Accelerated by COVID-19, financial institutions are shifting to cloud to increase their infrastructure capacity and accommodate the growing demands of consumers. However, heavy reliance on cloud providers is raising new risks regarding the stability of the financial systems.
The need to be better equipped to compete in the present-day economy accelerated by COVID-19 nudged many financial institutions to migrate their operations onto the cloud. However, storing critical data in the hands of cloud providers is likely to create new challenges for finance market players. Marius Galdikas, CEO at ConnectPay, has shared his insights on mitigating related risks and maintaining the necessary levels of fraud resilience.
Legacy vs cloud — what is better for the financial sector?
Big Tech cloud providers, such as Amazon or Google, have played a major role in developing innovative cloud solutions and services. However, there has been rising chatter about the unbalanced concentration of power as a result of this ever-increasing data migration to the cloud. Recently, the Bank of England issued a report singling out opaque practices of major cloud providers, calling into question whether the current regulatory oversight is enough to ensure the security of cloud systems and sensitive financial data.
While security warnings might lead some companies to deploy a private cloud, Galdikas notes that, in terms of risk, setting up infrastructure, that matches the standards of Big Tech, from scratch is a difficult and expensive undertaking and, at the end of the day, probably will prove to be a riskier choice than choosing a public cloud service.
“Public cloud providers, Big Tech included, have significantly contributed to innovation in the finance sector, whereas IaaS and SaaS solutions are now the usual building blocks of every new company. Moreover, public cloud streamlines scaling, enabling to bypass capacity issues or sinking millions into underutilized infrastructure upfront,” Galdikas said.
Same goal, different approach
Fintechs and traditional financial institutions have been noted to take a different approach to cloud adoption.
While Fintechs at scale choose to migrate some of the operations to the private cloud, according to the Bank of England, established banks are doing quite the opposite—moving critical infrastructure onto the public cloud.
According to Mr. Galdikas, the two approaches vary for historical reasons. Fresh fintechs tend to use public clouds because it is an affordable solution to streamline processes and manage operations from afar. As they grow in terms of size and resources, some shift to private cloud to have a firmer grip on the security of their data. Switching to the latter diversifies the risks, considering that moving all of the critical services onto the infrastructure of a single provider might place the company in a vulnerable position. Banks, on the other hand, started with a long-standing legacy infrastructure set up and are moving to the public cloud as part of their digital transformation efforts. Even though their approach might differ, banks and fintechs share the same goal—to provide faster and safer services.
Distribution over different platforms to reduce risks
Overall, the increasing amount of critical data is hinting at a need for a more robust security framework. While setting up more regulatory safeguards should be left to the authorities, Galdikas emphasized what can be done from the financial institution’s (FI’s) point of view to mitigate the transition risks.
“The ecosystem that FIs operate in needs to be distributed between different platforms and providers both in the form of SaaS, public cloud, private cloud, and local Infrastructure service providers,” he noted. “New data protection laws are continuously being put in place worldwide, which makes operating a digital ecosystem an even more cumbersome task. For example, some countries, regions require customer data to be captured and stored, first and foremost, on infrastructure physically present in the country or dictate specific encryption algorithms to be used for such data stored,” Galdikas explained, outlining why distribution over different service providers might be more efficient in reducing risks than opting for more regulation.
He concluded by emphasizing that FIs should be leading the efforts in ensuring that systems meet the levels of fraud resilience necessary for the financial services sector.
“It is up to financial institutions to ensure that the operations they run and data they process is always secure, as they are the ones bearing the trust of their customers. Yet there are specific areas for cloud providers to maintain standards in, for instance, monitoring that safeguards are kept up to date with the current technology. Ultimately, in order to maintain the stability of the financial sector and mitigate risks, both sides will need to stay on top of technological challenges.”