You are on page 1of 3

think tank

Host your Cloud

Nitin Mishra stresses on the benefits of cloud computing for


financial services

eading financial service organisations are today more


readily adopting Cloud and
on-demand computing than
ever before. According to IDC,
a research agency, the industry is
well on its way to making Cloud
computing a mainstream component of its digital strategy. With
rising NPAs affecting profitability,
and product and service margins
becoming increasingly erratic, firms
in the financial services sector are
looking for ways to control costs,
including those arising from the IT
function.
One of the prime reasons for
adopting the Cloud is the enhanced
technological efficiency it offers. The
banking sector has been particularly
quick to do so, since it allows for
capital optimisation, lower operat-

ore and
more financial
institutions are
also recognising
that technology
can also help
them more quickly
bring new and
innovative products
to market, allowing
for competitive
differentiation
in a crowded
marketplace.

ing/technology costs, and better


portfolio quality. More and more
financial institutions are also recognising that technology can also
help them more quickly bring new
and innovative products to market,
allowing for competitive differentiation in a crowded marketplace.
Further, for banks, which tend to
rely heavily on legacy systems, managed Cloud hosting and recovery
services are a cost-effective way of
navigating a shifting regulatory and
compliance environment. Organisations that adopt the Cloud can
respond more securely and with
greater agility to market, business,
and end-customer demands.

The many benefits of the Cloud

The value offered by Cloud computing is not limited to the lower


price tag of technology investments.
More importantly, it can make a financial service company more agile,
in several ways.

Enhanced security

Businesses that use Cloud computing often enjoy stronger data


security than those that try to go it
alone. While some business leaders
remain concerned about security,
the vast majority of service providers already meet or exceed industry
needs and regulatory requirements.
Companies can rest easy knowing
that high-grade Cloud providers
build their infrastructure around
enterprise-quality equipment that
is out of reach for all but the largest
firms. With high levels of redundancy built into such systems, there
is no single point of failure. Data is
backed up to multiple servers, pos-

38 CFOCONNECT May 2016

think tank
sibly even across wide geographical
regions. When a server crashes or
hardware malfunctions, the risk is
minimised because data is safely
stored across multiple locations.
Most Cloud service providers also
offer in-built multi-layer protection
against spam, viruses and malware;
email retention for compliance; and
policy-based e-mail encryption,
keeping e-mail communication safe
and secure.

Enhanced disaster recovery

With their acute need for business


continuity, financial institutions
cannot afford to fail. Be it technical
issues, weather-related incidents or
human error, such organisations
need a comprehensive disaster
recovery (DR) plan that covers the
full range of resources and logistics.
In terms of IT operations, banks
and other financial services firms
are turning to automated solutions,

usinesses
that use Cloud
computing often
enjoy stronger
data security
than those that
try to go it alone.

such as Cloud-based disaster recovery, to minimise downtime and


speed up recovery.

Reduced infrastructure
requirements

As an organisation grows, so do
its information technology hardware
and software need. By migrating to
the Cloud, businesses can reduce the
size of onsite infrastructure, share

Strategies for managed Cloud hosting


IDC advises financial institutions to develop an enterprise risk management
(ERM) strategy that is commensurate with the level of risk and complexity of all
of their third-party associations, including Cloud relationships. A number of best
practices can help in this regard:
1. Develop a plan that outlines the institutions strategy, identifies the inherent risks,
and details how to select, assess, and oversee the Cloud service provider and
its operations.
2. Perform proper due diligence to identify risks and capabilities.
3. Negotiate written contracts that clearly outline the rights and responsibilities of
all parties.
4. Regularly monitor the service providers activities and performance.
5. Have an agreement that allows for terminating the relationship if necessary, and
in a manner that permits the activities to be transitioned to another provider,
brought in-house, or discontinued.
6. Assign clear roles and responsibilities for overseeing and managing Cloud
relationships and the risk management process.
7. Maintain proper documentation and reporting to facilitate oversight, accountability, monitoring, and risk management.
8. Conduct independent reviews of the firms risk management processes to
ensure that the institutions processes and strategy are aligned, and that the
risks arising from Cloud relationships are being properly managed.

the liability with qualified technology partners, eliminate much of the


hassle associated with procuring
hardware and software, and possibly bring down costs as well. Doing
so eliminates the need to purchase
multiple servers and supporting
equipment, store these on-site, and
pay for the space and utilities to
support their operations.

Lower maintenance costs

Reduced onsite infrastructure


also means significantly lower costs
associated with day-to-day maintenance. Keeping IT equipment current is critical to both security and
performance, but with less equipment housed internally, this need
is greatly reduced.

Greater business agility

Cloud computing enhances agility in multiple ways. First and


foremost, it is built with mobile
productivity in mind. Employees no
longer need to be tethered to their
desks. Applications and information
can be accessed from virtually any
device with Internet connectivity,
allowing staff the access needed to
be effective, without being tied to the
office. When technology questions
crop up, access to an experienced
help desk allow people to work
more efficiently throughout the day
and deliver greater productivity.
Additionally, the often-overworked
IT department will operate more
effectively in a Cloud-computing
environment, because it is no longer swamped by infrastructure
concerns, software upgrades and
day-to-day issues. Users get to focus on their jobs and IT staff get to
concentrate on the projects that truly
better the business but which are
often put on the backburner because
small issues continuously pop up.

The ability to evolve with the


organisation

Switching to the Cloud allows


organisations to meet their changing
needs and goals, but without large
investments or time commitments.

May 2016 CFOCONNECT 39

think tank
As the company grows, hires more
employees or sets up a new office,
it need not purchase additional
infrastructure to support daily operations. Rather, the Cloud environment can scale itself to match the
companys growth. Organisations
that experience seasonal changes
in activity can scale up or down
their Cloud usage to match the
work tempo. This affords the kind
of flexibility that on-site systems
simply cannot match.

Assessing a Cloud service


provider

Before signing on the dotted line,


financial institutions should assess
potential Cloud-service providers
on the following criteria:

24x365 support

Live support and personalised


service help reduce operational
and personnel costs. Some service
providers, though, offer only limited
live support options, and require the
client to primarily use self-service
and forums. This makes it essential
to align ones support needs with
what is on offer.

System availability

It is vital to choose a Cloud provider that can match or exceed ones


own internal service levels. When
reviewing the availability metrics of
each vendor, though, it is crucial to
compare apples to apples. Vendors
tend to publish uptime statistics, and
will include, say, the minimum service levels to which they will be held
accountable, in terms of infrastructure, operations, databases, applications, and networks. They may not
include planned outages or outages
shorter than a specified amount of
time in their reports, so one needs to
make sure that these are factored in.
Also, depending on the workload,
a certain amount of downtime may
actually be acceptable.

Location of data

Banks and other financial institutions often demand control over the

40 CFOCONNECT May 2016

witching to
the Cloud allows
organisations
to meet their
changing needs
and goals, but
without large
investments or time
commitments.

to the datacentre is standard operating procedure. However, such visits


can be of limited value if they do not
include the exact location(s) where
the data will reside, and if the evaluation concerns only a single point of
time, rather than being a continuous
process. Understanding the providers datacentre practices and service
levels, demanding compliance with
strict information security management standards, and auditing the
security monitoring and reporting
procedures, are all critical elements
of strong security practices.

geographic location of their data.


This makes it important to fully understand the Cloud providers data
residency practices, as well as the
options it makes available to clients.
Very large service providers may
not always follow business models
that guarantee data storage in a particular jurisdiction, and regional or
mid-size providers are sometimes a
better bet in this respect. In general,
though, it is now common practice
for providers to agree that the data,
no matter where it is stored, will be
bound by the laws of the clients
jurisdiction.

Disaster recovery and data


recoverability

Management of data

Roles and responsibilities

Full compliance with data privacy requirements, and in particular, ensuring the safety of valuable,
personally-identifiable information,
is vitally important. A good start
is to have clear policies, such as
providing data access only to bank
personnel, and generating notifications whenever a third party, either
fraudulent or legitimate, tries to access the banks information. Financial institutions must also check that
their service provider stays abreast
of evolving data-security threats.

Security policies

An ironclad security policy covers not only the data itself, but also
the datacentre facilities, databases,
applications, operating systems, networks and everything in between.
For many institutions, an onsite visit

The Cloud provider must have its


own business continuity and disaster recovery procedures, including
recovery point objectives (RPOs)
and recovery time objectives (RTOs),
as well as application and data
recovery procedures that protect
the reliability and availability of its
services. Financial institutions must
be able to recover the workloads
hosted on the cloud, and possible
safety options include recovery as
a service, managed backup, and
offsite cloud backups.
Contracts should clearly define
the roles and responsibilities of
the Cloud service provider and
the client, covering all aspects of
the relationship from day-to-day
operations and system monitoring
and failure, to data breaches, patches
and upgrades, cyber surveillance,
and compliance. It is useful to remember that a Cloud service may
involve prime contractors as well as
subcontractors, so the contract must
carefully delineate their roles and responsibilities. In most cases, though,
the prime contractor is ultimately
liable for all outcomes its own, as
well as those of its subcontractors. n
Nitin Mishra is Senior
Vice President, Product
Management, Netmagic
Solutions

You might also like