Finance in the cloud

Banking on the cloud?

Recently released data has shown that increased use of cloud and IT outsourcing could be on the cards for banks and insurance companies. But how exactly will they adopt it, considering that until now it has been largely regarded with scepticism by the sector? Daniel Ball of Wax Digital outlines what financial institutions are doing to source, manage and maintain a cloud infrastructure suitable for their unique market conditions.

While other industry sectors have forged ahead with its adoption, cloud computing has been approached with considerable caution across the banking and financial services sectors, and in many ways rightly so. In a highly regulated environment where data security is paramount, putting critical business processes and data in the hands of a third party without close scrutiny could easily spell trouble. Let’s face it, no bank wants to be the one that chooses cloud and ends up embroiled in the scandal of a major data
breach.

Banks face a rather unique position. On one hand they must be doubly secure; the ramifications of the banking crisis and recession still echo through the corridors of every institution. On the other hand they know they need to change to compete in the future, with greater customer centricity and improved operating models key watchwords. According to PWC’s Banking 2020 research, 61% of bankers consider a customer centric business model to be very important, but less than 20% of them are very prepared for it. They’re crying out to change as businesses but must do so with the utmost caution.

While the wrong approach to cloud can definitely expose banks to risk, outsourcing IT and moving the right things to the right form of cloud can be positive steps in enacting changes, such as reducing fixed overheads, downsizing internally and shifting focus from complex processes to where time should be really spent – on understanding what the customer wants and delivering it. Cloud can also go beyond tidying up the back office. It can also drive innovation by allowing a bank to take advantage of new technology and expertly executed business processes.

And this seems to be where the industry’s view now lies. Indeed, in recent research by Finextra 49% of banks said that they will increase IT outsourcing in 2015 compared to just 9% planning to decrease it – suggesting an upward
trend in the number of banks entrusting their IT to third parties.

Similarly, in a new research study by the Cloud Security Alliance (CSA) over 60% of banks, credit unions and insurance companies surveyed across 20 countries said that they are currently working on their cloud strategy –
suggesting that a majority of banks have decided that cloud has a place in their business, but they are still deciding on the right type of cloud for them.

Our own experience as a cloud eProcurement software provider echoes this. In the last six months we have seen more incoming enquiries from banks and financial services companies than any other sector and have now helped six high street institutions move their supplier sourcing and procurement processes into to the cloud. And working with them has proven that an additionally rigorous approach is required to validate and implement such strategies in a compliant manner compared to other markets.

But in what form has cloud become acceptable? In the CSA’s research cited earlier, 47% said that they are considering a sophisticated mix of in-house, private, public and hybrid environments. This suggests that while cloud and outsourcing are becoming integral parts of their strategy, pure Software as a Service and public cloud models are considered to be too straight-jacketed and limiting for the specific needs of the banking sector – especially where confidential data is concerned.

Five of the six institutions we work with have made major investments in cloud based Purchase to Pay or Source to Pay technology, designed to offer an experience similar to online shopping (or indeed banking) to hundreds of
employees that need to raise requests for goods and services, from marketing material to temporary staff and all things in between. In these cases a cloud approach is helping them to innovate in procurement, providing a more
intuitive user experience to help drive adoption and compliance within the bank, enabling better supply-chain collaboration and risk management and facilitating effective, proactive contract management.

What has been really important in facilitating that move to an intuitive cloud system is demonstrable security and process compliance, at the level required to host and manage bank data in the cloud. Security protocols that
go far beyond the norm are essential, as are accreditations such as ISO9001, Cyber Security Plus, and ISO27001 to demonstrate a commitment to process rigour.

In essence the picture that appears to be emerging is that banks’ preferred approach to cloud is the delivery of software services but via private cloud rather than shared or public cloud infrastructures or those offered as
standard by software and technology providers, even though generally secure. A private cloud can either mean an internally operated cloud (data centre or server stack) protected by the corporate firewall, or a dedicated segment of a 3rd party data centre with added security and no server sharing.

Financial institutions have a stronger duty of care than other organisations to scrutinise the risks of handing processes and data over to others. They must also ensure a double lining of water-tightness in the cloud and IT
contracts that they put in place. It’s essential that banks look to work with providers that can flex their cloud delivery model to provide tailored levels of security and private cloud infrastructure to meet the demands of regulators and their own security policies. Then they can take advantage of all the cloud has to offer, safe in the knowledge that it is right for them, their own bank balance, their customers and their risk profile.