BLUE SKY THINKING.
Cloud computing comes into its own. Louise Rowland reports.
It may impact almost every corner of our daily lives but, until recently, uptake of cloud technology within financial services has been relatively modest. Over the past 18 months or so, that’s all started to change as growing numbers of firms finally embrace the virtual world.
A recent Cloud Security Alliance study shows that 61% of institutions across both the buyside and the sellside are already developing a cloud strategy, with hedge funds and new start-ups way ahead of the field.
“We’re witnessing a step-change transformation,” says Terry Roche, head of FinTech research at TABB Group. “At the start of the year, the light was amber, whereas it’s now moved to full green. Executive managers at the top of institutions are interested in migrating to this technology for at least some of their operations and are executing or developing a cloud-based roadmap.”
Manna from heaven
So what’s driving an often risk-averse industry to step out of its comfort zone and use cloud infrastructure and services? Top of the list has to be the dramatic cost savings offered by the cloud’s pay-as-you-go business model.
The move from capex to opex – (capital expenditure to operational expenditure) from running costly legacy systems in-house to outsourcing front or back-office activities to an external infrastructure and set of application services – promises to deliver savings of anything up to 40% over five years.
That’s music to the ears of an industry battling squeezed margins, weak revenues, costly regulatory requirements and a wave of fleet-footed new competitors.
“People don’t want to spend £100k on building an IT infrastructure on their premises, if they can spend £2k a month buying services as they need them,” says one market participant.
“Very true,” says Iain Buchanan, CTO of quantitative asset manager Piquant Technologies, which harnesses AI to perform its market research. “The cost-model works for us, because we do a lot of ‘bursts’ on the cloud, carrying out calculations using a large number of machines for short periods of time. If you’re a large bank and have your machines on all the time, the costs issue is perhaps less clear-cut, whereas firms with small teams keep everything lean and don’t need to run as much hardware.”
Fitter and faster
The performance of the cloud has also improved, making it increasingly tempting for firms looking to enhance their own efficiency.
“It was mostly about cost savings at first, but now firms are also attracted by the room for innovation, testing out core new business ideas, and the faster time to market, helping them differentiate their business,” says Chirag Shah, senior financial technology executive at Sapient Global Markets. “Every time there’s a new initiative, people are starting to say ‘is this a good use case for the cloud?’ For many firms, it’s now their first choice – a forethought, rather than the afterthought it was two or three years ago.”
The cloud’s speed and elasticity are key, stresses Gordon McArthur, CEO of Beeks Financial Cloud, a low-latency cloud service provider. “In the past, if a London-based fund wanted to trade in Chicago, they would first have had to put space, hardware, racks and plumbing in place, which could have taken four months to achieve. With cloud computing, that can happen in a day.”
It can also boost competitiveness, says Christian Schiebl, EVP, Corona Business Unit at SmartStream. “Banks recognise there is no value-add in continuing with many back-office tasks internally and are now outsourcing them to the cloud, to concentrate on their core business. They should have been doing this a long time ago, but the typical European bank is still very slow and conservative. It will be more natural for the next generation of managers.”
The other buzz is around the test space of new products and services – long a costly environment to build and run, says Darren Craig, managing associate partner, European financial services at IBM Security.
“Nowadays, a new ‘test & dev’ environment can be up and running in a fraction of the time compared to what organisations have been used to. These environments can be created, taken down or expanded within minutes and provided at a very low cost without large capital expenditures and long procurement cycles.”
What kind of cloud?
A lively debate is raging around the best type of cloud provision for financial services: the public cloud, through providers such as Amazon Web Services, Google Cloud Platform or Microsoft Azure; a dedicated private cloud delivered through a proprietary architecture, available only to trusted users; or the hybrid version, blending aspects of both the public and private clouds – which for many observers, is the most likely way forward.
Data sensitivity and intrinsic caution have led many banks to prefer the private cloud option, but others argue that the public offering makes more commercial sense, as well as providing far greater elasticity.
Louis Lovas, director of solutions at OneMarketData, believes the industry will continue to use a mix of cloud models. “Whereas public clouds focus on computing power, storage and memory, the private cloud has many benefits which are very product specific. It is an impractical scenario to think everything will be on the public cloud. The evolution will be a hybrid mix, inclusive of the local infrastructure. No one will completely divorce from that because of internal corporate policies that centre on security and regulatory compliance.”
Safe and sound
Security issues are, of course, at the heart of cloud debate. High profile cyber-attacks such as the recent hacks of Twitter, PayPal and Tesco Bank – and the Democrats during the US Election – certainly don’t help.
Some see an inherent conflict between the open source computing and networks on which cloud architecture is built and the security risk for firms handling highly sensitive client data. Others warn that cyber security technologies are too focused on after-the-fact analysis rather than on prevention and that significant investment is needed in intrusive technology.
Overall, however, the consensus is that, while cyber crime will remain a fact of life, the industry has made great strides in developing preventative technology. Furthermore, they add, the public cloud is likely to be safer than a private platform, as only the Amazons and Googles have the resources and economies of scale to maintain state-of-the-art cyber expertise. Even the CIA uses cloud technology for some of its operations.
Firms need to their homework, advises Ryan Rubin, UK managing director and European lead in the technology consulting security & privacy practice at Protiviti. “Companies need to choose appropriate Cloud partners to ensure they can manage the business risks. They also need to apply measures such as additional encryption and security controls or choose service providers in specific constituencies to manage data privacy risks. Establishing accountabilities and responsibilities between client and cloud provider is critical to ensure there are no gaps in oversight or governance.”
Some companies are more cloud savvy than others, points out Ralph Achkar, strategic alliances director, Colt Capital Markets. “People need to know some technology and why they should choose one cloud provider over another in terms of price and performance. The model generally won’t rest on one single provider but on competing offers to keep vendors on their toes.” Cloud experience should be an end-to-end experience including strong, reliable connectivity. “The road to the house needs to be safe, as well as the house itself, to prevent security beaches.”
The sky’s the limit
Pockets of resistance remain – typically amongst risk and compliance teams, IT departments unwilling to cede control or within Tier 1 banks still needing to run down large legacy infrastructures. The most demanding and latency-sensitive workloads are likely to stay on private clouds for now, with core trading infrastructure probably the last area to migrate across.
But with regulators such as the FCA giving cloud technology the go-ahead – provided stringent safeguards are in place, reflecting the rigorous oversight firms must apply to their own activities – it’s clear the only way is up.