Cloud computing for banks and financial service providers

While German financial service providers have had difficulty with cloud solutions outside the private cloud, partly due to regulatory requirements, they are now making increasing use of the advantages of the cloud in the course of digitization. This poses specific challenges for the migration and provision of data. However, the level of maturity reached today by established cloud offerings and the supporting technological solutions now also enables the financial industry to take advantage of corresponding added value and to meet all regulatory requirements more efficiently and securely than in purely local environments.

It is both a curse and a blessing: financial service providers own very large amounts of data. Literally a treasure trove of data that - used correctly - holds knowledge and insights that can be used to respond to changing market conditions in real time and secure decisive competitive advantages. The prerequisite for this, however, is that this data is available consistently across all systems at all times and in accordance with regulatory requirements. A key driver for moving data to the cloud is therefore the ability to provide it reliably in distributed environments.

Cloud flexible and scalable

The other driver is the issue of cost savings: Using cloud solutions can significantly reduce spending on infrastructure, computing power and storage capacity, and also result in lower startup costs than would be the case if a data center were onboarded. Not only is data storage, for example, often provided more cheaply in the cloud, because it is more efficient for the cloud provider to manage, than is possible in local, self-managed storage systems - the gain in flexibility and elasticity also leads to significant cost savings.

This is because scalability enables, for example, uncomplicated scaling at a specific point in time when a peak is expected (such as in November for car insurance). In addition, the cloud ensures that the systems (hardware and software) are constantly provided with the latest technical and regulatory status. Financial service providers are thus investing in the digital future and at the same time acting in a cost-conscious manner.

In general, many financial service providers now see the cloud as the starting point for digitally based business models and future corporate success.

It is no longer a question of whether they should use cloud solutions, but for which of their applications and in which operating mode. Data consistency and availability are crucial factors for more flexibility and agility - such as shortening time-to-market or accelerating the idea-to-cash cycle with the help of the cloud."

Specific challenges and perceived hurdles

Up to now, financial service providers have mostly moved smaller, non-critical applications and projects to the cloud in order to gain experience in the new world and take their first steps in the development of digital applications. In order to exploit the full innovation and productivity potential, it is now necessary to transfer business-critical data and applications to the cloud as well.

However, decision-makers still find it difficult to do this and thus leave competitive advantages untapped. This is often only because the specific challenges and perceived hurdles seem high - or because they simply do not know that solutions are already available that meet the requirements in the areas of technology, security and compliance.

Know-how and understanding: The great cloud potential and the relevance of the availability of business-critical data for the implementation of future digital business models are not yet fully recognized on both the specialist and management sides.

Obstacles here are the lack of technological know-how, but also a lack of experience in the implementation and operation of new technologies; especially in the interaction with systems that are not moved to the cloud, or only at a later date."

The first thing to do here is to build up a fundamental understanding of digital business models and their processes in distributed environments and the specialist departments. Dealing with new technologies also changes the requirements for the employees involved in many areas of a company.

Security and resilience: In addition to general security concerns about potential cloud providers, financial service providers avoid migrating business-critical data to the cloud primarily out of fear of downtime, loss of control or loss of data. To counter this, it is important to design the infrastructure in such a way that downtime or data loss can be sustainably reduced or, at best, completely eliminated. Hybrid or multi-cloud models now offer the highest level of reliability and data resilience. In the future, it will often be the case, especially in larger banks, that an AI application, for example, will run in an IBM cloud, while other partner applications will run in the AWS cloud and the bank's own applications in the Google cloud - no obstacle with a modern multi-cloud strategy.

Initially, this requires the secure and consistent migration of data to the cloud without restricting access to this data during the migration, which can last several weeks. However, this elementary requirement not only relates to data migration, but extends to the entire lifecycle of highly complex and strongly integrated systems. However, real competitive advantages only arise when business-critical data is consistently available at any time and any place. Between on-premise and cloud environments as well as in multi-cloud environments.

Regulation and compliance: Perhaps the biggest hurdle is the concern about potential problems with regulation and the requirements of the German Federal Financial Supervisory Authority (BaFin). In many cases, banks and financial services providers have the unfounded belief that their requirements prevent them from outsourcing data and services to the cloud and cloud providers. On closer inspection, however, cases from competitors and fintechs often show that these hurdles do exist, but can be overcome.

It is worth taking a look at the details and the three key BaFin guidelines that ensure compliance:

1.BAIT - the banking supervisory requirements for IT regulate topics such as IT security, data backup and application development.

2.MaRisk - the minimum requirements for risk management define requirements for the implementation of IT security, especially in relation to risk management

3.MaComp - the minimum requirements for the compliance function provide guidance on the practical implementation of behavioral, organizational and transparency obligations.

They are supplemented by the Cloud Computing Requirements Catalog (C5) of the German Federal Office for Information Security (BSI), which specifies which requirements cloud providers must meet. In addition, the hosting partner must ensure that all essential compliance guidelines are adhered to, but this should no longer be an obstacle in view of various industries that are significantly more cloud-friendly.

These requirements are clearly more of a help than an obstacle or hurdle - and they must be complied with. Banks and financial service providers must be able to trust a partner for the migration and replication of their data one hundred percent that it meets all compliance requirements. By choosing the right external partners, whose managed cloud and data services meet regulatory requirements in addition to stringent security, performance and availability requirements, nothing stands in the way of successful cloud adoption.

Solution approaches for cloud projects

Key to the complete innovation and productivity potential of cloud computing is a comprehensive data management or live data strategy that ensures data consistency and availability across all interfaces and locations - regardless of the amount of data. Such a fundamental strategy opens up innovative individual application scenarios for the successful use of the company's own treasure trove of data. The automated process guarantees complete consistency of the data - at all times and on all systems involved, in the different contexts and especially in productive environments.

A number of application examples from banks and financial service providers show what such a strategy can look like in detail: The case of a US commercial and retail bank illustrates both the business and regulatory requirements for availability and performance. It also involved the implementation of Big Data applications for credit card fraud detection and credit risk analysis. Optimal data availability and resilience in a complex system of multi-regional cloud locations is illustrated by a large financial institution that uses WANdisco solutions for uninterrupted cloud-based business operations and meets all regulatory requirements flawlessly. Finally, there is a regulator itself that monitors financial trading practices and uses WANdisco Fusion to move a daily influx of 75 billion records between different cloud providers and to analyze and store the data.