In this guest post, Ashish Gupta, BT’s UK president of corporate and global banking financial markets, shares his views on how the banking sector should go about embracing cloud.
The need to scale – add more customers, trade new asset classes, expand locations – at speed has overcome the financial services sector’s initial reluctance to use cloud services. What’s more, the flexibility of cloud-based resources and services is an attractive alternative to the expense of owning and running large datacentres.
When talking cloud, the first question is always about security. Just how secure can customer data and commercial operations be when stored on someone else’s infrastructure? The short answer is: very secure indeed. Cloud services should be at least (if not more inherently secure) than their in-house equivalents.
However, the absence of industry-wide standards and the ease with which an individual department or business unit can sign up to the cloud mean some organisations are using cheaper, consumer-grade cloud services that could leave them vulnerable to security breaches.
A piece of research by BT exploring attitudes and levels of preparedness towards distributed denial of service (DDoS) attacks found more than a third of financial services organisations admit using mass market cloud services. Others may not even know they are.
Innovation is key to success
Of course, one of the great positives about cloud computing is that it encourages innovation, helping to build a more responsive, agile organisation. But if allowed to flourish uncontrolled, so called ‘shadow IT’ can open up a host of problems.
As such, banks and financial services companies need to know where their customer data is at all times, and details about how it is being handled. They need to be sure that an external cloud service isn’t going to leave the door open to malicious activity and DDoS attacks.
For the CIO, the challenge is how to let the organisation exploit the choice and flexibility of on-demand services without compromising corporate security or contravening regulatory requirements.
A CIO must – somehow – exercise a degree of control over the whole varied and shifting cloud estate.
Specialised cloud services for the financial community are part of the solution; they provide a highly secure ecosystem that connects thousands of applications and services with users worldwide. But what about your broader enterprise cloud applications? They also need to be secure.
The answer is to roll all your distinct cloud services – public, private and hybrid – into one single cloud that you can manage and secure centrally.
Adopting this type of approach without the support of an external service partner is quite a big task, even for the most experienced of IT professionals. The pragmatic CIO will look for an expert partner, such as an independent global network provider with skills in connectivity, security and integration.
Or, as industry analyst Ovum puts it: “Enterprises are increasingly likely to discriminate toward cloud service providers with combined datacentre and networking orchestration skills as their trusted brokers across hybrid clouds.”
Bursting the cloud of uncertainty
Centralising control with this type of strategy will help build security into the whole cloud environment, so employees (or customers) will to be able to connect securely from anywhere on any device to any service.
There’s no reason why mobile devices cannot be as secure as a desktop PC with the right controls. So cloud-based proxy servers let users connect securely via the internet from wi-fi, fixed and mobile lines.
You can remotely lock down the microphone and camera on smartphones so they can be used securely on the trading floor. Your own app store gives you control over what your users can download and use over the cloud.
Financial regulators including the SEC and the Financial Conduct Authority are taking a keen interest in cyber security. Taking a an approach like this will help financial services companies demonstrate that they understand the operational risks of cloud computing and have the right measures in place for secure trading and to protect data. For business, it offers the best of both worlds: the freedom to innovate, in a secure and compliant environment.