Banking on the Cloud

Sep  06 
Navdeep Singh  Vice President, Infrastructure Engineering, Fiserv 

Finding the right strategy to realize cloud computing's potential

Cloud technology has grown from a murmur about possibilities to a strategic reality in the financial services market. But the complex array of cloud choices for financial institutions can leave leaders with more questions than answers.

Finding the right answers starts with looking beyond the cloud to your financial institution's overall business strategy and goals. Realizing the potential of cloud computing requires understanding what investments of time, internal talent and money you are prepared to commit.

Broadly speaking, organizations fall into one of three categories: Do it for me, do it with me or do it myself. Understanding which applies in the context of the business strategy can help crystallize an approach to new technologies, including the cloud, and position financial institutions to find the right partners.

Financial institutions may choose: the public cloud run by companies, such as our alliance partner Microsoft; the private cloud, which uses data centers run by providers such as Fiserv; or a hybrid model that taps into both. We talked to Rob Fannon, principal lead for data and artificial intelligence at Microsoft, about those choices.

Realizing the potential of cloud computing requires understanding what investments of time, internal talent and money you are prepared to commit. 

How do CIOs make the business case for moving to the cloud? When does it make the most sense for an organization?

There really isn't one right way to think about it. The decision to move to the cloud depends on the workloads being considered. Usually, questions come up during a hardware refresh cycle. Do you buy that next rack or servers? Are you fully utilizing the servers you already have, or do they sit idle 80 percent of the time? Or financial institutions may employ a gradual process, leaving everything as is in the data center and making a rule that all new applications will be cloud-first. By slowly shutting down storage arrays and sunsetting old applications, many issues eventually take care of themselves. 

I highly recommend building out a Cloud Center of Excellence with members from across your organization to evaluate the likelihood of migrating applications to the cloud. It's never a good idea to move to the cloud just because everyone else is doing it or because its technically feasible. Make sure you have created potential mission impact and business scenarios.

One of the interesting trends we are seeing at Microsoft is the number of partners building software more for the Microsoft Azure cloud computing platform and cloud consumption and less for on-premises deployments – a trend I see continuing. 

Moving to the cloud is not a simple process for financial institutions, which have a number of integrated applications. What are the most common problems you see and are there best practices for avoiding them?

One of the biggest advantages of moving to the cloud is the opportunity to explore various cloud deployment models like infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS). Those models enable organizations to avoid the expense and complexity of buying and managing underlying application infrastructure and middleware, container orchestrators, development tools and other resources. 

One of the biggest issues I see is when companies take what they have on site and move it exactly as is into an IaaS environment. Taking the time to rethink and retool your applications for a cloud-based environment will likely increase flexibility for scaling, decrease overall costs to administer and provide new development opportunities for other platforms such as mobile. I highly recommend taking more time – just a few more weeks – to think through application migrations that involve virtual machine (VM) to VM lift-and-shifts. Remember, just because it can run in the cloud exactly like it does on premises doesn't mean it should.

How are financial services firms thinking about security? Are any of their concerns well founded?

The cloud is subject to the same rules as any other technology when it comes to protecting sensitive customer data. That hasn't changed. But we are seeing a change in the level of trust financial organizations have with their cloud providers.

Not long ago, many organizations thought their security was more effective than other options, including the cloud. Over time, many have come to realize cloud providers such as Microsoft are able to devote the money and resources necessary to ensure the highest levels of security. At Microsoft, we take a proactive approach, spending upwards of $1 billion per year on security and engaging 3,500 experts to watch and monitor 6.5 trillion daily signals.  

As their trust in cloud vendors grows, financial institutions are creating new roles focused on cloud scrutiny. Those responsibilities have security mandates at their core but are also focused on what applications are being used and where the data is flowing. For cloud security professionals, watching the movement of data and interpreting every connection is the new normal.

With the rapid pace of Fintech in general, how do you expect cloud strategies to evolve?

The rapid maturity and mainstreaming of Fintechs means financial organizations must realign, and in some cases reinvent, their cloud postures for a new reality. It is no longer a matter of one Fintech or another, but many times both. Financial services firms will continue to evolve as an industry, focused on using multiple Fintechs, multiple cloud providers and multiple vendors that all work together. It's the job of the financial institution to understand where each piece of the Fintech puzzle fits in the overall strategy. 

There used to be companies sitting on the fence on whether or not they would move their data to the cloud. Today, it's not if, it's when.