Financial services companies are struggling to keep up with rapid technology changes across the industry (i.e., FinTech). Adopting cloud services is one way larger companies have adapted their technology approach, but many are not realizing the full value of the cloud. We’re exploring cloud adoption in the financial services industry, and this post highlights the most common challenges companies face when adopting cloud services.
The first concern of any financial services company when considering a cloud migration is security and compliance. No industry feels the weight of this concern more than financial services with heavy regulation from the likes of the SEC and FINRA. To highlight the potential impact and significance of data breaches in financial services, 143 million records were compromised in the Equifax data breach, implying that every American household was affected. Many companies, in an industry where highly confidential data is used and compliance is paramount, embrace the misconception that the public cloud is not secure enough to handle their data.
The biggest challenges for financial services companies facing a cloud migration are:
Security, regulatory, and compliance concerns
Excessive technology “debt” and lack of consistent, enforceable processes in the cloud
Lack of executive sponsorships and a clear cloud strategy
Inability to accurately estimate, forecast, and manage the total cost of ownership
overcome security & compliance fears
Fears around security and compliance are the number one obstacle facing an organization’s cloud adoption. The most common security concerns here relate to multi-tenancy. Multi-tenancy refers to the storage of data on the same servers as other companies, even competitors in the same industry. However, fears surrounding multi-tenancy are largely misplaced and stem from an outdated understanding of cloud solutions.
“The majority of the perceived cloud security risks in Financial Services today stem from the negative experiences of early adopters who selected aspirational, ungoverned solutions from nascent providers who were unprepared for the scrutiny related to financial data and service,” says Ben Mead, Principal Architect in the Cloud and Infrastructure Services Practice at Credera. In reality, today’s mainstream cloud IaaS providers (e.g., Microsoft, Amazon, Google, etc.) have made a multi-tenant environment safe and compliant. With the latest security measures, cloud applications have achieved compliance with the most stringent industry regulations, including Sarbanes-Oxley, GLBA, NYDFS, and GDPR.
Cloud service providers even offer specific certifications related to financial services. Companies looking to move to the cloud should ensure their cloud provider has SOC 1, 2, and/or 3 reports. To obtain these reports, cloud providers are required to pass a rigorous auditing process with regards to safety and security. These standards are considered necessary for companies with confidential data.
effectively execute your cloud migration
Once a company accepts the fact the cloud can securely house its data, it must move on to how to technically execute the move. This is often where organizations hit a roadblock. Technical debt, or inefficiencies and limitations created by outdated or irresponsible technology decisions, can inhibit technological innovation and paralyze a company’s ability to meet strategic business objectives (e.g., mobile banking, analytics/reporting, time-to-market).
For Deutsche Bank, years of neglecting infrastructure upgrades in favor of customer-facing moves resulted in 35% of the hardware in its data centers reaching the end of its lifecycles or beyond. In fact, neglecting to upgrade server infrastructure can cost IT organizations up to 39% of peak performance, add up to 40% in application management costs, and up to 148% in server administration costs. This sort of “kicking the can down the road” would not be possible in a cloud environment, where a third party manages and upgrades hardware for you.
Identifying technical debt and establishing a clear remediation plan with measurable milestones is a must before taking on a full-scale cloud adoption. To be clear, adopting cloud services without optimizing your existing technology stack will not be effective. Companies must optimize their applications and minimize technical debt in concert to avoid costly IT sprawl and high maintenance costs.
establish an enterprise-wide cloud strategy
An enterprise-wide cloud strategy with executive sponsorship is an absolute must for successful cloud adoption. While this may seem obvious, less than one-third of enterprises have a documented cloud strategy. Without a clear cloud strategy that supports the overall corporate strategy, cloud IT initiatives are destined for failure.
One way that a cloud strategy manifests itself is in the form of “cloud playbooks.” A cloud playbook defines the necessary set of policies and procedures for cloud usage, based on the characteristics of the data or application. Effectively implemented playbooks are instrumental in operationalizing an enterprise cloud strategy. Additionally, a cloud strategy, or cloud adoption program, should include a legacy application portfolio modernization strategy. If a plan for modernizing legacy applications is not defined, cloud-focused efforts can be sidetracked by costly time spent on maintaining older systems. Effective cloud governance processes improve velocity and consistency of IT project validation and approval.
understand the financial impact
Financial services firms may overcome all obstacles to cloud adoption, but if chief financial officers cannot justify the ROI, no progress will be made. Each of the major cloud service providers has monitoring and reporting services built-in that make forecasting and tracking cloud costs a feasible task. While there are many ways to calculate ROI in cloud computing, valuable metrics to track include: system availability, reliability, response time, IT capacity, and latency, among others.
Meanwhile, another organizational hurdle that must be overcome is the switch from a CapEx to an OpEx IT expense model. In an on-premise model, chief information officers invest in expensive IT hardware every few years and depreciate these assets over the useful life. Upon switching to a true cloud model, these capital expenditures are replaced with monthly payments to a cloud provider based on the number of services used. While this shift has many benefits and risks (e.g., tax implications, budget paradigm shifts, etc.), it is imperative to consider the total cost of ownership prior to making any cloud move.
cloud challenges can be overcome
Cloud services certainly pose challenges: security and compliance fears, removing costly technical debt, gaining strategic executive sponsorship, and managing cloud costs. Still, financial services companies that manage to overcome those challenges will be well positioned as industry leaders in the years to come.
In the next installment of this series, we’ll explore more in-depth the benefits companies can achieve when implementing a cloud migration.
Trying to develop your financial services firm’s strategy and approach for a cloud migration? Working to implement security processes or enhance cloud governance policies within your current cloud environment? Navigating an integration between multiple cloud environments? Reach out to us Credera to find out how we can help.