CWS: Can you tell me more about the factors that are hindering financial institutions from moving to the cloud? How should they overcome these barriers?
CC: FSI's main currency is trust. Without trust, financial institutions will not be able to conduct their business. Over the years, a lot of regulations and legislations have been added to fortify this trust and ensure that the end clients are not short changed. We see three main hurdles that hinder cloud adoption in FSI in relation to maintaining this trust.
In Hong Kong and around the world, significant data security and compliance requirements hinder financial institutions from going to the cloud. Essentially, financial data has to be secure and access controlled, as set out by legislation like Sarbanes-Oxley and the Gramm-Leach-Bliley Act in the U.S. and the Data Protection Act in the UK. Local regulations also require customer data to be stored in country. Unless regulations change, processes that touch customer data will not be able to be easily migrated to the cloud. However, many financial institutions are already evaluating the use of cloud for those processes that do not touch customer data, while others are looking to use cloud as test beds, service delivery and innovation. So cloud adoption will eventually increase but at a very cautious rate as regulations and compliance activities remain a key concern for many.
2. Perception of insecurity
For banks, which are often seen as treasure vaults, security is paramount. Although clouds are secure when architected correctly, perceptions about the insecure Internet and regular articles on Internet attacks often keep many financial institutions on the sidelines. These perceptions will eventually change, but it will be some time before end customers get comfortable with a cloud-based bank. In the meantime, many financial institutions are already building private clouds that offer some of the flexibility and cost savings of public clouds but are designed to be more secure.
3. Cost of migration
Financial institutions cannot afford down time. Every second of down time means millions of dollars lost, tarnished reputation and loss of would-be clients. And every time a financial institution becomes unavailable over the Internet, it becomes a headline. Migrating to the cloud is a huge endeavour, and obviously many financial institutions are wary about the risks it entails. The use of legacy systems and reams of data (kept for compliance reasons) make it more complex. In addition, banks cannot fully migrate all their applications and processes onto the cloud due to regulations. This means that they need to examine which processes that can be migrated and maintain a secure and highly reliable link to their current data center. To successfully mitigate them, financial institutions need a well-planned plan executed in phases. Migration tools are getting better and more comprehensive, making this possible. More forward-looking financial institutions are using clouds as test beds, to ensure migration occurs smoothly.
Sign up for CIO Asia eNewsletters.