Firms' Public Cloud Concerns Based on Regulatory Interpretation, not Technology
Panelists discuss the biggest hurdles firms are facing when it comes to moving systems to the public cloud.
A discussion around moving to the public cloud in financial services will more often than not be accompanied with talks regarding security, access and control of the data.
However, according to panelists at this year's Toronto Financial Information and Technology Summit, the majority of issues around a firm's willingness to move to the public cloud is in regards to regulatory expectations.
"Truth be told, the difficulty we're having with consuming public cloud has more to do with non-tech problems than with technology problems," said Damian Smith, director of infrastructure strategy at TD Brank. "What are our regulators' expectations? What kind of audit rights can we get? The things that we expect as a big customer of vendors that cloud providers and that sort of extreme commodity model are simply not interested in sort of playing that game. So trying to reconcile the corporate expectations with the new capabilities in order to derive the value from that new operating model has been the biggest challenge that we've had."
Dennis Cote, a former vice president of infrastructure planning and engineering at Toronto-based bank CIBC, echoed a similar sentiment. He said that in some cases the vendor technology is "light years ahead" of what can be produced internally.
The problems arise, Cote said, when people try to interpret the regulatory requirements. Regulators have only written rules to a certain degree, according to Cote, and it's hard to find specific examples that require providers to give up information about where firms' data lies within their servers.
"You'll never know where your data sits in an Amazon. But you can sit there and say, ‘Ok, how do I focus this in? How do I get something where the regulator feels that I am taking accountability for the data and make sure that I'm not giving up accountability?" Dennis Cote
Vendors aren't always willing to pass along those details, so it's a matter of finding different ways to make sure everyone feels safe being associated with that specific provider.
"You'll never know where your data sits in [Amazon Web Services' cloud]," Cote said. "But you can sit there and say, ‘Ok, how do I focus this in? How do I get something where the regulator feels that I am taking accountability for the data and make sure that I'm not giving up accountability?"
Rares Pateaneu, the director of Toronto-based Green Bank Capital, also mentioned the law as a potential pain point that is too often overlooked, in his opinion.
"What happens when something goes wrong [in the public cloud]? Who's at fault? Whom can you sue? Who will be responsible for the damages? What happens if there is a breach of the cloud provider and your data is compromised? Who is going to reconstruct that and from where? And if they can't, who's going to pay for it?" Pateaneu said. "Those are a lot of questions that, particularly in the English-speaking world where the law is precedence-based, have very few answers. So that is a thing to really worry about."
Consider the Experience
If a firm does make the move to the public cloud for a system or application, TD Bank's Smith said there are three directions a firm can take. First, in a traditional silo-based organization, a company can simply go for Infrastructure-as-a-Service (IaaS) to address its efficiency obligations.
A firm can also have an application design-based conversation in which they engage the cloud to change the way the firm's applications function.
However, according to Smith, the most interesting approach is by coming at it from a user-experience perspective.
"This is not about cloud as in technology. This is about a way of doing things that I can then change my users' experience in some way by pushing capacity and functionality as close to the edge as possible," Smith said. "Things like TD Bank and our Toronto data centers. If I've got somebody vacationing in London, their experience is going to be significantly different than if I'm suddenly spinning up capacity in AWS in London."
Pateaneu ended the conversation by pointing out that general questions ─ such as, ‘What is the best strategy to move to the cloud?' and ‘What are the pros and cons to moving to the public cloud?' ─ are flawed.
"The question is not whether you move to the cloud or not, but what do you move to the cloud? And the pros and cons are very strongly related to where your core competencies and your differentiating factors are," Pateauneu said. "The more generic something is the further away it is from your core competencies, the more it is probably beneficial to move it to somebody whose core competencies are that particular thing."
The Bottom Line
The biggest concerns for many firms around moving to the cloud aren't regarding the actual technology but understanding the regulatory requirements about what you need to know regarding where your data is stored.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Regulation
In ‘unusual’ move, Virtu fights $25m SEC fine for data safeguarding breach
Virtu disputes the regulator’s claim that employees had ‘unfettered’ access to consumer data.
What firms should know ahead of the DSB’s UPI launch
Six jurisdictions have set deadlines for firms to implement the derivatives identifier, with more expected to follow.
Europe’s AI Act is taking shape. How will the UK respond?
As the EU pushes through a historic AI Act, its neighbor is left wondering how to keep up.
The consolidated tapes are taking shape—but what shape exactly?
With political appetite established on both sides of the Channel, attention is turning to the technical details.
SEC squares off with broker-dealers over data analytics usage
The Gensler administration has ruffled feathers in the broker-dealer community with a new proposal seeking to limit their use of predictive data analytics. But at the heart of this deal is something far more seismic: one of the first attempts by the SEC to regulate AI.
The Cusip lawsuit: A love story
With possibly three years before the semblance of a verdict is reached in the ongoing class action lawsuit against Cusip Global Services and its affiliates, Reb wonders what exactly is so captivating about the ordeal.
Vendors under new scrutiny in CFTC due diligence push
The planned cyber resilience regime will force dealers to subject “critical” tech vendors to stricter audits.
Industry divided on whether Europe should delay FRTB
Most bankers prefer to keep to earlier start date, even though it puts continent out of sync with US.