Accenture Financial Services Technology AdvisoryCloud...What’s Stopping You?
2
Contents
Financial Services: An Industry Facing Unprecedented Challenges 5
Emerging Industry Trends 6
Barriers to Cloud Adoption: The Top Concerns in FS 8
EU and Global Regulator Landscape 14
Embracing Cloud as the Game-Changer 16
Recommendations 18
In Summary: No Time to Lose 19
3
4
Why financial services organisations’ top concerns about cloud computing no longer apply
5
1 Everyday Bank: Positioned to fulfil all their customers’ daily financial and non-financial life needs, through a customer-centric digital catalogue. See “The Everyday Bank – A New Vision for the Digital Age, Accenture, 2015. Access at: https://www.accenture.com/us-en/insight-everyday-bank-new-vision-digital-age-banking 2 Digital Enabled Capital Markets: Enabling cloud throughout their digital structures, spanning from trading, wealth and asset management, to communication hubs. 3 Connected Insurer”: Creating direct & multichannel relationship with customers, leveraging the IoT and the full cloud stack. 4 “The Everyday bank. The role of cloud computing in the future of banking,” Accenture, December 2015. Access at: https://www.accenture.com/ca-en/insights-cloud-computing-banking 5 “A new era in capital markets. Cloud computing changes the game,” Accenture, 2014. Access at: https://www.accenture.com/t20150523T055756__w__/us-en/_acnmedia/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Technology_2/Accenture-A-New-Era-In-Capital-Markets.pdf 6 “A new era in insurance – Cloud computing changes the game,” Accenture, 2012. Access at: http://insuranceblog.accenture.com/wp-content/uploads/2013/07/Accenture_Cloud_Computing_Changes_the_Game.pdf
Today, financial services (FS) organisations in the UK and Ireland (UKI) are facing unprecedented challenges as they seek to respond to increasing demands from customers and shareholders, and intensifying pressures to drive continued cost efficiencies while meeting ever greater regulatory requirements.
To navigate through these challenges, FS organisations are focusing increasingly on creating and enabling a new ecosystem that unites and integrates customer, digital and product-centric models as a single entity.
By taking this step, banks create an opportunity to become a customer-centric “Everyday Bank,”1 while capital markets firms can transform into a “Digital Enabled Capital Markets”2 model and insurance firms into a “Connected Insurer.”3 In each case, this
transformation brings FS firms’ services to the next level – and positions them to better fulfil their customers’ daily financial and non-financial life needs. These evolved models spring from the fact that banks will be able to operate on a customer-centric model; capital markets organisations will restructure themselves, digitising trading, wealth and asset management and communication hubs; and insurance firms will create direct and multichannel relationship with customers, leveraging the full stack of cloud capabilities.
To create these new models and realise the potential benefits, FS organisations should simplify their IT infrastructures, accelerate time to market and drive innovation – enabling them to generate unmatched business value. Cloud computing presents unrivalled opportunities to deliver against these imperatives, while
simultaneously improving efficiency, agility and scalability, and reducing total cost of ownership (TCO).
When FS organisations began leveraging cloud technologies some years ago, the initial focus was on private cloud solutions, owned and managed in-house. However, in recent years, public and hybrid cloud solutions have increased in popularity,4 because of their ability to leverage a combination of different deployment and service models, with a shift towards Platform as a Service (PaaS) and Business Process as a Service (BPaaS).5 Data analytics services sourced from the cloud are also generating significant and growing business value for FS organisations.6
...is Turning Increasingly to Cloud Computing
Financial Services: An Industry Facing Unprecedented Challenges...
6
FS organisations in banking, insurance and capital markets have all begun the journey towards cloud enablement (see Figure 1). However, the fact that they’re currently following separate digital and cloud agendas, mainly as a result of limited guidelines provided for cloud-based services from regulators7 is creating a risk that they will merely adopt advanced virtualisation projects, instead of creating the desired unified ecosystem. Having noted this issue, the UK
Financial Conduct Authority (FCA) released its guidance8 on cloud computing in November 2015, proposing a set of guidelines on how cloud could be approached by FS firms while ensuring that risks are appropriately identified and managed. Most importantly, the FCA identified existing loopholes and voiced its support for cloud enablement through both private and public cloud services.
Emerging Industry Trends
12.5% NO
87.5% YES
Figure 1: Percentage of FS firms that have used cloud services at least once, before 2015 Source: “Secure Use of Cloud Computing in the Finance Sector,” European Union Agency for Network and Information Security,” December 7, 2015. Access at: https://www.enisa.europa.eu/publications/cloud-in-finance
7
7 “The ING Group Transforms HR in the Cloud with ServiceNow,” ServiceNow, News Release, March 24, 2015. Access at: http://investors.servicenow.com/phoenix.zhtml?c=251291&p=irol-newsArticle&ID=2028127 8 “Who knew a bank could be this connected?” Salesforce. Access at: http://www.salesforce.com/customers/stories/wells-fargo.jsp. 9 “Secure Use of Cloud Computing in the Finance Sector,” European Union Agency for Network and Information Security,” December 7, 2015. Access at: https://www.enisa.europa.eu/publications/cloud-in-finance. “Proposed guidance for firms outsourcing to the ‘cloud’ and other third-party IT services,” Financial Conduct Authority, Guidance consultation 15/6, November 2015. Access at: https://www.fca.org.uk/static/documents/guidance-consultations/gc15-06.pdf 10 “Secure Use of Cloud Computing in the Finance Sector,” European Union Agency for Network and Information Security,” December 7, 2015. Access at: https://www.enisa.europa.eu/publications/cloud-in-finance. 11 “Secure Use of Cloud Computing in the Finance Sector,” European Union Agency for Network and Information Security,” December 7, 2015. Access at: https://www.enisa.europa.eu/publications/cloud-in-finance. “Some Banks are Heading to the Cloud - More are Planning to,” Forbes, June 26, 2014. Access at: http://www.forbes.com/sites/tomgroenfeldt/2014/06/26/some-banks-are-heading-to-the-cloud-more-are-planning-to/#5dc2c9125991.
In retail banking, cloud investment is currently centred on private cloud and Software as a Service (SaaS), but public cloud is gaining ground in back-office functions. For example, ING bank recently deployed a ServiceNow, Inc. self-service HR portal solution using public cloud,7 while interest is rapidly increasing in cloud-based SaaS solutions for CRM, with examples including Wells Fargo & Company’s use of Salesforce.com, inc.’s customer relationship management service in social channels.8
In capital markets, use of SaaS is growing, but is not yet on the same scale as in retail banking. However, capital markets firms are collaborating on an initiative to realise cloud-
enabled unified communication “hubs.” There is also an increasing appetite among FS players to use Business Process Outsourcing (BPO) offerings in the form of BPaaS in areas such as post-trade processing, with significant amounts of capital being invested in cloud enablement.
In insurance, meanwhile, the perceived lower level of regulation is fostering faster and more aggressive cloud enablement. To date, interest has focused on the emerging “Internet of Things” (IoT) and enablers such as telematics, a technology that is being widely
used in personal and commercial vehicle insurance and set to have a major impact on the UK insurance market. These disruptive changes will lead to more personalised insurance coverage, benefiting both insurers and customers.
At the same time, regulators worldwide are increasingly embracing cloud provision9 as a viable option for the companies they supervise. Recent research10 shows that when this happens, cloud adoption by FS firms rises significantly11 – a trend that points to strong pent-up demand for cloud in FS.
8
Figure 2: Future adoption trends of Public and Private solutions in FS Source: “Secure Use of Cloud Computing in the Finance Sector,” European Union Agency for Network and Information Security,” December 7, 2015. Access at: https://www.enisa.europa.eu/publications/cloud-in-finance.
Despite cloud being a major part of today’s digital agenda, several lingering concerns are holding back wide scale adoption within FS. These concerns go beyond the traditional technical and security implications – and are mainly centred on regulatory compliance, creating fear and doubt about a concerted industry-wide move to cloud. This situation is reflected in an expectation of relatively strong continued usage of private cloud solutions going forward (see Figure 2). For FS firms considering cloud enablement, the following concerns come to the fore.
Barriers to Cloud Adoption: The Top Concerns in FS
Business Management
App Development and Testing
Processing and Analytics
Email Management
Financial Services
Mobile Security Elements
11% 10%
25% 29%
14% 15%
19% 7%
17% 4%
13% 17%
Public Private
9
12 “Proposed guidance for firms outsourcing to the ‘cloud’ and other third-party IT services,” Financial Conduct Authority, Guidance consultation 15/6, November 2015. Access at: https://www.fca.org.uk/static/documents/guidance-consultations/gc15-06.pdf. 13 Ibid 14 “Metro Bank uses cloud to go ‘paper free’ and ditches desk phones for Lync,” V3, March 19, 2015. Access at: http://www.v3.co.uk/v3-uk/news/2400417/metro-bank-uses-cloud-to-go-paper-free-and-ditches-desk-phones-for-lync 15 “Setting up a world-class digital analytics function,” Lloyds Banking Group. Access at: http://lloydsbankinggroupdigital.com/setting-up-a-world-class-digital-analytics-function/.
Financial Conduct Authority (FCA) regulator view: “We see no fundamental reason why cloud services (including public cloud services) cannot be implemented, with appropriate consideration, in a manner that complies with our rules.”12
The FCA has recently provided a new level of clarity on cloud adoption, and this is likely to trigger a change in how organisations approach it. The FCA’s guidelines follow suit from a number of other
FS regulators around the world who are providing support and guidance on cloud adoption.13
Concern 1The regulator won’t approve the migration of FS institutions’ operations to the cloud
Key FactMetro Bank PLC – the UK’s first new high-street bank in a century – has outsourced parts of its IT to the cloud, facilitating a pay-as-you-grow model while simultaneously requiring minimal in-house IT staff. It has also invested from the outset in Microsoft® cloud offerings such as Office 365™ and Microsoft Dynamics® CRM.14
In an another example, Lloyds Banking Group has been using the Google Cloud Platform™ service for some time, leveraging the provider’s data analytics solutions as part of its digital transformation.15
10
In fact, there are secure services that can be used to encrypt all information held in the cloud.
The reputation of FS organisations depends critically on their ability to protect data from unwanted access, regardless of geographic location. To meet this need, third-party cloud encryption
services help FS organisations to have additional layers of data encryption for applications that cloud service providers do not control, thus keeping data secure at all times, wherever it is stored.
Cloud encryption services hold the encryption certificates and reside independently
between the end-user and cloud application. Whenever information is sent, it is encrypted in transit and only the associated cipher text is stored in the cloud application. This means the data is secure both at rest and in transit, and cannot be decrypted by the cloud provider (see Figure 3).
Concern 2There is no secure way to store data in the cloud
ObservationOur experience indicates that security and risk functions in FS commonly rely on SaaS and other cloud capabilities for most of their critical operations, such as malware profiling, device fingerprinting, authentication, single sign-on (SSO), fraud analytics, and Distributed Denial of Service (DDoS)protection.
Figure 3: Schematic of cloud encryption services Source: Accenture Crypto aaS Offering Service Description - Third party managed cloud encryption service, 2013.
Security Gateway
Encrypt
Decrypt
Cloud ApplicationAuthorised User
Data classificationData protection
Plain textJane SmithFinance DirectorCompany Inc
To: Executive TeamSubject: Board Meeting
CONFIDENTIAL MEMOFinalized terms of the acquisition.
Transaction Terms
Cipher textPlain text
To: Subject:
Cipher textPlain text
11
16 “Sending personal data outside the European Economic Area (Principle 8),” UK Information Commissioner’s Office. Access at: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-8-international/. 17 “Microsoft to open UK data centres,” BBC, November 10, 2015. Access at: http://www.bbc.com/news/technology-34777373. “Amazon Web Services to open first UK data centre post Safe Harbour ruling,” V3, November 6, 2015. Access at: http://www.v3.co.uk/v3-uk/news/2433779/amazon-web-services-to-open-first-uk-data-centre-post-safe-harbour-ruling.
A number of cloud service providers are delivering services that claim that customer data will remain in the UK/EU, addressing the Information Commissioner’s Office (ICO) requirement for data residency and compliance with the Data Protection Act.16
To deliver services in line with local regulations and compliance requirements, cloud service providers now recognise the need to build datacentres within the customer’s region. For example, Amazon.com, Inc.
and Microsoft Corporation have already set up new services in Ireland and are looking to establish datacentres in the UK.17
Concern 3There is no way of knowing where my company’s data resides
Key FactAll data kept in UK/EU locations meets the ICO requirement for data residency and is compliant with the Data Protection Act.
12
Our experience confirms that cloud service providers understand and appreciate the concerns of FS organisations, and are willing to resolve doubts and provide support for planning, migration, operation and compliance demonstration. An example can be seen in the use of Amazon Web Services, Inc. (AWS) in the Dutch FS industry, after De Nederlandsche Bank N. V. (DNB) whitelisted the vendor for demonstrating active efforts to comply with EU standards.18
Major cloud providers maintain high availability and durability levels that can be extended on demand.19 They also have policies to keep data under the control of their customers and will never be disclosed to governmental and legal authorities, unless absolutely necessary and only after a rigorous legal process.20 In addition, all changes to the cloud provider’s services are typically supported with robust change control procedures,
executed in close collaboration with customers for minimal disruption to the service.
Furthermore, all changes and configurations are version-controlled under service life-cycle management techniques, and kept in a segregated environment. Similarly, extensive auditing features are applied,21 and the major cloud providers have policies providing immediate notification to the customer in the event of data incidents.
Concern 4Users have no clarity or control over the operational, procedural, security and privacy mechanisms of cloud service providers
Key FactCloud providers’ security accreditations and certifications are generally far more extensive than those of FS organisations themselves. The list ranges from industry-acknowledged (ISO 27001, ISO 27017, ISO 27018), to regulatory bodies (payment card industry - PCI, Health Insurance Portability & Accountability Act - HIPAA) to government-certified (National Institute of Standards and Technology - NIST, UK Government, Federal Information Processing Standards - FIPS).22
18 “Secure Use of Cloud Computing in the Finance Sector,” European Union Agency for Network and Information Security,” December 7, 2015. Access at: https://www.enisa.europa.eu/publications/cloud-in-finance. 19 “Service Level Agreement, Microsoft Azure,” Microsoft. Access at: https://azure.microsoft.com/en-gb/support/legal/sla/. “Amazon S3 Service Level Agreement,” Amazon Web Services. Access at: https://aws.amazon.com/s3/sla/. “Google Compute Engine Service Level Agreement (SLA),” Google Cloud Platform. Access at: https://cloud.google.com/compute/sla. “And the cloud provider with the best uptime in 2015 is …,” Network World, January 7, 2016. Access at: http://www.networkworld.com/article/3020235/cloud-computing/and-the-cloud-provider-with-the-best-uptime-in-2015-is.html. 20 “AWS Customer Agreement,” Amazon Web Services. Access at: https://aws.amazon.com/agreement/. “AWS Service Terms,” Amazon Web Services. Access at: https://aws.amazon.com/service-terms/. “Microsoft Azure Agreement,” Microsoft Azure. Access at: https://azure.microsoft.com/en-gb/support/legal/subscription-agreement-nov-2014/ “Google Cloud Platform Terms of Service,” Google Cloud Platform. Access at: https://cloud.google.com/terms/. 21 “Introduction to Auditing the Use of AWS,” Amazon Web Services, October 2015. Access at: https://d0.awsstatic.com/whitepapers/compliance/AWS_Auditing_Security_Checklist.pdf “Microsoft Azure Security and Audit Log Management,” Microsoft, 2014. Access at: http://download.microsoft.com/download/b/6/c/b6c0a98b-d34a-417c-826e-3ea28cdfc9dd/azuresecurityandauditlogmanagement_11132014.pdf “Google Cloud Audit Logging,” Google Cloud Platform. Access at: https://cloud.google.com/logging/docs/audit/. 22 “AWS Cloud Compliance,” Amazon Web Services. Access at: https://aws.amazon.com/compliance/. “Compliance – Industry-verified conformity with global standards,” Microsoft Trust Center. Access at: https://www.microsoft.com/en-us/TrustCenter/Compliance/. “Google Cloud Platform Security,” Google Cloud Platform. Access at: https://cloud.google.com/security/compliance.
13
23 “Secure Use of Cloud Computing in the Finance Sector,” European Union Agency for Network and Information Security,” December 7, 2015. Access at: https://www.enisa.europa.eu/publications/cloud-in-finance.
The keys to effective adoption are simple: a clearly defined strategy, roadmap, and migration plan.
Despite the benefits tied to cloud computing, many barriers still stand in the way of large-scale adoption. These include the integration of different vendor application programming interfaces (APIs) into the core enterprise, proprietary PaaS technologies, and – perhaps most challenging – the existing monolithic legacy applications, which were not designed to run in a cloud environment or to take advantage of auto-scaling features and schema-less databases.
A sound cloud migration plan should be followed to allow a holistic transformation to be executed in a systemised and organised way, following a standardised framework. A rigorous process of planning, analysing, designing, building, testing and deploying to the cloud will transform all four workstreams of a digital business – Datacentre, Operations, Network and Workplace – by applying a set of well-defined methods:
solution planning, programme and project management, change enablement, service introduction, and service delivery. Together, these methods aim to produce a cloud-enabled target state to deliver operational efficiencies, improve employee and workplace performance, and meet dynamic business demands.
Concern 5Migrating to cloud is too complicated
Key FactA recent survey shows that 50 percent of the FS firms that have been using or are keen to use the cloud do not have an explicit cloud strategy, often making decisions for cloud use on a “shadow IT” model, essentially undermining the harmonisation of their own application stack, after taking the step towards a cloud migration.23
14
UNITED STATESThe large number of intrastate regulators has led to blurriness in regard to cloud enablement. In general, US citizens do not have any constitutional rights over their data, once handed out to a third party. Although few regulators have tried to provide some insight, they have failed to set a coherent guidance, with NIST being the only body trying to associate cloud with regulations
IRELANDData protection legislation in Ireland is one of the most advanced in Europe, at the same time being highly protective of corporate data, justifying the high adoption rates in FS.
EU and Global Regulator Landscape
As most FS organisations are operating in the wider EU or global financial landscape, it is imperative that they address all the requirements that are imposed by the respective regulators throughout the world (see Figure 4) and in the regions where FS organisations operate.
In the past, limited formal guidelines for cloud-based services in the EU – along with immature evaluation processes – have caused delays or even blocked the adoption of cloud in FS in some countries.24 Notably, the European Union Agency for Network and
Information Security survey indicates that 50 percent of FS firms with low cloud adoption cite regulatory restrictions as the main barrier to full-scale adoption.25 Conversely, some regulators have expressed
24 Ibid 25 Ibid 26 “Outsourcing Involving Shared Computing Services (Including Cloud),” Australian Prudential Regulation Authority, Information Paper, July 6, 2015. Access at: http://www.apra.gov.au/AboutAPRA/Documents/Information-Paper-Outsourcing-Involving-Shared-Computing-Services.pdf. “Cloud Computing and EU Financial Services, Cross-Border Ecommerce Community, October 6, 2013. Access at: http://www.crossborder-ecommerce.com/cloud-computing-and-eu-financial-services/. “Germany Data Privacy Laws – Cloud Governance: Data Residency/Sovereignty. Blue Coat. https://www.bluecoat.com/resources/cloud-governance-data-residency-sovereignty/germany-data-privacy-laws “Asia’s Financial Services: Ready for the Cloud, A Report on FSI Regulations Impacting Cloud in Asia Pacific Markets,” Asia Cloud Computing Association, 2015. Access at: “http://www.asiacloudcomputing.org/images/research/ACCA_Report_-_Web.pdf.“ “2016 Top Markets Report – Cloud Computing,” International Trade Administration, April 2016. Access here:
Figure 4: High level overview of regional regulators26
15
APACAsian regulators suffer from inconsistencies, stalling cloud adoption at the moment. In contrast to the rest of the region, Japan is the only country that has a suite of modern regulations that can support cloud enablement, making it the top cloud adopter globally.
AUSTRALIAIn July 2015, APRA released a guidance paper, identifying considerations and potential threats, when outsourcing FS operations to the cloud. Not surprisingly, adoption rates are some of the highest, globally.
NETHERLANDSRegulation is heavy, with risk assessment and agreements on the right to examine the outsourced services being imposed. Surprisingly, DNB has recently whitelisted AWS, opening the way for cloud adoption in FS.
GERMANYGermany has one of the strictest data privacy frameworks in the EU, when it comes to giving options to customers to choose where and how data can be processed and transferred. In addition, similarly to the rest of the EU, data moving outside of the European Economic Area is prohibited.
their openness towards cloud adoption. These include the DNB, by whitelisting Amazon AWS as noted previously;27 the Swiss Financial Market Supervisory Authority (FINMA);28 and
the Australian Prudential Regulation Authority (APRA), by expressing support for use of cloud in FS.29
Regulatory support accelerates cloud adoption
– and helps FS firms to reap the potential benefit from cloud such as lower TCO, while also improving scalability and driving greater agility and innovation. Figure 4 summarises the attitudes of regulators to cloud in different regions around the world.
http://trade.gov/topmarkets/pdf/Cloud_Computing_Top_Markets_Report.pdf. “Data Protection “in the Cloud” – What is “the Cloud”?,” Data Protection Commissioner. Access at: https://www.dataprotection.ie/docs/03-07-12-Cloud-Computing/1221.htm. “USA Patriot Act Effect on Cloud Computing Services,” IT Law Group. Access at: http://www.itlawgroup.com/resources/articles/113-usa-patriot-act-effect-on-cloud-computing-services. 27 “Secure Use of Cloud Computing in the Finance Sector,” European Union Agency for Network and Information Security,” December 7, 2015. Access at: https://www.enisa.europa.eu/publications/cloud-in-finance. 28 Ibid 29 “APRA releases information paper on outsourcing involving shared computing services, including cloud,” Australian Prudential Regulation Authority, Media Release, July 6, 2015. Access at: http://www.apra.gov.au/mediareleases/pages/15_17.aspx.
16
30 “Financial Services (Banking Reform) Act 2013,” United Kingdom Legislation. Access at: http://www.legislation.gov.uk/ukpga/2013/33/contents/enacted 31 “The Financial Services and Markets Act 2000 (Ring-fenced Bodies and Core Activities) Order 2014,” United Kingdom Legislation, 2014 No. 1960, Banks and Banking, July 23, 2014. Access at: http://www.legislation.gov.uk/uksi/2014/1960/pdfs/uksi_20141960_en.pdf. 32 “Banking Reform: The people, organisational, and cultural impacts of moving to a ring-fenced bank,” Accenture, 2015, Access at: https://www.accenture.com/t00010101T000000__w__/gb-en/_acnmedia/PDF-2/Accenture-Banking-Reform-Ring-Fenced-Bank.pdf
Embracing Cloud as the Game-Changer
Cloud has the ability to become a game-changer in FS – with several fast-emerging technologies (see Figure 5) making cloud a key component of FS organisations’ digital DNA.
The Payments Services Directive (PSD2) is expected to further enhance the cloud opportunity by changing the landscape of payments and account accessibility for FS organisations and customers. Under it, FS organisations will be expected to allow third parties to have access to payment account information. Cloud can play a pivotal role in the implementation of these regulations, and in reducing the implementation efforts and friction points through offerings such as API gateways, identity and access management as a service, and cyber security as a service.
In 2013 the UK Government introduced legislation for ring-fencing,30 and secondary legislation was passed in 2014 requiring all banks with £25m in assets or greater to separate their organisations.31 In support of this legislation, a number of consultations have been held with key UK financial
institutions, with the aim of clarifying two key issues:
• The ‘perimeter’ of the ring-fence – i.e. what parts of the organisation will need to sit within the ring-fenced bank (RFB); and
• The ‘height’ of the ring-fence – i.e. what level of organisational separation is required between the ring-fenced bank and the non-ring-fenced bank (NRFB).
While these concepts have been interpreted differently by each of the UK banks impacted by the reforms, they have all identified a need to make some changes to their organisations to comply with the legislation as required by 2019. Each bank is working independently to help find the right approach to comply with the legislation. This requires them to consider a number of factors, including (but not limited to):32
• Impact on capital, liquidity and asset/liability matching within the RFB and NRFB
• Client considerations, including customer preference and product split between entities
• Operational complexities such as existing legal entity and banking licence structure
• Technology considerations and appetite to implement large organisational change.
Cloud can be instrumental in banks’ implementation of this transformational regulation, by helping them to ring-fence their core functions into distinct entities while avoiding unnecessary dislocation. One key challenge with serving two banks will be the potential for unnecessary and unintentional divergence of HR strategy, processes and policies. This has the potential to generate greater cost and operational risk, especially within shared services organisations. Increasing use of software-as-a-service and HR systems in the cloud (e.g. Oracle© Human Capital Management (HCM) Cloud, SAP SuccessFactors®, and Workday Inc.’s Integration Cloud platform) will help to limit the degree of process divergence, since as-a-service models directly allow for a blend of segregation with synergies.
17
Cloud also brings other game-changing benefits. For example, a cloud provider has the potential to dynamically reallocate resources for filtering, traffic shaping, encryption and so on, in order to increase support for defensive measures against events such as a DDoS attack when it is either likely or taking place.
When this ability for dynamic resource reallocation is combined with appropriate resource optimisation methods, the cloud provider may be
able to limit the effect that some attacks have on the availability of resources used by legitimately hosted services. It can also limit the effect of the increased use of resources by the security defence to combat such attacks.
The ability to dynamically scale defensive resources on-demand brings obvious advantages in terms of higher resilience. Furthermore, the greater the degree to which all kinds of individual resources can be scaled in a granular way, without scaling all of the
system resources, the cheaper it is to respond to sudden (non-malicious) peaks in demand.
These capabilities mean cloud-based Resiliency Services can help FS firms maintain the resiliency of critical IT systems in the event of both malicious and non-malicious threats. Cloud-based Resiliency Services includes implementations for cloud Backup-as-a-Service (BaaS), High Availability, managed security services, and Disaster Recovery-as-a-Service (DRaaS).
Figure 5: Cloud’s game-changing technologies Source: Accenture, June 2016
Cloud Emerging Technologies
MicroServices
more focused, independently
deployed services
PSD2is expected to
change the payments
landscape and cloud can be the
means for identity and authentication
management solutions
ContainerisedServices
to assist cloud architecture
Ring-Fenced Banking
will force banks to decouple their
core components from their retail
and Capital Markets parts
DevOpsfor continuous integration and minimal release
times
Blockchainto identify and authenticate
digital transactions
Cloud-Enabledarchitectures
for digital modernisation
18
...and future-proof IT by establishing a hybrid cloud environment
Recommendations
With cloud as an integral part of their digital DNA, banks can adopt the “Everyday Bank” model by transforming customer service and creating an ecosystem of partners and merchants through cloud enablement; capital markets firms can gain greater flexibility and agility across their operations; and insurance companies can look beyond cost reduction to realise the full transformative potential of cloud.
To deliver on these goals, FS companies should push back the boundaries and overcome
their own resistance to change. Now is the time to make bold decisions. This means establishing cloud as the first option for sourcing IT and business capabilities – using the cloud to scale up rapidly without enormous capital investments, and only using other provisioning models if there are strong reasons for not using cloud.
While private cloud solutions are still largely the norm in FS, creating a well-orchestrated hybrid cloud environment should bring firms unmatched
flexibility and the greatest value and speed to market. A Cloud Management Platform (CMP) plays a crucial role in an effective hybrid cloud deployment, by reducing operational risks, enforcing policies, and providing a service abstraction level and visibility over cloud costs. While FS companies have generally built their own CMP to date, the complexities associated with ‘build yourself’ mean firms are now increasingly leveraging pre-built market offerings from cloud service providers.
Changing world Towergate Insurance Limited, a leading insurance intermediary, recently embraced cloud to transform its IT infrastructure across its entire business. This initiative will move all of Towergate’s technology platforms to the cloud, making it one of first financial services firms to go 100 per cent into the cloud. The scope includes implementing a new Skype™-based telephony system, rolling out Office 365™, standing up a new Service Desk with ServiceNow, Inc., and transforming its network.
Follow a ‘Cloud First’ approach…
19
In Summary: No Time to Lose
Cloud adoption by FS firms has been rising in recent years. Yet companies still harbour concerns with regard to the regulatory landscape and security that are restricting wide-scale adoption of cloud solutions in FS.
Although these concerns are understandable, today’s reality is quite different. A number of regulators, including the FCA, have shown their openness toward cloud enablement. At the same time, many cloud providers have also demonstrated their willingness to adhere to regulations and increase their transparency. Together, these developments have resulted in major cloud players being whitelisted by regulatory bodies, ultimately leading to a global trend of FS firms moving towards accelerated and more aggressive cloud adoption.
It’s important to note that the move to the cloud can be complex if not thought out correctly. However, migration complexities and security and procedural uncertainties around cloud can be mitigated through concrete strategies, cultural change, and robust planning, as part of the FS firm’s efforts to compete with the emerging challenges from FinTech players. These changes are imperative irrespective of cloud, since remaining in the old, traditional, inflexible IT models makes FS firms vulnerable to innovative competitors.
Cloud allows banks to enjoy a wide array of benefits, by bringing them the ability to deploy computing resources based on actual demands, while also reducing costs and simplifying the consumption
of IT infrastructures and technology. In addition to accelerating time to market and innovation, cloud adoption can also foster open standards, both within and between banks and their partners, offering true interoperability.
At root, cloud has all the characteristics and disruptive force required to drive unity and integration of FS firms’ customer, digital and product-centric approach into a single entity. In doing this, it helps them move away from traditional approaches, improve their customer experience, and ultimately establish their presence and positioning in the wider, expanding and evolving digital ecosystem of FS.
Copyright © 2016 Accenture All rights reserved.
Accenture, its logo, and High Performance Delivered are trademarks of Accenture.
About Accenture
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions - underpinned by the world’s largest delivery network - Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 375,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
Disclaimer This document is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this document and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.
Rights to trademarks referenced herein, other than Accenture trademarks, belong to their respective owners. We disclaim proprietary interest in the marks and names of others.
For more information, please contact:
Yousaf Mir Managing Director Accenture Financial Services Technology Advisory United Kingdom and Ireland [email protected]
Gagan Bhatia Manager Accenture Financial Services Technology Advisory United Kingdom and Ireland [email protected]
