Infrastructure

10:30 AM
Rodney Nelsestuen, TowerGroup
Rodney Nelsestuen, TowerGroup
News
Connect Directly
RSS
E-Mail
50%
50%

3 Steps to Securing the Cloud's Future

The financial services industry has an opportunity to think through the business model for cloud computing in order to minimize the future risks of operating in the cloud.

Projections for the cloud are as numerous as the stars and as uncertain as the fog that hides them. So instead of projecting, let's fast forward 10 years and then take a look back at what happened …

The year is 2021 and the global financial services industry is controlled by five major network providers. India's proprietary network has spread across Asia, enabling services to 3 billion underbanked people. Two vendors remain in North America, both kept in place by the U.S. Congress, which holds rate approval authority. The European Union has grown to 50 nations and consolidated around one provider, while Latin America has coalesced network services through a single cooperative. Elsewhere, a plethora of renegades and upstarts piggyback on borrowed, excess or pirated spectrum, each seeking to bypass the tollgates that have become the 21st century version of Visa fees.

Of the year's 10 richest people, eight are purported to run fraud networks. As gasoline approaches $15 a gallon, physical financial outlets are decaying faster than the neighborhoods around them. Futurists argue one of two directions for the industry: One camp projects the complete abolition of physical outlets within 10 years, citing the ubiquitous access to rich, unified services through the newly launched Dick Tracy wristwatch device. The other camp prophesies a backlash and the return to face-to-face transactions, handshakes, and documents signed with pen and ink, especially since insurance premiums for identity theft are now unaffordable by most people and DNA authentication is available simply by scratching a rubber pad next to the teller window. Skeptics remind both sides that every device known to humankind has been hacked and that the DNA sequences of 4 billion people have recently been posted on WikiLeaks.

... This scenario may seem farfetched, but it points to several issues regarding cloud computing that should be addressed within the industry:

1. Resolve Physical Network Issues

First, the delivery of cloud services is dependent on physical networks. The role of network owners will become a major factor in the cost and ultimate disposition of virtual services. A natural oligopoly arises in the logistics of information delivery across a finite, physical space, regardless of whether the network is cabled or part of the wireless spectrum.

What to do? Resolve the issue by assuring that the evolution of cloud computing includes an open and transparent industry dialogue about tomorrow's physical network business model and incorporates actions to protect universal access and foster marketplace competition.

2. Collaborate on Standards

Second, the cloud may fail to level the playing field. The lack of standards for cloud computing could result in a few major software providers emerging as victors as they create proprietary (and trusted) standards. Pay-by-the-use schemes would disappear as proprietary and separately hardened technologies seek to provide ever-elusive security. With fewer trusted providers, vendor lock-in will become the lesser of evils if the option is to do business with one of many marginal players lurking in the shadows.

What to do? The effort to create standards already has begun in several long-standing groups, including the Cloud Security Alliance and the IEEE. Greater coordination between these groups and many others is needed to arrive at a viable set of standards.

3. Reduce Operational Risk

Third, cloud computing will increase the risk of financial crime. Coupled with the inexorable march of new and increasingly mobile interfaces; the humanizing of business interactions through the use of social network tools; and the addition of millions of new, uninitiated users, fraudsters will see their addressable market grow.

What to do? Several membership groups -- such as the Opertional Riskdata eXchange Association, or ORX -- and vendor-sponsored forums already exist, but a global clearinghouse for financial crimes and other operational risks should be established and mandated to develop best practices in cloud risk management.

The financial crisis brought about much greater sophistication in risk management. Risk is being rethought in every institution, line of business and operation. At this stage, the financial services industry as a whole has an opportunity to think through the business model for cloud computing before it becomes mainstream and a yet unanticipated and unforeseen crisis occurs. The unknown has consequences, and who better to address them than the people and institutions that have the most to gain?

About the Author: Rodney Nelsestuen is a senior research director covering financial services for research and advisory firm TowerGroup. He speaks and writes on business and IT strategies, including customer experience, innovation, operational excellence, sourcing, GRC, and business and customer intelligence.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video
Bank Systems & Technology Radio