Can the cloud be safe for banks?

Aditi Roy Ghatak considers the issues at stake for the banking industry to implement cloud technology. Here are some of the possibilities for this security-sensitive industry.

"We will never buy another data center. We will never buy another rack or server or storage device or network device again. I will never let any organization that I work for get locked into proprietary hardware or software again. I'll never tell my teams in the business that it will be weeks to get them hardware provision. I'll never pay up front for any infrastructure and certainly would never pay for any, or rent any, infrastructure that I would never use." - Michael Harte, CIO of Commonwealth Bank of Australia, in his speech to the Committee for Economic Development in Australia.

Cloud characteristics like zero up-front capital requirement, shared service delivery over the internet, agility, and a pay-for-use environment has got some large banks like ING, proactively testing the technology. While some banks are closely watching and looking for the answers regarding cloud security and regulatory issues, some others are not quite sure of what cloud computing truly is.

High technology costs and under-utilized hardware are some of the major issues that the big banks face currently. With the help of cloud, the banks may efficiently scale up operations without adding any costs, either on manpower or on hardware and software. Since the hardware and software are available on demand, the user has to pay only for what is utilized and need not make a huge initial outlay investment.

One of the many problems faced by the IT departments of the large banks is that of below-optimum usage of their computers. Generally, large banks deploy huge in-house capacity and more than adequate hardware, which later on is not used to the optimum. In such cases, the bank may switch a function such as treasury applications, if not the entire core banking services to the cloud.

For small-scale banks it is not always possible to make an upfront investment on a core banking solution, hence, impacting their competitiveness. By getting into a subscription model, such banks can pay per use, per branch. Another issue commonly faced by the small scale banks is to get the right talent to manage the servers and hardware. By choosing the cloud, that issue is solved.

While there is no doubt that there are some clear benefits of implementing the cloud in the banking industry, the security and compliance concerns for such a sensitive industry definitely have to be addressed in the best possible manner. The hybrid, or shared, IT infrastructure is one model that promises the variable costs, scalability, flexibility and on-demand availability sold by public cloud computing, while at the same time addressesthe security, compliance and performance procedures concerns of banks and financial services companies.

Financial services firm ING, has partnered with technology giants such as IBM, Hewlett-Packard, Cisco, VMware and EMC to construct a large hybrid cloud, combining the features of public clouds and private data centers. ING's private cloud consists of a web of computing, storage, and network resources used as a service with automated, self-service provisioning. The kind of applications currently planned for cloud computing at ING are general office apps, utility apps, and business apps.

Similarly, capital markets are a key growth market, where Microsoft has seen some of the major adoption of cloud services, due to the regulatory changes and at the same time, the need to compete and curb costs. For instance, Misys and Temenos offer core banking applications via cloud. Also, in investment markets, firms such as Wall Street Systems manage all their trade settlement on the cloud.

Any type of banking application and data is very critical and confidential for the bank. Hence, it may take time to develop a cloud strategy before hopping on to the technology.

  • Determine the business functions that might be suitable for different cloud environments and classify your information assets by sensitivity.
  • Develop a comprehensive set of requirements specific to the lines of business and the specific business functions the bank will operate in cloud.
  • Banks can consider secure private cloud and have a contractual agreement to provide cloud-based, low-cost solution by taking complete responsibility and by fulfilling all required norms by the customer.
  • Databases can be kept inside bank and only application (SOA based, multi-tenant architecture) can be put in the private cloud and integrated to each other (a typical secure hybrid cloud model).

Editor's Picks