GXS recently sponsored a webinar titled “Compliance in the Cloud: Raising the Bar in Financial Services.” CEB TowerGroup Senior Research Director Rod Nelsestuen joined me to present critical insights into the operational chaos facing financial supply chains with the growth of cloud computing, on-demand services and financial counterparties. (You can view a replay of the webinar.)
Rod outlined the business problem arising from cloud services in financial services because of a lack of controls, informational insight and process transparency. Rod also discussed that although cloud computing increases risk, it also increases sourcing for new IT products and services. In fact, the Federal Financial Institutions Examination Council (FFIEC) issued a document in July 2012 reiterating its guidance on “Outsourced Cloud Computing”. In the summary of this document, the FFIEC stated:
“When evaluating the feasibility of outsourcing to a cloud-computing service provider, it is important to look beyond potential benefits and to perform a thorough due diligence and risk assessment of elements specific to that service. Vendor management, information security, audits, legal and regulatory compliance, and business continuity planning are key elements of sound risk management and risk mitigation controls for cloud computing.”
Further down in the FFIEC Cloud Computing document, it states:
“Outsourcing to a cloud service provider can be advantageous to financial institutions because of potential benefits such as cost reduction, flexibility, scalability, improved load balancing, and speed.”
The benefits of cloud computing include:
- Scalability and flexibility
- Simplified complexity
- End-to-end visibility
- Improved collaboration
- Simplified integration
- Increase security
In order for financial institutions (FIs) to take advantage of these benefits, they need to choose a provider that can mitigate the inherent operational risks. There are eight key characteristics that FIs should look for when evaluating a cloud computing vendor:
- Market leading, experienced cloud service provider familiar with the financial industry and your FI’s legal and regulatory requirements for safeguarding customer data and other sensitive data
- Backup, redundancy, recovery are at the core of the decision to use an outsourcing vendor with highly redundant and resilient data centers designed for mission-critical applications
- Internal controls and security processes can be negotiated by the FI to ensure customer information is appropriately segregated and protected by industry-standard compliance policies
- Leading cloud providers continuously improve their hardware environments to ensure the latest versions of operating systems are installed and use agile software development to deploy feature/function releases on an accelerated basis
- Tailored cloud deployment options to meet your specific needs including private clouds solely deployed on your behalf, or a hybrid cloud consisting of shared hardware but segregated data storage
- Outsourcing portions of your information technology infrastructure can free up internal IT resources to focus on strategic initiatives and new product development
- Providers with financial services domain expertise reduce complexity and risk for FIs with their extensive knowledge of global standards, communications protocols and file formats
- Cloud providers with global support centers can provide 24 x 7 support in multiple languages, ensuring your international clients and regional offices have access to the support resources required as problems arise
For many years, financial institutions have taken advantage of using applications service providers (ASPs) for core functionality such as deposit accounting, loan servicing, and online banking. ASPs generally deploy these systems in multi-tenant, shared environments that look an awful lot like hybrid clouds. It’s the cloud computing terminology that’s new, not the advantages that a third-party provider can provide.