A recent Forbes survey found 52% of business were cloud-first (i.e., new apps and services were hosted in the cloud as opposed to on infrastructure the enterprise owns and manages); and Forbes estimate this figure could grow to 77% within 2 years.[i]
As cloud technology continues to mature, more organisations have the confidence to make the most of its advantages like improved cost control, scalability, flexibility and agility – all essential ingredients for maintaining a competitive edge in today’s dynamic and demanding market.
However, despite all the benefits of cloud tech (which we’ll delve into in our next blog) risk averse organisations have been slow to make the transition. This may be due to common misconceptions and fears, which, if left unchallenged, could result in uninformed decisions being made. Organisations who fail to act soon may miss out on being able to leverage emerging technologies like Blockchain, which could be a significant disadvantage.
So what misconceptions are holding the investment sector back?
1. The belief that data stored in the cloud is less secure
The assumption cloud-based services are less secure and more vulnerable to cyber threats, is often used as a rationale against cloud tech. In reality, leading IT vendors have sophisticated data centres where they’ve invested in building world leading security controls and teams. Many provide a government level of security, which goes way beyond what many in-house IT teams could achieve. For example, Amazon Web Services (AWS), by far the biggest public cloud platform provider with more than a million active customers a month, has more than 1,800 security controls governing its services.[ii]
When choosing a cloud provider, it’s important to carry out best practice due diligence to ensure the right controls are in place to mitigate risk.
2. Data sovereignty restrictions prohibit offshore IT vendors
It is common for regulatory authorities overseeing their local financial institutions to restrict data from being sent outside their geographic location. As a result, financial services organisations were in the past prevented from utilising leading offshore cloud providers like AWS. The good news is many vendors, including Amazon have since developed local data centres which allow data to be retained on-shore.
In Australia, for example, it’s important to note data being stored offshore is still subject to additional oversight by Australian Prudential Regulation Authority (APRA) and, as companies like Amazon are governed by US law, some road blocks remain. While legislation seemingly lags behind the technology, APRA are working more closely with organisations to ensure the industry benefits from advances in technology and are able to leverage emerging technologies like Blockchain. There is an expectation from APRA for detailed risk assessments to be undertaken in consultation with them, which should be part of any best practice digital strategy.
3. Less control over data management
Many organisations fear outsourcing highly sensitive data to external IT vendors will lead to access control issues. While there have been privacy issues over the years, public cloud providers have worked hard to create best practice multi-tenanted solutions. Maintaining data privacy can now be achieved by using private clouds, which store information on dedicated a platform in a unique environment, separate to other customer data. Major cloud providers also give customers the option to handle their own encryption keys, meaning no-one inside the provider could get access even if they wanted to. This allows organisations to control who can access what data.
Cloud providers now have many other controls in place and organisations are able to work closely with providers to specify the level of security and privacy they require.
Gaining competitive advantage
While there are risks involved in all aspects of technology, cloud tech has matured to a point where these common misconceptions are almost redundant. Leading cloud vendors have state of the art technology, security controls and teams in place to mitigate risks, while APRA’s appetite for supporting financial services organisations to utilise cloud tech is growing. Instead of focusing on what can’t be done, organisations should ask what’s possible and look to work with APRA to ensure they realise their potential and gain competitive advantage. Organisations who fail to break through these barriers will be left behind.
[i] “What The Rise Of Cloud Computing Means For IT Pros,” Allan Leinwand, Forbes Technology Council, posted February 28 2017, https://www.forbes.com/sites/forbestechcouncil/2017/02/28/what-the-rise-of-cloud-computing-means-for-it-pros/#24c26a505518
[ii] “Can we trust cloud providers to keep our data safe?” Matthew Wall, Technology of Business editor, posted 29 April 2016 http://www.bbc.com/news/business-36151754