Streamlined and secure: How the cloud will benefit core banking

7 February 2018

Cloud, namely VDI, is one of the fastest growing solutions as CIOs quickly realise that the vast improvements in security and underlying infrastructure are paving the way to greater efficiency, reduced IT spend, and greater scalability.

In 2018, we continue to see maturing cloud technology accepted into mainstream enterprise operations. 


The cloud and financial services: Not all plain sailing

The relationship that financial services has with the cloud is stilted and reluctant, going by what we hear from clients in the cloud solution space. It is a reluctance born from asking the right questions, and banking professionals are right to approach the topic with a degree of cynicism.

However, enterprise migration to the cloud is ultimately the only viable path to future IT scalability – once, of course, existing legacy system restraints and regulatory concerns are consolidated.

By and large, the main obstacle preventing industry adoption has been a lack of understanding and uncertainty around the cloud. Indeed, the term itself is nebulous, and is difficult to explain without a whole host of jargon that is tiredly swatted aside by bankers for their various IT departments to deal with.

Why not only IT should take the cloud seriously

Interdepartmental miscommunication has also frustrated efforts to modernise banking IT. The last ten years have seen IT departments jostle for supremacy within the enterprise as the wider tech revolution pushes new products and solutions to be threaded into operations, risk and compliance. It is precisely that interdepartmental cooperation (or lack thereof) that leaves senior decision makers scratching their heads as a costly department demands more budget to innovate and replace existing systems with no evidential guarantee of success.

Another consequence of the tech and fintech revolutions has been the loss of the banks’ monopoly on the brightest, best and most forward-thinking technologists. The constant dilemma of legacy system inertia versus the vibrant technologically advanced start-up scene has seen many disillusioned former IT specialists jumping to faster ships.

Traditional banks are by no means proud of the inefficiency of their core systems, and they understand better than anyone how a streamlined business improves the bottom line. More often than not, banks will jump at the chance to enhance efficiency, expand their IT capacity, and cut infrastructure costs – such as the cloud offers. Indeed, many financial services are already running tests in the cloud; which bank will be the first to take the full plunge remains to be seen.

But the question on every board member’s lips when the topic of innovating legacy systems is raised is: ”Will the potential disruptive risk outweigh the benefit?“

What risk does outsourcing to the cloud pose to banks?

Immediately, control is a concern. Who controls the data? Traditionally, there has been a degree of distrust where third parties are concerned due to any number of cyber threats and compliance to outmoded regulatory rules. With GDPR just around the corner, this will be all the more key to the decision to move operations to the cloud. However, Open Banking and the brain drain of in-house expertise has chipped away at this concern, giving rise to greater collaboration.

Banks must comply with strict and regular auditing of third party providers and subcontractors as required by EU law. With that said, as of December 2017 the EBA has released its more flexible recommendations of pooling audits, third-party certifications or internal audit reports made available by the third party.

Another concern, briefly alluded to in this article, is the difficult situation that IT departments find themselves in. A recent report revealed that 75% of financial services CIOs are concerned with the rising complexity of new technologies and the associated time taken to troubleshoot any issues that arise; some 30% of IT departments’ time is spent on this alone, to the tune of $3.8m every year. 

The growing demand for Cloud Virtual Desktop Infrastructure (VDI)

The same report estimates that 97% of CIOs expect to have adopted hybrid-cloud solutions by the end of 2018, whilst DaaS (Desktop-as-a-service) solutions are set to grow 43% by 2020, and VDI by 11.31% in the same timeframe.

Part of the move by financial services into cloud adoption is placated by more sympathetic regulators, as well as the continued improvements to the global ISO and NIST standards. As per both standards, implementation of protocols as along with the associated interdepartmental vertical of understanding goes some way to securing data and core systems before an organisation migrates to the cloud. In other words, doing the work beforehand actually solves a lot of the problems.

Virtual Desktop Infrastructure (VDI) is a logical first step for many CIOs. Often seen as a bridge into cloud adoption, outsourcing desktop estates provides low risk and high reward. Modern institutions who simply don’t have the data digesting power in-house often utilise private and/or public clouds, depending on the sensitivity of the data. The next issue becomes data gravity, where in-house applications are retrieving data from the cloud, which creates latency for intensive applications.

The answer is to move the applications to the cloud to sit alongside the data and convert expensive desktop hardware to thin clients. Thin client hardware (such as Chromebooks) is designed for cloud application and cheaper to buy and maintain, reducing IT troubleshooting time. Naturally, alternative more powerful hardware exists for more intensive operations such as AI reporting or trading applications.

Moving desktops to the cloud also works well with the increasing use of secured employee devices (smartphones, tablets etc.) as well as remote working and hotdesking.

How secure is VDI?

When Citrix Cloud and Microsoft Azure announced their partnership, it was with the specific goal of providing an end-to-end (ready to use) secure and compliant cloud VDI solution.

Along with the disaster recovery benefits of using cloud services (i.e. realtime off-premise backup), Citrix on Azure further enhances security by providing organisations with greater control over privileged user access and multi-authentication based in an Active Directory, thus limiting the effects of phishing and particularly ransomware. The non-persistent nature of low-intensity desktops also has a secondary bonus of killing and isolating such viruses at point of reboot. 

As one might imagine, Microsoft is fully committed to ISO and GDPR regulation, in addition to being multi-accredited and audited and generally upholding data sovereignty that lies with the organisation. 

Implementation equals disruption?

Pre-implementation Proof of Concepts are agile and fast, allowing for trial runs to test relationships intra infrastructure and generally get a greater sense of where the enterprise needs better features.

Post-implementation, the award winning Visual Studio from Microsoft requires a low learning curve, resulting in significant reduction in cost and time taken to retrain IT. 

What sort of efficiency can you expect from a Citrix on Azure solution?

Reduced costs As with many other industries, outsourcing is becoming the cheaper and far more effective option. Providing the third parties in question are properly audited and their infrastructure monitored by the client, third parties often have the expertise and specialised vertical to provide a more efficient service. Not only does this offset the human resources associated with the administrative maintenance of in-house infrastructure, it also cuts the CAPEX and OPEX costs of running the VDI estate. In one of our case studies, this was as much as 36%.

Improved IT capacity This is where innovation takes the reins. In and of itself, the base layer of the prerequisite regulatory protocols and a coherent monitoring system leaves the enterprise on solid, secure and economical foundations. The layers to be built on top revolve around the bespoke needs of the organisation in question. For instance, the risk department requires more computational power than customer support; by identifying the traffic, you can allocate accordingly.

On-demand Pay-As-You-Go power can also be hugely beneficial to financial services. As cloud VDI based organisations are no longer dependent on the finite output of their on-premise datacentre, they can access additional power on demand for peak periods. Similarly, the same model means that organisations only pay for what they use.     

Scalability This is possibly the point of departure from simply improving the capacity of financial services’ legacy systems. Cloud VDI solutions, particularly Citrix on Azure, can scale as when the organisation does. This would be perfect for an enterprise with a global workforce, capable of offering a unified platform and suite of applications and services.   

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development