Infrastructure

11:00 AM
Tony Craythorne
Tony Craythorne
Commentary
50%
50%

Embracing the Hybrid Cloud

Cloud computing has by now become a business reality.

While motives for banks moving to the cloud differ, the pressure to cut costs and get to market faster are major factors driving cloud adoption in the financial sector. In fact, Gartner believes that by 2016, budgets will drive over 60 percent of banks worldwide to process many of their transactions in the cloud. 

Emerging clouds
If reservations exist due to regulatory or security concerns, financial institutions may consider the hybrid cloud. Over the next couple of years, enterprise cloud strategies will be increasingly impacted by the hybrid cloud, which leverages a best-of-both-worlds approach. Indeed, the hybrid cloud offers the best of the private and public clouds, ensuring greater security along with larger storage capacity. So, using a private cloud, financial institutions can retain control of their sensitive data in-house, while benefiting from the flexibility, operational efficiencies, and cost advantages of the cloud.

For increased storage capacity of non-sensitive data and to speed-up data processing, financial institutions can look to the public cloud. Another lure has to do with cutting existing infrastructure costs. Many financial institutions have large legacy systems, which they continue to run at great expense, worried about the risk of transferring operations and data. Via a hybrid cloud move they can scale up operations accordingly, without adding software, hardware, or manpower costs.

Backup, recovery, and regulatory compliance
Banks have a fundamental question they must ask before they can join the cloud movement. Basically, which business functions are actually suitable to migrate to a cloud environment? Sounds simple, but this is not always easy to answer. It’s paramount to have a reliable data backup-and-recovery system in place that will ensure business continuity and secure data if a disaster happens.

It is true that storing data in the cloud means a service provider is entrusted with it, rather than an organization’s own staff. This is a big sticking point for many financial institutions. Hybrid is one answer. But each organization must look carefully at its disaster recovery strategy as well. Disaster-recovery-as-a-service (DRaaS) may be the best solution. This is the replication and hosting of physical or virtual services by a third party should a disaster happen, be it a hack or natural disaster.

Finance is a compliance-driven industry that is audited regularly, so the ability to prove that a disaster recovery solution is compliant is critical. In the same breath, the ability to have offsite copies of data is also an important requirement. With a PCI-compliant cloud solution, financial institutions have the security and assurance they need. So, if they do experience system downtime, they are ready and able to operate out of the cloud immediately. 

When an organization works with a cloud provider, it should always check the provider’s security protocols. In the cloud, encryption is the industry standard. Data must be encrypted when stored in the cloud and when being accessed by the user. Data is kept safe this way and can travel between an onsite device and cloud backup securely via an SSL tunnel. This enables the IT team to focus on the organization’s in-house system security and optimize overall performance.

It goes without saying that any cloud provider should be carefully chosen. There are so many options on the market, all competing for business. Not everyone has the expertise, software options, or regulatory compliance background to handle security appropriately. As the old adage goes, it is no use trying to shut the stable door when the horse has already bolted. The same goes for data security.

The way forward
Regulators will start to change the goal posts as they gain a greater understanding of the cloud, opening up the market rapidly. In July 2013, for example, Dutch banking regulator De Nederlandsche Bank approved the use of Amazon Web Services for financial operations, including credit risk analysis, mobile apps, and retail banking platforms.

There are numerous cloud models out there, and they will continue to evolve. But the hybrid model offers banks the opportunity to get on the cloud now, benefiting from low cost, flexibility, and on-demand scalability, while at the same time addressing the compliance and regulatory issues so vital in their sector.  Reducing the capital and operation expenditure on an IT infrastructure in the increasingly competitive financial world has got to be a smart move, and it can all be achieved with the cloud.

Tony Craythorne serves as vice-president of sales at Quorum. He most recently served as senior vice president of worldwide sales at Connected Data/Drobo, where he assumed responsibility for all sales and marketing. His accomplishments there included leading the successful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Byurcan
50%
50%
Byurcan,
User Rank: Author
9/29/2014 | 8:49:36 AM
AWS
Interesting about the Dutch banking regulator and Amazon Web Services, I did not know that. Amazon has really made great strides in providing cloud services.
Ulf Mattsson
50%
50%
Ulf Mattsson,
User Rank: Apprentice
9/26/2014 | 12:34:42 PM
Cloud encryption
We should remember that if encryption of the stored data is performed in the cloud environment then "service provider is entrusted with" the encryption keys and decryption capabilities, since the keys are used in the cloud.

I found interesting projects that addressed the challenge to protect sensitive information about individuals in a way that will satisfy European Cross Border Data Security requirements.

One project included incoming source data from various European banking entities, and existing data within those systems, which would be consolidated in one European country. The project achieved targeted compliance with EU Cross Border Data Security laws, Datenschutzgesetz 2000 - DSG 2000 in Austria, and Bundesdatenschutzgesetz in Germany by using a data tokenization approach, protecting the data before sending and storing it in the cloud.

This new approach to data privacy is described in a report from the Aberdeen Group. The report revealed that "Over the last 12 months, tokenization users had 50% fewer security-related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-users". Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data.

The name of the study is "Tokenization Gets Traction". Aberdeen has also seen "a steady increase in enterprise use of tokenization as an alternative to encryption for protecting sensitive data".

Encryption gateways can be very cost effective way to keep all crypto operations, keys and tokenization operations inside your own organization.  

Ulf Mattsson, CTO Protegrity
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.