Are banks buying into public clouds?
Globally, authorities and regulators are starting to care more about public clouds, recognising there’s a trend among banks to outsource to cloud environments. Most recently, the European Banking Authority (EBA) – following the example of other countries such as Singapore – ran a consultation in Europe with a view to providing guidelines on how banks should supervise cloud environments.
However, even with the guidelines, there’s still uncertainty around which use cases are best for public cloud projects. Instead, banks are dipping their toes in with certain projects, in the hope their compliance teams don’t say “no you can’t do that”.
So, are banks at a turning point, or are there more important things to worry about?
In a recent report commissioned by ActiveViam, interviewing banks and their consultants, over half of respondents were already using public cloud services, or are aware of public cloud services being used by another line of business in the bank. And 64% of respondents intend to migrate certain systems to public clouds in the next two years, or are aware of their banking clients doing so. With that in mind, it seems they are very popular indeed. But just how popular compared to the millions of other priorities in banks right now?
The pace at which public cloud projects are going on varies across the bigger and mid-size banks. Each bank is doing something different. On the whole, respondents believe IT budgets for public cloud projects will rise by 6-10% in the next two years, however some individuals inside the banks have stated that certain projects have warranted a budget increase of up to 70%. This may be because they were very low in 2016 and 2017, meaning additional funds are required to cope with the initial spin-up fees.
But, compliance is still the biggest area preventing public cloud projects from going ahead. According to the same report, it seems compliance is the number one priority for banks in 2018. Compliance teams are under increasing stress as the General Data Protection Regulation (GDPR) came into force on the 25 May, monitoring EU citizen data. This impedes the progress of public cloud projects in banks for a number of reasons. Personally identifiable information (PII), which is the focus of GDPR – is arguably at greater risk if stored in public clouds. This is because of the open nature of public clouds – other banks and the general public can share the same servers, and therefore banks have to relinquish control to the vendors.
For this reason, there is reticence to move PII and sensitive tier one information to public clouds, such as a banks’ financial statements and results. This means other projects that require a lot of processing power behind them are being prioritised for public clouds, as long as tier one data isn’t involved.
Risk use cases, for example, are huge consumers of infrastructure and are suited to public cloud environments – banks often have thousands of servers that run grid-compute, meaning they are a good use case for public clouds. If a regulator asks a bank to run more stress scenarios, it can be more elastic and deploy an extra 500 or so servers in the public cloud. It is an ideal scenario whereby the risk business unit can control what they need, when they need it and if they need more, while saving money. Operating costs decrease in simply because business units “pay as they go” at the point of demand and decline.
It’s not just the use cases that are being looked at closely, though. The traditional installer and network roles are getting re-tooled. Banks need less installers, and more coders, information security specialist and individuals with service management backgrounds. Now, this does not mean jobs are necessarily at risk; it’s more that employees may need to adapt their skills. If traditional infrastructure specialists are willing to do this, they are likely to move to new roles within a bank. If not, you will see the cloud vendors acquiring these candidates from the banks to help manage the bigger customer accounts instead.
Over the next few years, you will see more “baby steps” while banks get to grips with their compliance challenges. In the interim, there will be more use cases in public clouds that do not involve certain data types. These use cases will be prioritised as the perfect “guinea pigs” in the next two years, until banks are ready to embrace public clouds fully.
By Xavier Bellouard, managing director, ActiveViam