THE CLOUD CHALLENGE.
Equinix is best known for its network of data centres spanning 40 markets across five continents, but this network has allowed them to offer the only global interconnection platform. James Maudslay, Financial Services Expert – Vertical Marketing EMEA at EQUINIX explains why the cloud and what they have called ‘Interconnection Oriented Architecture’ will become an integral part of the financial services fabric.
First, what is Interconnection Oriented Architecture™?
Interconnection Oriented Architecture™, or IOA allows businesses to re-architect IT delivery to securely connect employees, partners and customers with what they need, in the right context, using the devices, channels and services they prefer. Such direct interconnectivity enables enterprises to react in real time, adapt quickly to change and leverage digital ecosystems to create new value and growth.
IOA is a completely flexible architecture that offers enhanced security, access to dedicated computing, cloud services – or a hybrid combination of the two – and allows application performance to be used as a driver for change, since new infrastructure needs to perform at least as well as any existing environment. It also has the flexibility to allow businesses to innovate, to share workloads yet communicate with all their partners, customers and suppliers easily and in a timely manner.
It also facilitates real cost control and, particularly pertinent for financial service firms, enables more effective compliance with regulation. There is no ‘lock in’ so firms also have the widest possible vendor choice, as well as the use of performance hubs and access to best of breed solutions and suppliers. Businesses can also deploy edge computing enabling them to take computing and storage resources to the location where they are needed to allow application performance close to the actual users.
What were the initial challenges?
Achieving buy-in was always going to be challenging given the non-physical nature of cloud. So the challenges for on-boarding included security, location of service, data protection issues, questions over suppliers, and questions over contracts. Also, as a heavily regulated industry, financial services are naturally more resistant due to regulatory concern. Yet IOA is a vehicle which helps overcome or improve many of these factors. Equinix also works in parallel with the Financial Conduct Authority (FCA) guidelines, which puts us in a good position to help our customers develop an infrastructure that works within those guidelines.
Could you outline the evolutionary uptake of cloud services by the financial services sector and what is the state of play now?
It would be too early to say that financial services businesses are using cloud in real anger, but having secure, performant access to a range of cloud service providers (CSPs) is allowing trading departments to begin developing solutions. This has been assisted by the fact that the FCA announcement on regulation around cloud services has indicated that there is no fundamental reason why cloud cannot now be used. As financial services firms start to become more familiar with it, we believe that they will gradually start to migrate more workloads to the cloud, all assisted by our ability to interconnect them to multiple cloud service providers, who in turn will start to specialise in the services that the financial services firms provide.
We are already seeing this with the growth of services such as Office 365, which is really beginning to gain some traction, moving licenses and storage models from the traditional capital expenditure (Capex) models onto an operational expenditure (Opex), pay as you use arrangement.
Having established a solid foundation in the electronic trading arena, can cloud services be extended to this sector?
Equinix’s foundations in electronic trading do not currently extend to use of cloud, but there is certainly huge potential for development of cloud in the design and testing of new products and systems as well as long-term data storage. The cloud can also move computing needs to the edge of a business’s network to bring data and computing closer to the users.
Other areas where we see expansion are in analytics, data recovery and business continuity. We also see it widening its access to private as well as public cloud, plus to connectivity that does not involve use of the public internet. It could also allow firms to propose hybrid solutions that can bridge the gap between traditional ‘on-premise’ infrastructure and contemporary cloud services.
How has financial services regulation changed the landscape and are there any particular pieces of legislation that are making more of an impact?
While my expertise is limited to EMEA, we all recognise that regulation differs between territories, but with IOA, due to its flexibility, Equinix can assist financial services firms in any jurisdiction where we have a presence.
In EMEA as elsewhere, regulation of the financial services industry has had a huge impact since the crash of 2008. Whilst it is rare for regulators to comment directly on IT matters, it can be safely assumed that any action which increases transparency, security and risk management will be encouraged by regulators. As a consequence, regulation does indeed have a significant impact on IT matters, typically in the arena of reporting and data storage.
However, there are currently three pieces of legislation/regulation that will have particular impact:
- Guidance consultation 15/6 – The proposed guidance for firms outsourcing to the ‘cloud’ and other third-party IT services – this outlines the FCA’s findings.
- General Data Protection Regulation – being introduced by 2018.
- MiFID II – agreed by EU members states but currently having the exact clauses developed (which is proving to be a very slow process).
What impact do the different regulatory jurisdictions have on the architecture you are building?
On the architecture itself, very little, as IOA is designed to deliver services across jurisdictions. The impact is felt more in the individual design of an IOA deployment to the individual business concerned. A good example would be that of a US-based company trading in Europe. The invalidation of the Safe-Harbour arrangements by EU courts means that IOA can be configured (or re-configured if necessary) to deliver the required services in Europe, whilst also meeting the business’s needs in the USA. Using IOA, the appropriate data can be secured as necessary within the EU with appropriate and compliant systems and procedures put in place to allow for the business’s reporting needs.
Another example would be that of a multi-national company trading across the ASEAN countries that has to comply with data sovereignty laws. IOA can be used to ensure that the appropriate and performant deployment of computing instances across the various countries ensures compliance with the different regulations.
Additionally, IOA allows businesses access to specialist suppliers and partners who will be territorially or regionally aware, and have focused their solutions on the individual needs of a locality or region.
How does the cloud, and fintech in general, help financial services firms meet the new demands and requirements of regulation and a more volatile trading environment?
Regulation will have certain general effects on business when it comes to IT matters. These will include increased reporting, process control, speed of response, security, reliability, data recovery and business continuity. The cloud and fintech are all designed to make responses to these easier – the cloud through flexibility of use (in terms of quantity of resource, performance levels and commitment, and therefore cost) whilst fintech provides solutions to business issues in terms of focused solutions, speed of delivery, ease of deployment and again, cost.
Combined together, the two solutions can respond to constantly changing situations, including new requirements proposed by regulators, backed up by a flexible computing resource that can respond to need, as, when and where required.
While there is a greater understanding of the cloud today, how are concerns such as security being addressed?
Financial services firms currently have six principal concerns about cloud today, all of which have solutions. The first is about the control of the infrastructure and whether they will have less scope to tailor their services. Interconnection capabilities will allow customer choice through the access of multiple clouds and tighter clauses over service delivery will help prevent cloud service providers (CSPs) from changing outsourcing arrangements without the financial institution’s knowledge.
The second issue is the risk of vendor lock-in when moving to the cloud and that short-term gains may be overshadowed by medium/long-term changes. This can be mitigated by a multi-cloud strategy that ensures gains can be maintained, and even allow for the use of different clouds for alternative purposes. Cmpetition should promote best-of-breed offerings but also ensure that long-term benefits do not erode and that innovation maintained.
The third area of focus revolves around data residency including whether it can be guaranteed to remain in the country or city as well as back-up and recovery for mission critical financial institutions’ systems. Solutions include using territorial/regionally aware suppliers through an extensive multi-cloud access capability for the former and a CSP that has an extensive network of suppliers and partners for the latter. Data security is also key which is why a combination of policies, with best in breed perimeter and data defences can be effective. Again, a wide variety of partners is crucial.
What are the remaining issues?
They include the need for ‘access to premises’ for their own due-diligence & audit requirements, and also for regulator access. This can be facilitated by open online visits and ensuring that security measures are provided both for computing as well as physical security. Financial institutions can work with their supplier of choice to ensure compliance or select suppliers based on their regulatory response.
Moreover, there are questions as to how to avoid systems outages during lock-down periods at certain times of the year. As most CSPs are industry agnostic, there may not be an appreciation of the ‘banking on-line day’ where systems cannot be interrupted. Expert CSPs who serve the sector can be on hand to identify and consume services in the appropriate time zone plus service level agreements can also prove helpful. In addition, the ability to allow simplified, secure and performant access to multiple cloud suppliers will meet the financial institution’s specific cloud infrastructure demands.
Finally, one of the biggest fears is the threat of cyber attacks and terrorism and whether suppliers can support high levels of disaster recovery as well as business continuity requirements. Multiple providers can address this either through their own services, or via the use of specialist partners. Private connections also lessen intrusion risk by avoiding the internet. As for natural disaster risk, which is also high on the list, accessing cloud providers via diverse routes and service hubs will address this at a local and regional level, whilst the ability to employ geographically separated CSPs, or even the use of multiple CSPs will protect the actual computing and storage capability required.
What do you predict the future holds for cloud services and greater connectivity for the financial services sector?
The use of cloud is set to continue to a point where only some legacy systems that simply cannot be deployed otherwise will be left on dedicated hardware. This may take some time, but regardless of the exact timing, choice and ability to access multiple clouds simultaneously, securely and in a performant fashion will grow in importance, especially for regulated industries.
Regulation is likely to continue to develop in terms of its penetration, making everything discussed here ever more important for clients if they are to innovate and grow, and leverage regulation to their advantage rather than treating it as a necessary evil.
The ability to connect to services rapidly, as well as ensuring that applications are delivered to their users where and when they are needed will also increase in importance, whilst interconnection to business partners, service providers and of course a business’s staff and clients will become key to success.
This can only be delivered through the use of a true interconnection oriented architecture to underpin the IT service that a modern business will demand.