By Alison Tudor-Ackroyd | 7 February 2018
On offer is vast computing power needed to keep up with the fintech revolution. The downside is greater risk of a cyberattack and the headache of complying with a plethora of data sovereignty laws.
Amazon Web Services is set to open a cloud over Hong Kong in 2018 after doing the same for Singapore last year. The internet services provider hopes to lure more Asia-based businesses to migrate their data into its storage centres.
And for the majority of banks, to a greater or lesser extent, the inexorable march into the cloud, where IT hardware can be accessed remotely, is already under way.
“In the fullness of time, most organisations will be all in, in the cloud,” said Dean Samuels, head of solutions architecture for Hong Kong and Taiwan at Amazon Web Services, or AWS.
Financial services firms are starting to deploy material amounts of data to the cloud; for example Australia’s Commonwealth Bank is looking at migrating core banking operations into AWS, AWS’s Samuels said at the ‘Future of Finance’ conference in Hong Kong on Wednesday.
“It is not our intent to manage such expensive IT infrastructure,” said Micky Lo, chief technology risk officer for Asia Pacific at BNY Mellon. Lo wants to get such fixed assets off the US bank’s balance sheet and use cloud services much like the bank would pay-on-demand utilities.
This mass migration amplifies banks’ computer firepower, enabling them to rapidly mould services to customer behaviour.
As commercial banking and trading move towards a more high-touch and personalised service while also staying in line with regulations – so financial firms will need greater insights from data. Artificial intelligence can help detect fraud in petabytes of data, while the internet of things – a network of physical devices – helps them track customer behaviour.
“We’re working with insurance companies who are tracking the activity of members. Are they going to the movies rather than the gym? Are they eating at McDonald's rather than eating a nice salad? and [insurers are] using that information to customise policies,” AWS’s Samuels said.
Banks are looking to benefit from economies of scale by outsourcing data storage.
“You cannot purchase an unlimited number of machines. At Google we deploy a machine every three seconds,” Osmond Ng, a Hong Kong-based customer engineer at Google, said at the same conference.
Competition from tech-enabled startups has accelerated banks’ shift to the cloud say industry sources. While cloud computing can cut costs, it has also reduced entrepreneurs’ time-to-market and eliminated barriers to entry.
Financial technology (fintech) firms such as US online stock brokerage Robinhood are using cloud computing to help them disrupt incumbent financial services firms.
Banks have many concerns when transferring data to the cloud such as “Will data be seen by other tenants in the data centres?”. Basically, cloud providers take responsibility for the security of the cloud perimeter but security of the data within the cloud still resides with customers.
“The cloud is not some magical place where everything is secure,” said AWS’s Samuels.
And the firewalls will be tested.
Storing data in the cloud “definitely increases the chances of you being targeted, especially in financial services because that is where the money is,” said John Guo of Israeli IT security firm Check Point Software Technology.
For banks, preparing for the worst is tricky as there are no clear industry standards among cloud providers.
One major challenge is the legal terms and conditions of the bank’s contract with its cloud provider as it remains difficult to define a security breach in advance.
Banks also need to be clear on timelines for reporting a breach. In Singapore for instance, a hack of a bank’s critical applications must be reported to the regulator within one hour.
National governments are increasingly strengthening laws to to protect citizens’ data, enhance national security and, in some cases, protect local businesses.
Failure to comply with China's new cybersecurity law, which took effect last year, could incur a fine of Rmb 1 million ($150,000) and potential criminal charges. Under the new law, foreign companies must store data on China on the mainland.
Some foreign companies choose to store their data in Hong Kong, given the geographical proximity to China and sound legal framework and protection of intellectual property.
Generally cloud providers leave the decisions on whether to transfer data cross-border to the client – but they will provide encryption tools and the means to move data.
“So you have to think about what kind of measures you can take to safeguard your data such as encryption … to protect from other access,” Google’s Ng said.
Regulators require financial services provide a risk assessment on cloud providers particularly regarding resiliency.
“We use multiple providers … we are concerned about concentration risk,” said BNY Mellon’s Lo.
While banks face challenges, speed is of the essence to keep up with nimbler rivals. Even the regulators are leveraging the cloud.
The US’s securities watchdog Financial Industry Regulatory Authority (FINRA) using cloud to replay securities option trading from the previous day to detect any insider dealing.