Banking on the cloud? (Part 2)
Recently released data has shown that increased use of cloud and IT outsourcing could be on the cards for banks and insurance companies.
Our own experience as a cloud eProcurement software provider echoes this. In the last six months we have seen more incoming enquiries from banks and financial services companies than any other sector and have now helped six high street institutions move their supplier sourcing and procurement processes into to the cloud. And working with them has proven that an additionally rigorous approach is required to validate and implement such strategies in a compliant manner compared to other markets.
But in what form has cloud become acceptable? In the CSA’s research cited earlier, 47% said that they are considering a sophisticated mix of in-house, private, public and hybrid environments. This suggests that while cloud and outsourcing are becoming integral parts of their strategy, pure Software as a Service and public cloud models are considered to be too straight-jacketed and limiting for the specific needs of the banking sector – especially where confidential data is concerned.
Five of the six institutions we work with have made major investments in cloud based Purchase to Pay or Source to Pay technology, designed to offer an experience similar to online shopping (or indeed banking) to hundreds of employees that need to raise requests for goods and services, from marketing material to temporary staff and all things in between. In these cases a cloud approach is helping them to innovate in procurement, providing a more intuitive user experience to help drive adoption and compliance within the bank, enabling better supply-chain collaboration and risk management and facilitating effective, proactive contract management.
What has been really important in facilitating that move to an intuitive cloud system is demonstrable security and process compliance, at the level required to host and manage bank data in the cloud. Security protocols that go far beyond the norm are essential, as are accreditations such as ISO9001, Cyber Security Plus, and ISO27001 to demonstrate a commitment to process rigour.
In essence the picture that appears to be emerging is that banks’ preferred approach to cloud is the delivery of software services but via private cloud rather than shared or public cloud infrastructures or those offered as standard by software and technology providers, even though generally secure. A private cloud can either mean an internally operated cloud (data centre or server stack) protected by the corporate firewall, or a dedicated segment of a 3rd party data centre with added security and no server sharing.
Financial institutions have a stronger duty of care than other organisations to scrutinise the risks of handing processes and data over to others. They must also ensure a double lining of water-tightness in the cloud and IT contracts that they put in place. It’s essential that banks look to work with providers that can flex their cloud delivery model to provide tailored levels of security and private cloud infrastructure to meet the demands of regulators and their own security policies. Then they can take advantage of all the cloud has to offer, safe in the knowledge that it is right for them, their own bank balance, their customers and their risk profile.