On the 25th of September, the Australian Prudential Regulatory Authority (APRA) released its most recent paper into cloud computing for the financial services industry.
In it, it showcased the breadth at which cloud computing is deployed within financial services. The report accepts the economy of scale at which cloud computing can provide. However it also observed critical pitfalls in executing cloud computing projects, namely around risk and the need for organisations to make decisions based on the best fit, not just cost.
One fundamental weakness observed by the regulator was “proposals driven solely by cost considerations rather than a clearly defined strategy and architectural roadmap” as well as when “changes in required organisational capability are not sufficiently understood or addressed.”
This exposé on the current cloud environment in banking provided a perfect backdrop to last month’s “Cloud First or Cloud Only: It’s All About the Data” executive roundtable discussion, hosted in partnership with Commvault, Amazon Web Services and Dimension Data.
Moderated by Innovatus Media’s Managing Editor Matthew Egan, the discussion allowed vital Sydney’s senior financial services IT executives to discuss the challenges of cloud computing deployment, as well as when to transition to the cloud and the impact this transition has on data management.
The discussion was lively and uncovered an environment in transition. The frameworks for scaling cloud are there. However legacy, culture and data advocacy, is playing a roll in slowing this development down.
Understanding Your Cloud Journey:
It was clear that the benefits of cloud in driving innovation and scalability were apparent to the group. However, uncovering the “why” in the transitioning to the cloud was also a critical element exposed.
“When we embarked on our cloud journey, we were very clear about what movements we wanted to make as a first step,” one attendee noted.
“You have to be clear about what it is you are trying to achieve in your cloud journey. You don’t want to go into it as a way of ‘IT arbitrage’. Everyone wants to do it cheaper, but are you trying to solve an issue?”
The group noted that there are numerous lenses one needs to consider when thinking about cloud. It could be as simple as solving concentration risk, or as complicated as moving data with a heightened inherent risk to the cloud for security reasons. Whatever the purpose, the decision has to go beyond achieving an economy of scale.
On top of this, you need to consider the implications of cloud within the context of on-premise activity and data management.
“When you move data outside of your four walls, your new data strategy more than likely going to disrupt what is going on within your four walls. You have to prepare for this and responsive to the needs of the business.” Commvault’s technology evangelist Chris Gondek noted.
A Data Blueprint is Still Required:
Another element put forward was the need for CIOs to ensure they build out an IT blueprint which incorporates cloud into this new IT stack.
“I have observed that some of the normal architecture and design considerations when data was on-premise got put aside as it was being moved to the cloud,” Nathan Vandenberg, General Manager for data centres at Dimension Data noted.
“Just because there was a new place does not mean that end-to-end management blueprints should not be applied.”
Attendees noted that teams don’t want to replace one risk with another. You have to be very clear about the story which you want to sell. It is critical to understand how your data is managed from wherever it is.
“You need to manage cloud, and the data in it like it is a living organism, and as your internal client base continues to grow, this expectation of delivery needs to is critical,” noted one attendee.
Risk, & Compliance:
“Data growth is not a cloud problem. Data growth is a 21st Century problem. The challenge that I see for IT going forward is that we are going to see more and more of that outside of the cloud,” noted an attendee.
This is why data was identified as the first consideration when it comes to risk and compliance. All around the globe, the executives at the table were seeing regulators pay attention to how we protect data and customer information a lot more.
Bringing this into the context of cloud, the importance of understanding where your data is and how it is managed is a crucial area of concern for CIOs looking to ensure a robust regulatory framework.
“Understanding where your data is, how it is coded, where it came from, and how it is being stored is essential to good governance. Ultimately, regulators of the future will be very critical of data management, as data is becoming the biggest asset to the financial services community,” Gondek noted.
Data Protection & Security:
Another key area discussed was the challenge of data protection and security within a cloud environment.
“Once you have suffered a malware attack that is encrypted. Unless you have backup and recovery, you don’t really have a starting point. It is about the response and the recovery,” Gondek noted.
The group discussed that cloud management incorporated a responsive security strategy, as the likelihood of being attacked is at a point of foregone conclusion for the banking sector.
Another element exposed in this discourse was the need for executives to monitor their technology ecosystems and internal networks.
“You need to look at how you are going to protect data within outside boundaries. The type of people who can see that data is also not just your people. When your business is exposed to second, third and fourth parties, you need to have many mechanisms in place to protect your data,” one attendee noted.
Data protection and security is vital to ensuring that the financial services community can continue to take advantage of cloud innovation. Security needs to become a data management conversation if the right culture is to be created that takes advantage of cloud innovation.
From the discussion, it was clear that Australia’s financial services industry is taking full advantage of cloud innovation. Spinning up environments aimed at driving more significant levels of operational efficiency and a better-quality outcome for the customer is where many around the table would like their organisations to be.
However, it was also clear that more considerations are needed around the context in which cloud is deployed and the impact that has on the data itself and data management.
The information, which represents the customers best interest, needs to be at the forefront of all considerations when looking to move data into different environments. Cloud is not a one size fits all solution, and Australian banks have a vast history of technology legacy which impacts the context in which operations perform.
To manage data safely and securely, CIOs put the data first, not the solution.