US Fortune 50 bank, which achieves full data resilience for thousands of business-critical big-data applications. Across thousands of nodes and for multiple users, without downtime or data loss.
Or a regulator itself, that monitors financial trading practices and uses WANdisco LiveData Platform to move a daily influx of 75 billion records between different cloud vendors and to analyze and store the data.
About the author
Juergen Luebeck, Regional Director DACH, WANdisco
Juergen Luebeck, Regional Director DACH at WANdisco, has more than twenty years of experience in application and data management in the cloud. He is an expert in the concerns and developments of the IT industry and the technical and economic requirements for handling large amounts of business-critical data.