Cloud computing is an integral part of any forward-looking digital transformation strategy for financial institutions. This article explores key attributes of multicloud adoption undertaken by many financial institutions and features commentary from Commerzbank, Wells Fargo, and McKinsey.
The multi-cloud strategy is now increasingly favored by banks, allowing them to source their cloud computing and storage services from a number of cloud service providers (CSPs), thereby spreading their reliance on the cloud across multiple suppliers. This is often seen as an essential risk mitigation decision.
However, to successfully evolve to the cloud, banks need to assess and manage the challenges inherent in migrating to the cloud to minimize any negative impact that may arise.
Benefits of a parallel multicloud strategy
Carsten Bittner, CTO and head of the group’s technological foundations for Commerzbank AG, specifies that the German bank relies above all on a multicloud approach, via its strategic partnerships with Google and Microsoft. “It is crucial for us to remain independent of a specific supplier because we benefit from the respective advantages and know-how. Working with different partners also gives us more flexibility in case of an exit scenario.
“For Commerzbank, we believe that the multi-cloud approach is key to building a cloud transformation organization and to innovating new solutions for our customers.”
Similarly, Christopher Marsh-Bourdon, head of hybrid environments, technology infrastructure at Wells Fargo, explains that the bank has chosen a multicloud approach to reduce the dangers of concentration risk and data monopolies. “This has been a central concern of regulators around the world over the past few years, and it is at the forefront of what we are driving as part of our strategy.”
Vijay D’Silva, adviser to McKinsey’s Global Banking & Securities Practice and former senior partner, also says that financial institutions are targeting a multicloud strategy to leverage the different capabilities of cloud service providers and minimize foreclosure and business risks.
D’Silva also underscores the point of increased regulatory attention, explaining that watchdogs such as the Bank of England have also publicly expressed concerns that more oversight is needed to ensure resilience and stability. financial situation in the face of excessive dependence on a few suppliers. “Many large financial institutions see some level of multicloud strategy as inevitable.
While it is clear that the spread of cloud dependency across multiple CSPs is frequently cited by institutions seeking to avoid concentration risk, it also ensures a level of flexibility to adapt or withdraw should circumstances change. change. Reducing worries about data monopolies will also ease the minds of regulators in the long run, as their focus shifts to building operational resilience in financial services.
The challenges of transitioning to a multicloud strategy
Cloud transformation involves a combination of strategy and management, adoption of a business domain and core capabilities, D’Silva says.
In order to take full advantage of the cloud, financial institutions are forced to modify a large number of applications, which requires significant investments. D’Silva explains that this cost is further magnified compared to the high operating costs of on-premises systems (already amortized). He continues that establishing a multicloud strategy also requires reassessing the operating model and acquiring and training new engineering talent. “Moving to a multi-cloud strategy will in turn require financial institutions to develop talent capable of operating in multiple CSP environments.”
Bittner cites organizing the migration of decentralized applications to the cloud and training staff to manage cloud-based applications as key challenges financial institutions face in this transition. “Another major objection is to achieve a mindset shift regarding cloud technology within the organization, but also among external stakeholders.”
Marsh-Bourdon adds that for each individual CSP a financial institution works with, they need to learn their unique services and approaches. It’s not all bad news though, because while the service names may differ, there are a lot of commonalities in this space and they share many characteristics.
Compounding these challenges is the fact that not all financial institutions are equally prepared to launch multicloud strategies. For financial institutions to operate effectively in a multicloud environment, the level of engineering skills and resources required is significantly higher. D’Silva says digitally mature institutions that already have efficient cloud operating models will be better positioned to make the transition to multicloud.
While noting that only financial institutions themselves can really answer this question, Marsh-Bourdon says Wells Fargo believes that selecting a single cloud service provider raises too many questions from a concentration risk perspective, “and this limits your ability to take advantage of services that may be specific to a given CSP.
Cost will always accompany a change in operations, and finding and nurturing new talent will remain a challenge as long as innovation continues. Maintaining a culture that promotes an innovation-driven mindset will therefore remain essential as institutions evolve and capitalize on the opportunities offered by the cloud. Despite the challenges, with a culture of innovation that leverages commonalities across CSP offerings, there’s no reason the challenges of multicloud adoption should overshadow the significant benefits it presents.
Data security and data loss reduction as pillars of the multicloud strategy
The cloud and data go hand in hand. Financial institutions depend on the computing power of the cloud to leverage the value of data, but in doing so they must be confident that the data will remain secure and protected.
Cybersecurity, D’Silva says, is one of the biggest risks facing financial companies today, and it’s getting increased attention on corporate boards. “Five years ago, executives at McKinsey Research identified cybersecurity as a barrier to cloud adoption. Today, many recognize that the resources cloud service providers dedicated to cybersecurity dwarf their own capabilities. One of the benefits of moving to the public cloud is that leading CSPs have built-in tools and mechanisms to minimize cyber risk.
Despite this, he adds, nearly all breaches to date have resulted from misconfiguration. In this sense, the emergence of security as code (defining cybersecurity policies and standards programmatically) can help increase resilience.
Conversely, Marsh-Bourdon highlights the positive impact that strong data management can have, noting that public cloud object storage services “have been a boon to data retention and resiliency these Not only do they minimize the potential for data loss, but they also do so at a much more comprehensive rate than traditional storage, especially for data that is rarely accessed.
According to Bittner, it goes without saying that data protection is a top priority within Commerzbank given that compliance with the General Data Protection Regulation (GDPR) is an absolute necessity. “Our cloud strategy does not change this logic.”
Will it ever be possible to completely avoid downtime?
We understand all too well the frustrations that come with an outage. While an interruption in access to social media or entertainment can be inconvenient, when financial institutions’ online presence suffers an outage, their customers may find themselves unable to make payments. Not only is this terrible for reputation (and business), but it can put customers at risk.
D’Silva observes that “as long as we have a dynamic environment, in which manual errors or external shocks are possible, downtime, no matter how remote or diminishing in likelihood, is a reality that institutions must plan”. Managing this risk is therefore essential.
The potential for zero downtime is available to us now, says Marsh-Bourdon, however, applications must be designed for zero downtime. “It’s not just about the business logic itself, but also how an application is built and deployed. Using patterns like blue/green deployments not only allows for zero (or minimal) downtime, but also provides a resilient model for rollbacks, should a release not go as planned.
Bittner adds that data centers and cloud services offer the advantage of 24/7 availability and high availability – 99.9% of the time. Additionally, he notes that there is no need for a downtime window for maintenance work and that updates are done seamlessly and on an ongoing basis.
While achieving zero downtime (or as close to it as possible) should remain a core goal for financial institutions looking to perfect their cloud delivery, managing risk and smoothing out deployments goes a long way in developing a resilient strategy robust enough to deal with the unexpected. events and the integration of new technologies.