Many financial organisations have dived head first into cloud migration. At the Cloud Banking Europe conference, senior bankers and IT executives explained the need for cloud processes to deliver competitive and fast services as banks strive to stay relevant. Slow and steady wins the race. Anna Milne writes
Financial service institutions need to realise that putting their business on the cloud does not have to happen in one fell swoop. Rather, it is better simply to start by putting innovation and new processes on the cloud.
Today’s Application Programme Interfaces (APIs) are such that it is quite easy to lay new cloud processes on top of legacy systems. Indeed, new applications and processes should automatically go into the cloud and functions running in a stable and static way, on written-down infrastructure, be left where they are until there is a pressing need to move them.
"If your competitors are coming up with cloud based better alternatives, this might speed the end of life for certain processes, and therefor build a business case for moving them to cloud. Currently, migration tends to be driven by the business case. Efficiency alone- although this inevitably leads to a solid business case- has not been a significant driver," says Anne MacRae, head of financial services at Fujitsu.
Some financial organisations have jumped in wholesale and have set themselves up for very expensive and lengthy cloud migration.
"I question whether that was the right choice. The way to go is to take innovation into the cloud and legacy migration in a managed way, gradually, over time. Where an app comes to end of life, tackle it then. It will be a very long time before core banking platforms get put into the cloud and actually the customers don’t want their banks to put their core banking platforms in the cloud."
Getting around security concerns
You need different conversations with Tier 1 organisations and quite another with smaller ones. Predictably, the difference tends to come down to Tier 1 organisations having ingrained die hard attitudes towards change- based on fear, mainly. They have mature procedures and long-developed approaches to security; they need to look at facts intellectually in order to break down security concerns.
There are three main aspects to security concerns, says MacRae. Firstly, around the security within the design of the cloud- data centre-type security built into servers. Secondly, around security by default- how that solution is being deployed; and thirdly, concerns relating to where that solution is deployed. The only concern which is different in a cloud solution to an on-premise solution is the last one.
"Then we ask why-is it because you think the regulators won’t like it there? If so, either go and look at regulation or ask the regulator. It’s about instilling a problem-solving mind-set," says MacRae.
It seems banks look for obstacles rather than solutions. Smaller organisations tend to be open to the idea that things are safer in the cloud than on-premise. But of course there is the very valid fear of redundancy, which, for all the conferences and vendor efforts to convince the industry to transform their operations, is possibly the one main obstacle as yet insurmountable.
"People do hide behind security concerns, as an excuse to not want to lose their job," says MacRae.
"Banks should be creating a community cloud- there have been attempts by some of our competitors to set this up. I genuinely don’t know why they haven’t been successful. There is evidence of FS organisations collaborating on other types of utility- where there’s a business imperative to do so, for example, collaborating to manage exchanges. Cloud would be for the benefit of efficient business and it’s done in retail where they share servers with for example Marks and Spencer sitting next to Boots. It would work well with businesses that have different burst capacities. Retail has a demand at Christmas time and banks at the end of the financial year- around March for many. A shared cloud would work well between businesses of these sectors."
What will and what won’t work- why aren’t banks jumping into cloud?
Security concerns are very real, but most of the time apprehension comes from the fact organisations seem to perceive it as an all or nothing move, which of course involves huge amounts of cost and risk. No CIO wants to take on such a level of risk.
However, IT is changing and with that, maturity is coming in. CIOs are beginning to see cloud as a very relevant enabler for where they want to drive the business without having to consider taking the legacy infrastructure to cloud at the same time. Providers are beginning to offer APIs, which sit in the cloud but straddle both legacy and cloud platforms.
"There will always be a place for on-premise and private cloud, which is where core banking platforms will end up. New challenger banks are putting core processes into on-premise private cloud, it’s a more agile functionality within your computers and storage. It is entirely contained wthin your network so security risks are not the same.
When banks are working with both legacy IT and cloud-based IT, there is a risk of exposure to hackers because the technology is being delivered in a way it wasn’t intended.
"Over time most of the cloud stuff will become commodity, and different providers’ solutions will look the same. The differentiators will be around location- is there the global footprint?" says MacRae.
It will also come down to the providers’ ability to manage a brokerage layer (cloud integration layer) and its trustworthiness.
"When you engage a cloud provider you assess their appetite for risk and some of that risk comes by means of pricing- the risk in the technology, the capital outlay, and the level of business risk. I have heard complaints from financial organisations about a lack of differentiation within cloud providers’ commercial models- the pricing and the risk profile that the cloud providers are willing to accept. Providers need to be upfront about this when pitching for business."
At the same time, when clients go to market it is often still the old questions they ask- some of which are no longer applicable. Then they get nervous when something is too innovative, and they don’t want the supplier to have the upper hand on the commercials. So it’s difficult to get the right balance but the more it is talked about and questions are asked, the more a considered business case may be forged.