Major banks are increasingly interested in commercial cloud platforms, but networks of interconnected legacy systems and concerns over data security will continue to see a layered hybrid approach, say market participants.
“When we started engaging with customers, we imagined from the outside looking in that it would be a tough sell to get regulated financial services firms to use commercial cloud-based platforms,” says Steve Cook, CTO of Form3. “In fact, we were met with very little resistance. Something that has happened increasingly in the past 12 to 18 months is that major banks have started to see how fast challengers in the market are moving.
“Many of the new challenger banks and fintechs are born in the cloud, so if you look at the likes of Starling Bank, Monzo and some of the some of the payment providers like TransferWise they’re a cloud generation of companies. They have a preference to working with cloud vendors, and there is clearly a synergy there.”
UK challengers Starling Bank and Monzo currently run on Amazon Web Services (AWS), while the former is also deployed on the Google Cloud Platform for payments. Peer-to-peer money transfer firm TransferWise signed for AWS in 2017.
“[For large banks] it's really more a mobilization I think they need to go through,” says Cook. “Obviously that lead time is going to be a lot different if you’re a major high street Tier 1 that has 500 or more interacting systems, many of which are potentially decades old.
“If you look at their technology environments, they’re typically running a whole basket load of different technologies, which are often in different data centres on different pieces of kit. That’s a huge amount of technology to maintain as it is.”
According to data from Kaspersky Lab study released earlier this month, 21% of firms have moved sensitive customer data to the cloud. 91% of enterprise-level companies had experienced a data breach affecting the public cloud infrastructure they use, usually via social engineering from cybercriminals. 39% said that they were worried about incidents that affect the IT of a third-party cloud provider.
Alex Boothroyd, senior banking fraud solutions specialist at SAS UK and Ireland, says that risk management is always about a layered approach of multiple technologies. “There will always be a combination of capabilities attached to whatever environment is being used. I’m not sure that financial institutions would ever move to a completely unified environment where things are hosted entirely remotely in the same environment as multiple other financial institutions.
“There are complexities in every technology environment. What we do see is that most financial institutions, or at least the majority, now actually have their security solutions managed on premise. However, they may also be tied to a cloud-based infrastructure where data sources are being aggregated.
“There could be an argument to say that actually a unified environment where all the data is effectively pulled through gives you a much better environment to monitor risks. You can identify new vectors, identify previously unseen networks of threats. I think there will always be a preference towards having a level of control with the private cloud. But anything can happen, the world moves quickly so I think it’s a case of ‘watch this space’.”
For Cook, there is a clear desire from major banks to move to the cloud. “I think the major challenge will be in creating an implementation plan for how you take those 500 different systems and try to figure out a way to gradually shift all of that into the cloud. This might be why we’ve seen a lot of speedboat projects, where banks have decided to start afresh with a new technology stack which is cloud native and move customers across gradually.”