A discussion with Bill Fearnley, research director for compliance, fraud, and risk analytics at IDC Financial Insights.
This is the third in a guest blog post series by IDC on trusted cloud. This post details a Q&A discussion between Bonnie Kearney, director, trusted cloud marketing at Microsoft and IDC financial insights research director, Bill Fearnley.
Bonnie: Hi, Bill. As an analyst focused on financial services, can you give some perspective on the current role of cloud in financial institutions in a cloud first world? What is driving demand?
Bill: Certainly. A couple of key thoughts come to mind immediately. The shift to cloud is happening now. While not all financial services workloads will move to the cloud, IDC Financial Insights believes that financial firms will continue to increase their investments in cloud architectures to control costs, move to a services delivery model for employee applications and data, and leverage the enterprise datacenter architectures of leading providers.
- Varied deployment for cost control. Because customer records and the firm’s IP and transaction data are very sensitive, financial firms are using the cloud to help lower costs and provide “elastic capacity,” as well as deploying a wide variety of clouds — including private, public, and hybrid clouds — in a variety of cloud deployment options: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
- Relying on a trusted cloud. Key things that financial services customers and regulators care about when moving workloads into the cloud include operational security, protecting customer and employee privacy, and meeting compliance requirements. Also, cloud service providers must be transparent about what they do with the data, who has access to it, and where it resides. Trust is fundamental to relying on a cloud vendor as both employees and customers of financial services firms increase their use of personal mobile devices and expect anytime, anywhere remote access to information and their accounts.
- Data resiliency, availability and reliability are important factors. Cloud providers have built enterprise class datacenters at a global scale to ensure systems, services and operations are functioning at all times. Architected to maintain data availability, data resiliency, business continuance and disaster recovery planning (BC/DR) are critical operational features that customers must look to when choosing a cloud vendor. Ability to choose vendors that offer choice of where data is stored at a regional level is another factor to consider.
- Risk assurance and accountability remain the same. Cloud computing offers substantial innovative benefits, yet financial services customers remain accountable for managing and supervising cloud vendors from a risk assurance perspective. Financial services firms need to evaluate the benefits as well as the trust related investments of cloud service providers as they navigate the journey.
Bonnie: At Microsoft, we place a great deal of importance on our long-term investment in trusted cloud including principled approach to security, privacy, control, compliance, reliability and transparency. Can you give some insight into the relevancy these key investments are likely to have for financial services investigating and investing in cloud service?
Bill: Happy to. In terms of realizing the promise of cloud computing, an area that comes immediately to mind is compliance benefits in the cloud, where the scalable capacity to meet the demands of the business and BI analytics show great promise for helping financial services insure compliance and avoid financial penalties from regulators.
- In compliance and fraud detection and prevention, financial services firms are increasing their use of risk based analytics models for risk scoring, transaction monitory and investigations of compliance and fraud alerts. The cloud provides access to huge amounts of data needed that is scalable for analysts and data scientists. We are now seeing leading firms make this move to cloud, especially for access to market events and pricing data.
- In addition, firms are aggregating large amounts of internal and external data to help comply with regulations such as Anti-Money Laundering (AML) and Know Your Customer (KYC) analysis.
- Analysts use huge data sets to develop and test statistical and analytics models to help detect financial crime and compliance violations often these data sets are also accessed in the cloud.
- When developing investment and portfolio strategies, analysis build portfolios that they believe will provide investment upside for their clients. To test how their strategies might perform in a variety of market conditions, they will “back test” their portfolios over a long time period with large amounts of historical transaction and market data. To the changing data and investment research needs of investment professionals, many firms are looking at providing access to cloud-based market and transaction data that analysts can download as needed to build investment and portfolio back-testing models.
Bonnie: The cloud has the potential to help reduce the compliance burdens for banks. As financial institutions evaluate cloud service providers, what other trust principles are key in their considerations?
Bill: Financial services firms must keep assets and information safe. This includes a continued focus on some key elements:
- Security. Financial firms have a lot of intellectual property (IP) that must be kept secure and protected. In addition to customer records and transaction data, firms have billions invested in proprietary financial models, investment research and development. Firms must protect their transaction data and customer information from threats that could come from customers, employees, contractors or counterparties. For financial firms, a breach can hurt their brand and an erosion of trust in all of their relationships. Cloud service providers with proven experience in data security can help financial institutions combat (and stay ahead of) the growing number and increasing sophistication of cyber attacks.
- Reliability/availability. In addition to security, firms must provide continuous system and data availability, business continuance and disaster recovery (BC/DR) planning to monitor events (e.g., weather and other events) to keep data secure and out of harm’s way whenever possible. Cloud service providers with multiple datacenters can help firms stay out of trouble by moving customer and firm data and workloads away from threats (e.g., natural disasters or political unrest) producing more reliable/resilient service.
- Banks and financial firms with international operations must make data available at the speed of the business and make it accessible to those that need it, so master data management is recommended to help make data accessible (and protected) and how it is managed and configured internally is important.
- Privacy and control. The control of information and privacy are paramount to maintaining trust in financial services. Financial firms know how and where money is spent and invested which gives them “privileged access to information” so they are responsible (and liable) for maintaining customer privacy. Firms must have control and access to their data at all times, especially in these times when financial regulations and data security in financial services is making headlines.
- Transparency. It’s important that cloud vendors are transparent about where data resides at a regional level, and what they do to keep it safe and secure. Increasingly, regulators are inspecting data, analytical models and financial firms Governance, Risk and Compliance (GRC) policies and procedures around data and data management, especially accessibility and security of customer and compliance information.
- Compliance. International firms have to comply with data usage rules and regulations, and cloud providers can help firms make sure they are compliant with data management and data security rules and regulations that often vary from country to country. Access to data is key to innovative analytics, especially for data scientists and analysts to do queries, build models and run tests on analytical models.
- Choice. For some customers, the need to choose a cloud vendor that offers flexibility and choice of workloads, both private hosted cloud, hybrid and multi-tenant is important depending upon the types of data it puts in the cloud and its risk appetite to manage more critical workloads and data in a multi-tenant environment.
Bonnie: Thanks for your insights Bill. Any final thoughts for our readers?
Bill: Thank you Bonnie. I would like to end with a few concluding points:
- Financial services firms are increasing their investments in the cloud to provide new applications and data as a service to their employees and partners.
- Trust is paramount to relationships that firms have with customers, employees, counterparties, partners and investors. Firms are being very selective in their network, software, services and applications vendors when making cloud investments and successful cloud service providers will need to continue to invest in security, data privacy and data management, regulatory compliance, and transparency to establish and maintain that trust.
- As financial firms move to cloud, they must continue to adhere to strong risk assurance programs and maintain appropriate oversight and control of the cloud vendor.
- Regulations have not kept pace with the speed of innovation in the cloud, yet so long as customers meet their risk assurance obligations with cloud vendors, financial services regulators will watch carefully, but are unlikely to stop, adoption of cloud given the market has already moved in this direction.
To learn more, visit the Trusted Cloud website.