Adopting the cloud is an essential part of your financial institution’s digital transformation. Many of your peers in the financial services industry struggle to strike a balance between the opportunities and challenges that cloud technologies present. The cloud’s many benefits — including cost-effectiveness, easy maintenance, and high scalability, among others — are driving its growth. With the risks cloud computing poses to financial institutions, it’s important to address security issues now to keep data safe and better facilitate regulatory compliance.
This shift toward cloud computing will continue to increase as cloud technology accounts for a significant portion of the financial services industry’s investments. The financial services industry will spend $16.7 billion on public cloud services in 2018 and is expected to achieve a 23 percent compound annual growth rate by 2021, according to the IDC’s 2018 Worldwide Semiannual Public Cloud Services Spending Guide.
Let’s look at the advantages and risks of cloud computing for financial institutions, as well as success stories of financial firms using the cloud and ways to leverage cloud technology while protecting data.
Cloud Computing for Financial Institutions: Advantages and Risks
Today’s financial institutions have been using cloud applications for business processes such as CRM, HR, analytics, and financial accounting. By 2020, your peers in the financial services industry will use the cloud to power core activities and services in credit scoring, consumer payments, and statements, according to PwC’s Financial Services Technology 2020 and Beyond report. Indeed, cloud computing will continue to play a major role in the future of the financial services industry.
So what can financial firms gain from expanding their adoption of cloud computing? Here’s a quick rundown of both the benefits and risks for financial institutions looking to build up their cloud-based approach to streamline operations:
Reduced costs: Financial firms can cut down on IT infrastructure and hosting costs with cloud-based platforms that store and process data in the cloud. By 2019, the biggest global financial institutions are forecast to save $15 billion and lower technology infrastructure costs by 25 percent from cloud adoption.
Increased agility: Hosting applications like online banking and mobile banking on cloud-based platforms enables financial institutions to quickly release new versions and functionality upgrades for their applications. This makes it easier than ever for firms to keep pace with changing customer demands.
Improved scalability: Financial firms can use the power of the cloud to process large amounts of transactions within seconds. This gives financial institutions the opportunity to scale up swiftly and provide faster and improved service to their customers.
Better business continuity: Financial institutions can rely on the cloud for immediate access to data in the event of a natural disaster, power failure, or other crisis. They also reduce their risk of data loss for applications and services hosted on the cloud because of networked backups and hardware- and software-level redundancy.
Despite these advantages, cloud computing also presents a few risks. These risks can make it challenging for financial institutions to transition to a cloud-based model:
Security and privacy risks: Entrusting data to cloud service providers puts your financial institution at greater risk. When data is in the hands of a vendor, it’s difficult to ensure that it’s safe and secure. Additionally, the cloud’s extensive reach increases the attack surface, and data on the cloud becomes more vulnerable to security hacks and data breaches.
Limited control: Firms may retain control of their applications, data, and services on the cloud but may find themselves having less control over their cloud-hosted infrastructure. Cloud providers might impose limits on what organizations can do with their deployments and firms may not have access to perform key administrative tasks on the backend.
Compliance issues: Some cloud-based platforms may not adhere to the stringent regulations that financial institutions comply with. Data storage also becomes an issue because data may be stored in multiple data centers located in different geographic areas, making it more difficult to comply with location-specific data regulations.
It’s important for financial institutions to weigh their options and learn from the cloud implementation experiences of other firms.
Cloud Computing Success: Financial Institutions on the Cloud
A number of financial institutions have embraced the cloud and adopted a cloud-based approach for their specific needs. Here are examples of financial organizations that have successfully adopted the cloud:
- Capital One: This U.S. bank was one of the pioneers of cloud adoption. They started experimenting with the cloud in their innovation lab and eventually partnered with Amazon Web Services (AWS) to develop and test their online banking services and mobile banking application that now runs on the cloud.
- J.P. Morgan: This established financial institution has moved two of its applications in wholesale trading and another application in risk modeling to public cloud infrastructure. But before doing so, J.P. Morgan carefully assessed the capabilities, economics, and technology roadmaps of large public cloud vendors. The firm also has its own private cloud for use in developing other applications.
- Liberty Mutual Insurance: This insurance company leveraged cloud technologies to build a cloud-based platform for group benefits and individual life and annuity operations. The insurer employed a core software platform combined with AWS to deliver the cloud solution within only nine months.
- Depository Trust and Clearing Corporation (DTCC): The DTCC started using the cloud in 2012, launching a real-time price dissemination application for its global trade repository in the cloud. Since then, the DTCC has moved some of its internal systems to the cloud and is planning to employ the cloud for core financial transaction processing.
- Financial Industry Regulatory Authority (FINRA): FINRA uses the power of the cloud to store and process billions of transactions daily. Because of the cloud’s analytical capability and scalability, the regulatory organization was able to handle a peak volume of close to 99 billion records in February 2018.
The success of these firms shows that with the right approach, financial institutions can leverage the cloud to fulfill their needs and provide them with innovative opportunities for growth.
Best Practices in Cloud Computing for Financial Institutions
Cloud computing success depends on a financial firm’s knowledge and understanding of the cloud environments it uses while also ensuring data is secure. Here’s how financial institutions can adopt the cloud while keeping data safe:
- Explore your expanded cloud computing options.
Determine what service model (SaaS, PaaS, IaaS) and deployment model (private, community, public, hybrid) will best fit your organization. For instance, firms may want to start with a private cloud solution to break out of their legacy, on-premises systems. Then, they can eventually move to a hybrid cloud or a public cloud to scale up and support new architecture and technologies.
When looking into cloud vendors, evaluate the soundness of their data protection strategies and security practices. Conduct an assessment to find out how they meet your requirements and identify any risks or issues. The FFIEC has valuable guidance on key elements of outsourced cloud computing.
- Continue to prioritize data security and privacy.
It’s necessary for all security measures applied within a financial institution’s network to also be implemented on cloud environments. This includes employing the principle of least privilege for data access and management on the cloud, encrypting data while it’s processed and stored on the cloud, performing penetration tests on the cloud environment, and intrusion detection and prevention management.
Verify that these measures are in place on your cloud platforms and consider using cloud access security brokers to enforce security policies between your firm’s users and cloud applications. The Cloud Security Alliance also has helpful security guidance for critical areas of focus in cloud computing. It’s also important to validate that the data storage and retention controls and procedures of cloud vendors follow applicable regulations, such as those required by the GDPR in relation to accessing and deleting personal data. Financial institutions may also need to store critical data on premises instead of on the cloud to comply with location-specific regulations.
- Conduct periodic audits of your cloud security stance.
Evaluate the effectiveness of your cloud provider’s security controls through periodic audits. Your organization may need to work with cloud providers to meet existing and new compliance requirements and continuously monitor compliance with these requirements.
It’s also essential for firms to perform annual disaster recovery testing with cloud providers. Test failover and disaster recovery to identify any interdependencies, keep recovery strategies updated, and ensure business continuity.
With the right knowledge and proper implementation of best practices, financial institutions can leverage cloud technology while keeping data safe and secure.
Trust DataComm to keep your financial institution’s data safe by using our world-class data protection solutions. Our team of experts can help your organization uncover the best ways to secure your applications. Contact us today to find out how we can help.