Robert Palatnick, Managing Director and Chief Technology Architect, DTCC
At one time, it would have been bold to assert that widespread adoption of cloud technology across financial services would become reality. However, this conclusion is increasingly inescapable as the capabilities, resiliency and security of services provided by cloud vendors begin to surpass those of most on-premises data centers.
Some may still argue that on premise solutions are the ideal approach to handling the critically important data held by the financial services industry. But we believe cloud computing has proven to be a transformational technology that can enable firms to scale up or down as needed, enhance service resiliency and take advantage of robust cybersecurity capabilities, all this while lowering internal infrastructure costs to defend ever-narrower margins.
While many financial services firms invested heavily in robust, state-of-the-art in-house solutions in the past, cloud presents an opportunity to rethink the approach to financial services infrastructure. Many newer disruptive technologies such as cloud offer capabilities and cost improvements that surpass those of legacy applications. After all, many in-house solutions were designed to meet specific needs in markets that operated very differently than they do today, when scale, speed, ever-growing cyber threats and increasing regulatory requirements are placing increasing operational demands on infrastructures.
We believe that cloud technology is uniquely positioned to address these challenges, offering security, resiliency, recoverability, multi-tenancy, scalability and high availability. These benefits are supported by granular access management, the ability to scale capacity up and down based on demand and support for application program interfaces to enable rapid functional adjustment. Other forms of support are built-in security features such as data encryption while in transit and at rest and encryption key management at the client firm.
We see a strong argument that cloud capabilities, far from being an "unproven" or nascent technology, represent an IT service proposition that is so robust and sophisticated that not even the largest multinational companies could cost-efficiently develop and maintain comparable in-house infrastructures.
The cost and complexity of building, maintaining and constantly upgrading IT infrastructure as regulations and business needs evolve is daunting when compared to leveraging a cloud service provider. Similarly, the size of data centers operated by many cloud service providers means that cloud-based IT resources can scale almost infinitely, eliminating the need to maintain costly infrastructure during off-peak processing times.
This is not to suggest that the migration to cloud services is a simple move. In fact, the "lift and shift" process of moving applications to the cloud may initially inject a higher level of complexity and a degree of process duplication, potentially leading to excess costs in the near term.
As a result, to be most effective, detailed cloud migration strategies should consider the business case for shifting each individual business function to the cloud in order to ensure that the proposed benefits are achievable. For those applications that are ultimately migrated, we see a strong case for complete re-architecting to make them cloud native.
Cybersecurity is undoubtedly a key consideration when firms consider whether or how to proceed with new technologies. In fact, according to DTCC's Systemic Risk Barometer, market participants continually rank cyberattack as the No. 1 threat to the markets. Against this backdrop, it was not surprising that security was once a concern that slowed the adoption of cloud computing.
However, cloud technology has now outpaced most, if not all, individual firms when it comes to cybersecurity. There are several reasons for this.
First, individual financial firms generally focus on needs-based cybersecurity defenses that are highly customized and potentially lack the flexibility to address emerging threats. Cloud vendors, on the other hand, deploy real-time proactive monitoring and mitigation capabilities in their core foundation.
Second, to address emerging threats, cloud service providers generally employ hundreds, if not thousands, of cybersecurity specialists who dedicate 100 percent of their resources to analyzing and addressing any possible threat rather than a specific set of anticipated challenges.
Matching this level of resources and flexibility is complex and costly. Plus, the ability of cloud service providers to shift client operations between multiple data centers around the globe makes it more difficult for a malevolent party to identify and attack a given company's specific services. Cloud technology can provide both cost savings and IT resilience in the face of a growing cybersecurity storm, and also new opportunities to simplify, upgrade and strengthen the technology underpinnings of business services.
DTCC identified cloud as a potentially disruptive technology half a decade ago and we look forward to continuing our work with the industry to adopt cloud as a rapidly maturing technology that is well past proof of concept and arguably under-recognized for its transformative potential across the industry.
This article first appeared in The Business Times on August 30, 2017.