Banking in the cloud – Is it for the birds?
Consumers’ use of technology—from mobile to wearables—is driving change across many industries as businesses adapt to how their customers want to engage with them. For some time now, financial institutions (FIs) have responded to this consumer-driven environment with innovation in business models, operations, and IT. Cloud computing, a model of computer use in which services stored on the internet are provided to users on a temporary basis, is finding its way back into financial industry conversations. Cloud offers a vehicle for delivering effective collaboration, improved speed, and increased IT efficiency.
Given the security, privacy, and regulatory concerns of cloud deployment, do banking and the cloud belong together? Could it be a way to help FIs compete with nonbank fintech companies such as Funding Circle and Moven that are more agile and efficient? The answer is yes—as a vehicle for deploying solutions. It enables banks to place their customers at the center of the business, focus on digital channels and the user experience, and develop an omnichannel strategy.
In order to gain a beneficial business advantage from cloud computing, FIs must first understand the broad landscape of cloud service offerings and technologies.
Public, Private, Hybrid, Community
According to Gartner, private and hybrid cloud investments, spread across infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) models, account for the overwhelming majority of banks’ cloud initiatives. There are four major types of cloud implementations—public, private, hybrid, and community.
- Public cloud is provided as a service over the internet. The FI is not responsible for maintaining any technology or infrastructure which is kept off-site. This type of cloud is generally the least expensive since the infrastructure is shared with other businesses; however, services can still scale up or down as needed. Security concerns with public cloud loom around who can view data, how that data might be used, firewall changes affecting access, and authentication methods.
- Private cloud, while still acting as a service, is a single-tenant environment where the hardware, storage, and network are dedicated to a single client or company. Private clouds provide the highest security available in a cloud environment and offer more flexibility in terms of capabilities than public clouds; however, these enhancements come at a cost. Security concerns center on where the private cloud is hosted, if not in-house then FIs should look for certifications such as SSAE 16.
- Hybrid cloud uses the strengths of both public and private clouds while minimizing the weaknesses. A hybrid can be custom designed to meet specific needs. For example, FIs can ease security concerns by hosting sensitive customer data on a private cloud while using the public cloud for process-intensive generic activities that have lower security requirements.
- Community cloud represents a form of hybrid cloud that provides industry specific services and compliance. A financial services community cloud would be a shared cloud computing service environment targeted specifically to FIs to address their particular security, privacy, regulatory, and performance concerns.
Many large institutions are taking their first steps into private cloud as preparation for use of a public cloud. This approach gives staff experience with cloud architecture and its associated impacts while retaining control to minimize risk. Others such as JPMorgan Chase and Goldman Sachs are moving applications to the cloud with use of container software that can provide built-in security.
Opportunities + Challenges = Best Practices
The opportunities provided by the cloud come from increased agility, the ability to enter new markets, and speed to market with innovative solutions. All of which result in business growth and reduced costs as more efficient processes evolve.
Challenges arise as decision makers determine where to allocate available IT budgets between on-premise and cloud resources. In support of the relationship between IT and lines of business, many FIs will see a need for reorganizing their IT department to reflect the realities of cloud computing—agility, continuous change, etc. Although security in the cloud is generally reliable and proficient, it could prove difficult to audit.
As FIs take a closer look at cloud to understand the benefits, there are best practices to keep in mind. First, they should seek hybrid solutions that provide a combination of public and private cloud implementations to meet security, privacy, performance, and regulatory requirements. Next, all use of public cloud should be centrally governed to ensure consistency and integrity of operations. A central structure allows FIs to more easily follow the general principles of vendor risk management—assessment, privacy, protection, and storage. And finally, FIs should look beyond the immediate benefit of cost savings to the support of overall business goals to measure the success of cloud.
Leveraging the Cloud
The digital world is generating new consumer needs. FIs can respond by working with digitalization leaders to leverage cloud platforms, when and where it makes sense, to offer customers new value-added services and frictionless user experiences. There is greater openness to multi-tenancy environments and silos are beginning to blur which means cloud-based solutions, shared environments, and multitenant configurations are perceived as less risky and more advantageous than ever before.
If FIs don’t act, nonbank fintechs will move to address these new requirements, and use this innovation to obtain a competitive advantage.