A new report published today by the Association for Financial Markets in Europe (AFME) and Protiviti outlines potential key regulatory barriers to the greater adoption of cloud services in capital markets and provides recommendations for policymakers and Cloud Service Providers (CSPs) to assist banks with their adoption.
The report entitled “Building Resilience in the Cloud” finds that, while banks are increasing migration to the cloud and identifying solutions to address regulatory concerns, two solutions that are becoming increasingly proposed by policymakers - portability and multi-cloud strategies – are likely to introduce further barriers to adoption.
The report presents an assessment of five scenarios, covering the failure of a CSP in a particular region through to the loss of an entire CSP globally, to highlight why these solutions may not be appropriate in all instances.
The report finds that the proposed recommendations from policymakers around portability and multi-cloud strategies would present significant challenges to banks from adopting a risk-based approach, limiting the benefits of cloud services and increasing the technical complexity to support multiple CSPs.
James Kemp, Managing Director, AFME, said: “Banks are adopting cloud for a wide range of benefits, including greater business agility, innovation opportunities, and the ability to increase their security and resilience. We have seen through the pandemic that cloud services have been fundamental to enable remote working and provide access to core IT and business services.
“However, emerging policy in the EU and globally is in danger of mandating how banks adopt cloud because of the perceived risks for security, the concentration of providers, and resilience of the sector overall. While the solutions being discussed, such as ensuring portability or the use of multi-cloud strategies, can provide resiliency benefits, they risk introducing significant limitations and complexity which would lead to reduced cloud adoption overall.
“Banks should not be limited in taking a risk-based approach tailored to their cloud usage and technical needs allowing them to deploy multiple complementary solutions for resilience, rather than specific solutions being mandated for all.”
James Fox, Director, Enterprise Cloud at Protiviti, said: “With digital transformation continuing to drive the adoption of cloud within financial services, we have seen that banks in particular are becoming increasingly more confident in using the cloud for sensitive workloads.
Despite increased regulatory attention, we have seen an overwhelming demand from banks for access to new and innovative services powered by the cloud, which increases security and resilience and enables banks to quickly react to unforeseen events, such as COVID-19, due to the flexibility and configurability of the cloud.
By working with banks on this paper, we have seen the range of mechanisms that are actively being used to enhance the security and design of cloud infrastructure that allows incidents to be resolved quickly and efficiently.
Whilst banks are proactively taking a risk-based approach to the adoption of the cloud, there is a need for further clarity on cloud resilience, risk requirements and the opportunities that exist for sharing best practice between banks.“
Recommendations in the paper where policymakers and engagement from CSPs can assist banks with the resilient adoption of cloud services include:
- Ensure regional and global alignment on cloud resilience and risk expectations;
- Enhance information sharing and transparency requirements for CSPs;
- Promote increased comparison amongst CSP service offerings; and
- Encourage cloud cross-border data flows and storage.
– Ends –