John Finch, the CIO of the Bank of England, warned potential cloud users to be wary of financial promises made by cloud providers and urged them to worry about legal aspects, security, compliance, service level agreements (SLAs) and data scalability while planning out their cloud strategy.
“Do not, do not, do not let the bean counters determine your cloud strategy,” Finch warned delegates at Cloud World Forum in his keynote focusing on the practical realities of cloud computing.
“I may sound like I'm in cloud-denial, but I am not. Cloud can deliver good value and I know of many use cases where cloud has been a real enabler,” Finch said.
“Cloud does genuinely offer the opportunity to burst capabilities, to expand and contract, and it can remove link times and remove the need of building long and complex infrastructures.”
But Finch warned potential cloud users of the “pesky vendors and suppliers”, adding: “If vendors talk to you of the financial upside of the cloud, talk to someone else.”
He advised users to move to the cloud for infrastructure benefits, scalability, to expand the business or to become more agile, but not purely for cost savings.
“Don’t go offshore just to save money, but do it for other things like expanding the workforce. Cloud providers out there will tell you they can change capex [capital expenses] to opex [operating expenses] to save IT costs, but you should work out the best thing for you.
“Another thing to think about is your business model and whether cloud is right for you. Even if your nearest competitor does it, you have to assess whether it will work for you because one size does not fit all,” Finch warned.
Bank of England IT infrastructure
The Bank of England uses a highly virtualised in-house infrastructure that works like a private cloud but is not a cloud. The bank has to deal with real-time settlement systems and critical payments and host as many as 500 million transactions a day, Finch told the delegates.
“We deal with big volumes of data and high-velocity real-time transactions," he said.
But the bank’s approach in overcoming these challenges is virtualisation. “We have highly virtualised storage arrays – this helps us to allow failover and manage huge volumes of data. We are also highly virtualised with our compute, processing and storage infrastructure," said Finch.
“Will we ever be on the public cloud? I don’t know. I don’t want to say never, because that’s a really long time, but we have no plans right now.”
Finch urged users to ask lots of questions around compliance, contracts, security, availability, risks and permissions before buying cloud services.
Think through very clearly and carefully what you are giving away,” he warned. “Understand what’s in the contract – cloud can give you low cost of entry, but will the contract allow you to continue growing at low costs, will it allow you to get out when you want to?”
He pointed out that one big, well-known cloud provider assures UK users that their data is safe and in the same geographical region, yet "it turns out this provider puts data in its Nordic datacentre".
“Now, do you know what Nordic countries’ governments’ rules around third-party data are? And if this provider is an American company, then the US government has the right to seek any data held by that company beyond the US. That’s why users must think very carefully," he advised.
Finch estimated that the bank will use some cloud-like services going forward, but said the Financial Conduct Authority (FCA), the Bank of England and other players are concerned about stability, resilience and cyber security in the cloud era.
“There is no proper guidance at the moment for the financial industry around the cloud, but ourselves and the FCA are now beginning to think about it,” he added.