[LINK] Banks now rely on a few cloud computing giants. That's creating some unexpected new risks

Kim Holburn kim at holburn.net
Sun Jul 18 13:37:25 AEST 2021 

https://www.zdnet.com/article/banks-now-rely-on-a-few-cloud-computing-giants-thats-creating-some-unexpected-new-risks/

> Banks' growing reliance on cloud computing 
> <https://www.zdnet.com/article/what-is-cloud-computing-everything-you-need-to-know-about-the-cloud/> could pose a risk to 
> financial stability and will require stricter oversight, according to top executives from the UK's central bank.
>
> In a report focusing on financial stability in the UK over the past few months, the Bank of England drew attention to the 
> increasing adoption of public cloud services, and voiced concerns about those services being provided by only a handful of huge 
> companies that dominate the market.
>
> Outsourcing key banking data and services to a small number of cloud service providers (CSPs), said the Bank of England, means 
> that those providers have the power to dictate their own terms, potentially to the expense of the stability of the financial system.
>
>
>       Cloud
>
>   * The top cloud providers
>     <https://www.zdnet.com/article/the-top-cloud-providers-of-2021-aws-microsoft-azure-google-cloud-hybrid-saas/>
>   * What is cloud computing? Everything you need to know
>     <https://www.zdnet.com/article/what-is-cloud-computing-everything-you-need-to-know-about-the-cloud/>
>   * The best cloud storage services <https://www.zdnet.com/article/best-cloud-storage/>
>   * OneDrive tips and tricks: How to master Microsoft's free cloud storage
>     <https://www.zdnet.com/article/onedrive-tips-and-tricks-how-to-master-microsofts-free-cloud-storage/>
>
> For example, cloud providers might fail to open up the inner workings of their systems to third-party scrutiny, meaning that it is 
> impossible for customers to know if they are ensuring the level of resilience that is necessary to carry out banking operations.
>
> "As regulators and people concerned with financial stability, as (CSPs) become more integral to the system, we have to get more 
> assurance that they are meeting the level of resilience that we need," Andrew Bailey, the Bank of England governor, told reporters 
> in a press conference.
>
> In the past years, financial institutions have accelerated their plans to scale up their reliance on CSPs. From file sharing and 
> collaboration to fraud detection, through business management and communications: banks have used cloud outsourcing both to run 
> software and access additional processing capacity, and to support IT infrastructure.
>
> Until recently, cloud services were used mostly to run applications at the periphery of banking operations, such as HR systems 
> with no direct impact on financial services. According to the Bank of England, however, this is now changing, with CSPs being 
> called in to process operations that are more integral to the core running of banks.
>
> "We've crossed a further threshold in terms of what sort of systems and what volumes of systems and data are being outsourced to 
> the cloud," said Sam Woods, the chief executive officer of the Prudential Regulation Authority (PRA). "As you'd expect, we track 
> that quite closely."
>
> Last year, the Bank of England opened bidding for a cloud build partner 
> <https://www.digitalmarketplace.service.gov.uk/digital-outcomes-and-specialists/opportunities/11682>, with the goal of creating a 
> fit-for-purpose cloud environment that could better support operations in a digital-first environment. At the time, the 
> institution said that it had already been in talks with Microsoft's Azure, Google Cloud and Amazon's AWS, and that it would likely 
> be targeting Azure in a first instance. The possibility of adopting a multi-cloud strategy was also raised.
>
> There are many benefits to moving financial services to the public cloud. For example, while using old-fashioned, on-premises data 
> centers incurs extra expenses, a recent analysis by the Bank of England estimated that adopting the ready-made services offered by 
> hyperscalers could reduce technology infrastructure costs by up to 50% <https://www.bankofengland.co.uk/research/future-finance>.
>
> Another advantage of public cloud services is that they are more resilient. The sheer scale of CSPs enables them to implement 
> infrastructure that integrates multiple levels of redundancy, and as such, is less vulnerable to failures.
>
> Moving to the cloud, therefore, is not intrinsically detrimental to banking services – quite the contrary. But the main sticking 
> point, according to the regulators, lies in the concentration of major players that dominate the cloud market. According to tech 
> analysis firm Gartner's latest numbers, the top five cloud providers currently account for 80% of the market 
> <https://www.gartner.com/en/newsroom/press-releases/2021-06-28-gartner-says-worldwide-iaas-public-cloud-services-market-grew-40-7-percent-in-2020>, 
> with Amazon holding a 41% share and Azure representing nearly 20% of the market.
>
> "As of course a market becomes more concentrated around one supplier or a small number of suppliers, those suppliers can exercise 
> market power around of course the cost but also the terms," said Bailey.
>
> "That is where we do have a concern and do have to look carefully because that concentrated power on terms can manifest itself in 
> the form of secrecy, opacity, not providing customers with the information they need in order to be able to monitor the risk in 
> the service. And we have seen some of that going on."
>
> As Bailey stressed, part of the reason for CSPs to remain secretive comes down to better protecting customers, by not opening up 
> key information to potential hackers. But the regulator said that a careful balance has to be maintained on transparency, to 
> enable an appropriate understanding of the risks and resilience of the system without compromising cybersecurity.
>
> Leighton James, the CTO of UKCloud, which provides multi-cloud solutions to public sector organizations across the country, 
> explains that these issues are not unprecedented, and it is unsurprising to see them trickle down to the financial services.
>
> "We're anxious about cloud providers becoming so big that the terms and conditions are pretty much 'take it or leave it'. We're 
> definitely seen that happening already in the public sector, and we can definitely see it happening in the financial services 
> sector if we are not careful," James tells ZDNet.
>
> According to James, part of the risk stems from traditional banks attempting to compete against new disruptive players in the 
> sector. Financial institutions are now rushing to overhaul their legacy infrastructure and catch up with the digital-native 
> customer experiences that were born in the cloud and are now widely available thanks to fintech companies.
>
> "It's clearly imperative for the financial sector to modernize and adopt digital technologies," says James. "The question becomes 
> how best they can do that by balancing the risk of digital transformation."
>
> And in this scenario, the risks of placing all of banks' eggs in a handful of CSP's baskets is too high, argues James.
>
> The Bank of England has similarly urged financial institutions to exert caution when developing their digital transformation 
> strategies, and is currently in talks with various regulators to discuss how to best tackle those risks.
>
> With cloud concerns widely shared by other nations, especially in the EU 
> <https://www.zdnet.com/article/meet-gaia-x-this-is-europes-bid-to-get-cloud-independence-from-us-and-china-giants/>, those 
> discussions are likely to become international, and the UK's central bank predicts that global standards will be created to 
> develop a consistent approach to the issue.
>

-- 
Kim Holburn
IT Network & Security Consultant
+61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list