Cloud computing in its various forms is often pitched as a panacea of sorts for organizations that are looking to increase the flexibility of their data and to drive down costs associated with their IT infrastructures. And for many, the benefits are real.
By offloading many of their IT tasks – from processing increasingly large amounts of data to storing all that data – to cloud providers, companies can take the money normally spent in building out and managing their internal IT infrastructures and put it toward other important business efforts. In addition, by having their data in an easily accessible cloud platform, organizations can increase the productivity and flexibility of employees who now can get ahold of the data from wherever they are and at any time.
Financial services institutions are among the latest to investigate migrating their data to the cloud, which can mean either public, private, hybrid or community clouds. They’re being drawn in by the promise of greater flexibility and agility and reductions in their costs. However, migrating sensitive data comes with a variety of external challenges and risks that these organizations need to understand, and there also are the hurdles in-house created by a lack of understanding by those inside a company driving the push to the cloud that can result in poor planning and implementation. Researchers Douglas Arnot and Andy Phippen with the Plymouth Business School at the University of Plymouth in the UK laid out the benefits and risks financial institutions face when migrating their data to the cloud. Essentially, it comes down to this: migrating to the cloud “is not a competitive advantage, but a necessity.” However, before making the moving, make sure you understand what you’re getting into, including all the potential pitfalls that await.
“In recent years, cloud migration has been increasingly conducted globally, with financial service companies being some of the latest organizations to migrate to the cloud,” Arnot and Phippen note. “The journey to the cloud however is fraught with challenges and obstacles which prove to be expensive to recover from, with the worst case scenario being that cloud migration costs more than maintaining the original legacy systems.”
The details of their study can be found here, but the researchers caution financial institutions to be as cognizant of the risks involved with moving their data to the cloud as they are of the benefits. That includes understanding the options in front of them. Public clouds like Amazon offer significant cost efficiencies, but data security is a concern. Organizations don’t always know where the information is stored, how it’s backed up or who else might have access to it. Private clouds give institutions more control over their data – it’s all behind the firewall – while offering cost benefits similar to public clouds, but they also come with initial short-term capital and operational costs. Hybrid clouds enable companies to maintain greater control over business-critical data while shipping other data to the public cloud, but the movement of data between the cloud environments can be a cause of data security and privacy concerns. Community clouds – the authors point to the Open Compute Project led by Facebook – are more expensive than public clouds and data stored there is generally shared among all members.
In addition, the external threats facing financial institutions as they migrate data to the cloud are varied, putting at risk not only the data but also the brand of the organization. There are geopolitical concerns to be dealt with, particularly since cloud data centers can be located anywhere in the world, including in politically corrupt countries. In addition, cybersecurity threats from anti-establishment groups pose a risk, as illustrated by the hack in 2014 of JP Morgan Chase, in which three hackers looking to manipulate the market stole contact information for 76 million households and 7 million small businesses.
Government legislation also ups the risk for financial institutions. High up on the list is the European Union’s invalidation of the Safe Harbour agreement in 2015 between the EU and the United States. The agreement was made to protect the data of Europeans that is transferred to the US by US companies. The decision to invalidate the agreement came amid growing concerns that US government authorities could use such data for surveillance and monitoring reasons. The result move is that US companies can be investigated if they’re suspected of not adequately protecting customers’ data.
“The invalidation of Safe Harbour has made cloud migration a major accountability risk,” the authors wrote. “At the risk of losing sensitive customer data, outsourcing data centres to 3rd party providers in public, community or hybrid clouds can create major ambiguity for the ownership and security of data. Furthermore, it complicates international business growth. In order for the cloud to be fully optimized it is crucial that cross-border data flows are implemented. By restricting data sharing across the US and EU, data centres based in both the US and EU will find it harder to communicate, therefore the backing up and updating of data becomes very difficult.”
Other legislation, including the Sarbanes-Oxley and Gramm-Leach-Bliley acts, also put the onus of ensuring the security of data in the cloud on the financial institutions and their officers rather than the cloud providers.
In addition, there are social implications that need to be considered in a move the cloud. Such a significant change in the infrastructure and operations of a company can result in job losses, strategic shifts and disruption. Organizations need to determine whether the benefits of migrating to the cloud outweigh those problems, Arnot and Phippen wrote.
There also are plenty of internal challenges to migrating to the cloud as well. Through interviews with business leaders driving the push to the cloud, the authors found that few understood what they’re investing in and how the implement it, or what they should move to the cloud. The creates a ripple effect in which there is little vested interest and a lack of ownership in the effort, which leads to poor planning and implementation and, eventually, the inability to realize all of the benefits that the cloud can offer.
The potential benefits of embracing the cloud are many and they are real. However, without a clear understanding of what such a migration involves and the challenges that are inherent in the effort, the lure of the cloud could turn out to be more of a siren’s song, the authors found.
“There is no doubt as to the advantages of migrating data to the cloud,” they wrote. “The opportunities for cost reduction are clear, so too is the opportunity to outsource IT and maximise flexibility. Whilst the benefits of cloud migration are unanimous, it’s the dangers and challenges of poor implementation which stand out the most. … The message from this research paper is one which encourages cloud migration as a necessity to compete in the modern financial service market. However, it’s crucial that financial service companies take caution when implementing the migration. … This paper strongly encourages understanding of the technology being adopted, investment into legal and compliance teams to protect themselves from legal issues, and encouragement of positive change throughout the business.”