Head in the clouds
Author: Josh Rix
Is cloud computing not a bit old hat now, with banks benefitting from widescale adoption across their business lines? And given the dramatic quarterly jump in earnings for both AWS and Microsoft Azure in Q4 2018 (45% and 76% respectively), shouldn’t we expect that banks across the UK and globally have contributed substantially to this rapid growth? There certainly are success stories: Capital One is an often touted “all-in” cloud migration AWS case study; Starling and other challengers in the UK have built on a cloud-first architecture; and both RBS and CYBG have built out new brands sitting on a greenfield cloud enabled tech stack.
However, the statistics, and these successes, don’t necessarily point to the overwhelming adoption, acceptance and embracement of cloud computing across the industry. What we’ve seen first-hand is not just a reticence to jump feet first into cloud adoption, but also a fundamental inability to do so due to three main reasons: data privacy concerns, rigid organisational structures and an underlying complexity in technical architecture.
Data privacy has long been a concern for banks, and rightly so, but the stringent penalties for data breaches introduced under GDPR in May 2018, coupled with the enhanced accountability requirements prescribed by the Senior Manager Regime have really put this back into the forefront of executives’ minds. Where cloud is concerned this becomes ever more pertinent.
This makes sense: for the last five years’ banks have voiced their concerns about cloud security and the cloud providers, who happen to be the largest companies in the world with next to unlimited resource, have responded. Now the agenda will switch – the cloud providers will need to demonstrate their ability to effectively manage and control data (which no doubt they will be able to do), and importantly, banks will need to make sure that they can implement and evidence this same degree of control, which is, as ever, less simple.
What’s clear is that banks need to prevent concerns about data privacy writing off the topic of cloud. The concerns are valid and the importance of adequate data controls inside and outside the organisation should not be understated, but with an enabling governance process, clear documentation and adherence to process, these concerns can be allayed.
Without breaching into the debate on the extent to which banks are able to effectively implement agile delivery practices, there are certainly comparisons to be drawn with the extent to which widescale cloud adoption has and will be successful, not least because, for the most part, cloud implementation projects and the ongoing development on a cloud-based infrastructure is heavily enabled by agile delivery.
The concept of DevOps encapsulates this quite perfectly – the introduction of expertise, team structures and practices that support both the development of applications and services, as well as their ongoing maintenance. This time last year I set up a team of DevOps engineers in a global bank to support a single product and it was nothing short of a battle, with roadblocks at every step of the process: finding the right people; putting in place contracts that supported a new style of working; implementing and setting up alerting and monitoring technology; aligning processes and procedures with existing support functions (often offshore); and securing business confidence in what we were doing.
And this was in a bank that was readily embracing “digital” and the move to the cloud. This is not an insignificant challenge for a small-scale, single market product; imagine the effort involved to introduce the right organisational structure, practices and processes to support a cloud-based migration of a global core-banking system – or even multiple regional core-banking systems.
Banks shouldn’t simply expect that the introduction and adoption of cloud can fit neatly into the existing organisation; there are foundational behaviours and structures that need to be established to support this adoption first.
There’s a reason that the cloud success stories tend to focus on new entrants to the market or greenfield projects: untangling the architecture of global banks is incredibly difficult. When it comes to these kinds of widescale platform migrations, the topic of cloud is almost irrelevant. Just moving from one on premises, legacy mainframe system to another would be challenging enough (and indeed it is, just look at what happened with the TSB-Sabadell migration in 2018). This existing baggage isn’t part of the equation when building from scratch, either as an entirely new organisation or as an entity that is technologically segregated from its parent.
Banks should see now as an opportunity to slowly, surely and strategically migrate to a cloud based infrastructure to improve the overall core banking experience. Lloyds Banking Group is testing a limited customer migration to Thought Machine, a cloud based core banking system, and HSBC has been embracing a multi-cloud approach for at least two years. These examples have focused on proofs of concept, followed by limited customer migrations which will ultimately result in the full move to cloud. Taking this proactive and measured approach will end up being far more successful than a knee-jerk, all in, over-promised under-delivered migration.
Cloud computing is a topic that will be on the agenda for banks in the years to come. It must be wholeheartedly embraced at every level of the organisation, heavily invested in and prioritised to truly unlock the many benefits that its implementation will enable.