How do cloud solutions help reduce operation costs of investment banks?
Reducing cost is not the primary reason to moving to cloud. It is largely to do with business agility. If there is business agility then naturally there will be cost reduction. But if cost reduction becomes the chief goal, then both cost reduction and business agility may not necessarily be achieved. The most important thing is if you look at companies born in the cloud…they have no legacy. They are just created as companies with technology. Cloud can absolutely lower cost, but the root of that is it improve agility and cost reduction will naturally follow.
Are investment banks cautious about migrating to cloud?
We did this piece of research and it seems there is huge interest for them moving to the cloud in a big industry. There are big investment banks which keep things internal and quiet. But we are also working on early stages with a few financial institutions making huge investments on cloud. It is just not public yet. I think there are already big financial institutions moving hundreds of applications on cloud. For example: HSBC, Google and AWS have migrated to public cloud.
GFT study says investments banks will use public cloud by over 50% in the next five years. Your views?
Absolutely, I think that is the case. The problem is the statistics: when they say 50% of banks may use cloud—the usage can mean in very small or large amount. Again, if you look at Barclays they announced a couple of months ago that they have moved everything to Amazon public cloud. Barclays in five years can have a high portion of their on-premises moved to cloud. I think banks will start seeing huge productivity gains in terms of application, rationalisation, application simplification and business agility. And that will force others to slowly speed up their agility. This is very similar to what happened in the 1990s, when PCs came in. A good term that people use is democratisation of IT, which means what cloud enables you to do: A startup company can have the same infrastructure as Goldman Sachs, JP Morgan, or Barclays. The idea is to Morgan, or Barclays. The idea is to democratise who can access this kind of very high-end technology.
Apart from business agility, what are the other drivers that push cloud adoption?
There is a whole bunch of things. There is the ability to be elastic and that is a very big driver at the moment—elasticity of cloud. What that means is you can vamp up computing power storage when you need it; and more importantly you can vamp it back down again. For example: If you own a datacenter, you can only expand to the size of the physical datacenter and if you no longer need it, you can knock it down and make it smaller. This way, you end up with a fixed cost. However, with cloud, investment bankers will not have to spend all those servers on a weekend. This ability to scale up or scale back down is hugely advantageous. So elasticity is a big thing.
What are the key areas in investment banking that necessitate cloud-based models?
Certainly, from the GFT side we see a lot of interest in high performance computing and grid computing moving to the cloud. That is a very natural fit. So, we are working with one big investment bank where the risk grid has moved from proprietary platform to using Kubernetes, which is an open-source microservice architecture that Google, Amazon and Microsoft promotes. And that grid is on Kubernetes on-premise but can burst to public cloud as well. That’s a huge benefit for banks as well. Migrating to Kubernetes from grid and bursting to cloud with so much elasticity is hugely cost saving.
In terms of risk management, how will cloud extend its capabilities?
The scale you can achieve on cloud opens up new possibilities. One such bank that was running a risk management on-premise took 6 hours, but once it was moved to public cloud took 6 minutes. What has the risk of running overnight can be run multiple times during the day. Businesses have seen that kind of benefit immediately over multiple scenarios. With cloud there are so many possibilities that was once lacking.
Do you identify more operational models with cloud, or is it a transient process?
Initially, people think it’s going to be a slow process, but then it ends up being a hockey stick. Suddenly, once things start getting momentum, a whole new level of ideas are possible on cloud. We have seen simple migration projects turn into something big where businesses say that was much easier than they thought. In the startup community, it would be very expensive for them but now it has become cost-effective. They can have 50,000 accounts per month on their platforms, manage risks in addition to the whole process.
Banks are said to have a limited understanding of cloud. What are the common challenges they face?
I think investment banks always hire people. They pay very good salaries but there are couple of issues the banks encounter. First, the kind of nature of work has changed. The younger generation in particular want to work in a dynamic environment. The challenge with investment banking is they are being so regulated. The pace of change is slow. On the contrary, twenty years ago, the pace of change was extremely high. It was a great place to work. Now, there are opportunities for engineers to work in other companies including Facebook, Google, Netflix, or Amazon. They all pay great salaries and provide with good opportunities. The second issue is all companies want to hire people with good experience. There are not too many people with experience of having done this kind of work before. Their track record of success in positively migrating to cloud is the issue. It is complex to find talent with experience, particularly in financial services because it is such a regulated environment unlike other industries. For example: it is not practical to hire a person from a supermarket and place them in banking, and expect them to migrate applications to cloud. This is mainly because the job requires a different level of complexity and regulation.
What are the chief regulations banks must have for the sake of cloud adoption?
Public cloud has the ability to have an even more secure environment. Particularly, the analogy being onpremise… investment banks can’t have security like a castle with high walls to prevent others from getting in. But once an entry is made it is easier to travel around. This is the case with cyber attacks on financial institutions where hackers manage to get in as in the case of a castle.
On cloud, security is built differently. The security wall is provided by the cloud provider but one can start securing the application architecture at a very low level. Or even down to a microservice level. So there is a much more layered approach for security. For example: a client we work with is into credit card payment. There has been plenty on the news about stolen credit cards and databases such as email addresses. In such case, we created three separate databases: One database had the credit card information but didn’t have the name on it. That was encrypted using one set of keys. Then we had the database with the name and couple of more details that were encrypted with a different key. The third was similarly encrypted with a different key and had more personal information. In order to get usable data in cyber attack, hackers should have taken three databases with three different encryption keys. On top of that we changed the encryption keys every few hours.
So, even if the hackers managed to get into the databases and identify the keys, they will only have data worth a few hours before the next encryption. Cloud gives its users so many opportunities to secure the platform. This can be achieved onpremise but it’s difficult. Therefore, when companies try to implement the castle approach on-premise…it is easier on cloud.
On the regulatory side, there are about 60 regulators or perhaps even more internationally. This means, international banks will have to comply with tens of regulators. The bank I mentioned earlier had to get a sign off from regulators and it successfully managed to from most of them. There is a strong willingness from the regulators, certainly in major financial areas that banks work for. This is also because regulators can see the advantages of migrating to cloud.
Your suggestions to improve cloud regulations?
It is pretty tough because the regulator environment is fragmented, and that is a challenge. The cloud providers are very standardised globally like Amazon or Google. This is a very similar infrastructure globally. Major cloud providers are working very closely in order to make significant changes…so they are somewhat regulatory friendly to begin with. There is a lot of work done by the likes of Google and Amazon to create that platform.
Regulators are happy with the data is being treated and distributed. One example would be there is a huge amount of work going behind the scenes with banks, regulators and cloud providers. Perhaps, this is not reported often. In the last few months, we have seen a huge improvement in making the industry more straightforward. There are tens of regulators globally, and there is definitely a lot of work invested to make this easier.