Do Banks Like Public Clouds?

Xavier Bellouard, Managing Director, ActiveViam

In the past, banks have not been eager to adopt public clouds, with security issues topping the list of potential risks to the biggest financial institutions in the world.

However, things are now moving forward, with the European Banking Authority issuing guidelines on how to outsource and supervise public cloud environments effectively.^[1]

At ActiveViam, we wanted to know how interested banks now were in public clouds, commissioning a report titled “Are Banks Really Ready for Cloud?”.Within this report, we explore four key areas:

• Budgets and the number of public cloud projects going on
• The sticking points preventing public cloud migrations – what is the main obstacle?
• Which use cases should be moved to public clouds
• If jobs are at risk as a result of public clouds

In speaking to some of the world’s biggest banks and their consultants about these topics, we now know the state of play for public clouds in banks.

Here are some findings.

Public cloud budgets are on the rise

Xavier Bellouard

Banks are indeed ramping up their use of public clouds in 2018. Interestingly, budgets are increasing by up to 70% in the next two years to cope with the initial spin-up fees. Up until now, many banks have not catered for public cloud usage within IT budgets, meaning the demand is initially high for hardware rental, as certain public cloud projects get underway.

The pace at which public cloud projects are going on varies across the bigger and mid-size banks. Each bank is doing something different. On the whole, respondents believe IT budgets for public cloud projects will rise by 6 to 10% in the next two years.

 GDPR and general compliance will cause a slowdown in public cloud migrations

The risks posed by data leaks and general compliance challenges, including complying with the General Data Protection Regulation (GDPR) are highlighted as the main things working against public cloud projects, with over half of interviewees stating compliance.

But the GDPR does offer some solace. If there is a data breach and unencrypted PII should leak under the GDPR, local data protection regulators need to determine where the fault lies: at the bank, the vendor, or the vendor’s subcontractors. With the GDPR coming into force, there is just as much penalty emphasis on the vendor (the “data processor”), as there is on the “data controller” (the bank). This has not been the case previously: the bank would be fully liable. Because of this change to how data privacy regulations work in Europe, there are now equal incentives for banks and their cloud providers to prevent data breaches.

All of this makes using public clouds more appealing.

Risk use cases are a popular public cloud guinea pig

Recently, the European Banking Authority (EBA) released Recommendations to banks for supervising outsourced cloud projects, including guidance on data processing and auditing.^[2] The one issue banks are still struggling to determine, despite the guidelines, is which use cases are suitable for public cloud. In our survey, 64% of respondents believe we will see more risk-related use cases migrated to public cloud from the banks, such as Market Risk and Counterparty Risk.

Conversely, 40% respondents believe there is no use case just suitable for private clouds, which opens up more opportunities for use cases involving Personally Identifiable Information (PII) and sensitive company information.

 Public clouds do not mean job losses, just a skill adjustment

If more public clouds projects are in play, banks need less people in the traditional installer roles. These individuals are likely to be swallowed up by the cloud vendors to help manage the big customer accounts if they don’t adapt their skills to the changing climate. Instead, banks need more coders, information security specialists, and individuals with service management backgrounds.

Over the next few years, you will see more ‘baby steps’ while banks get to grips with their compliance challenges. In the interim,there will be more use cases in public clouds that do not involve certain data types. These use cases will be prioritised as the perfect ‘guinea pigs’ in the next two years, until banks are ready to embrace public clouds fully.

[1]https://www.eba.europa.eu/documents/10180/1712868/Final+draft+Recommendations+on+Cloud+Outsourcing+%28EBA-Rec-2017-03%29.pdf

[2]https://www.eba.europa.eu/documents/10180/1712868/Final+draft+Recommendations+on+Cloud+Outsourcing+%28EBA-Rec-2017-03%29.pdf

Xavier Bellouard, Managing Director, ActiveViam

In the past, banks have not been eager to adopt public clouds, with security issues topping the list of potential risks to the biggest financial institutions in the world.

However, things are now moving forward, with the European Banking Authority issuing guidelines on how to outsource and supervise public cloud environments effectively.^[1]

At ActiveViam, we wanted to know how interested banks now were in public clouds, commissioning a report titled “Are Banks Really Ready for Cloud?”.Within this report, we explore four key areas:

• Budgets and the number of public cloud projects going on
• The sticking points preventing public cloud migrations – what is the main obstacle?
• Which use cases should be moved to public clouds
• If jobs are at risk as a result of public clouds

In speaking to some of the world’s biggest banks and their consultants about these topics, we now know the state of play for public clouds in banks.

Here are some findings.

Public cloud budgets are on the rise

Xavier Bellouard

Banks are indeed ramping up their use of public clouds in 2018. Interestingly, budgets are increasing by up to 70% in the next two years to cope with the initial spin-up fees. Up until now, many banks have not catered for public cloud usage within IT budgets, meaning the demand is initially high for hardware rental, as certain public cloud projects get underway.

The pace at which public cloud projects are going on varies across the bigger and mid-size banks. Each bank is doing something different. On the whole, respondents believe IT budgets for public cloud projects will rise by 6 to 10% in the next two years.

 GDPR and general compliance will cause a slowdown in public cloud migrations

The risks posed by data leaks and general compliance challenges, including complying with the General Data Protection Regulation (GDPR) are highlighted as the main things working against public cloud projects, with over half of interviewees stating compliance.

But the GDPR does offer some solace. If there is a data breach and unencrypted PII should leak under the GDPR, local data protection regulators need to determine where the fault lies: at the bank, the vendor, or the vendor’s subcontractors. With the GDPR coming into force, there is just as much penalty emphasis on the vendor (the “data processor”), as there is on the “data controller” (the bank). This has not been the case previously: the bank would be fully liable. Because of this change to how data privacy regulations work in Europe, there are now equal incentives for banks and their cloud providers to prevent data breaches.

All of this makes using public clouds more appealing.

Risk use cases are a popular public cloud guinea pig

Recently, the European Banking Authority (EBA) released Recommendations to banks for supervising outsourced cloud projects, including guidance on data processing and auditing.^[2] The one issue banks are still struggling to determine, despite the guidelines, is which use cases are suitable for public cloud. In our survey, 64% of respondents believe we will see more risk-related use cases migrated to public cloud from the banks, such as Market Risk and Counterparty Risk.

Conversely, 40% respondents believe there is no use case just suitable for private clouds, which opens up more opportunities for use cases involving Personally Identifiable Information (PII) and sensitive company information.

 Public clouds do not mean job losses, just a skill adjustment

If more public clouds projects are in play, banks need less people in the traditional installer roles. These individuals are likely to be swallowed up by the cloud vendors to help manage the big customer accounts if they don’t adapt their skills to the changing climate. Instead, banks need more coders, information security specialists, and individuals with service management backgrounds.

Over the next few years, you will see more ‘baby steps’ while banks get to grips with their compliance challenges. In the interim,there will be more use cases in public clouds that do not involve certain data types. These use cases will be prioritised as the perfect ‘guinea pigs’ in the next two years, until banks are ready to embrace public clouds fully.

[1]https://www.eba.europa.eu/documents/10180/1712868/Final+draft+Recommendations+on+Cloud+Outsourcing+%28EBA-Rec-2017-03%29.pdf

[2]https://www.eba.europa.eu/documents/10180/1712868/Final+draft+Recommendations+on+Cloud+Outsourcing+%28EBA-Rec-2017-03%29.pdf