How Financial Services Companies Can Navigate the Multicloud And Hybrid Cloud Frontier
The financial services sector can embrace hybrid cloud, which employs both on-premises and public cloud resources, and multicloud, which involves using more than one public cloud provider. The Unisys Cloud Success Barometer™ report indicates that more than one-quarter of organizations surveyed across all verticals leverage multicloud, and 2018 research from Forrester (via ZDNet) found that 86% of respondents characterized their organizations’ cloud strategies as multicloud.
A multicloud approach allows financial services organizations to select from a broader cloud feature set to support their DevOps efforts, scale new innovations and expedite new launches. That’s important in light of fintech, which is reportedly causing “dramatic upheaval” in the financial sector and pushing traditional companies in this space to do things in new ways.
Using more than one cloud provider also enables firms to avoid vendor lock-in. That gives them more power to realize cost savings via arbitrage. Financial services firms can also use multicloud to enjoy the combined security capabilities of various cloud providers.
What some financial services companies may not know is how to get started with multicloud or hybrid cloud and keep those efforts moving forward in a secure, compliant way. Here are six of my tips on how they can do that as a technology leader who drives cloud adoption and solutions for infrastructure transformation, application modernization, security compliance, cloud management and AIOps.
Have a Top-Down Mandate
It’s important for financial services businesses to have a top-down multicloud mandate. A clear, time-bound mandate will help provide clarity about the mission and drive enthusiasm. Without help from the top, multicloud initiatives may not succeed.
And digital transformation mandates such as multicloud and hybrid cloud need a champion. The champion should be somebody who’s responsible for running the overall infrastructure or the digital modernization effort.
Drive a Cloud-Native Culture
To scale digital mandates, fostering a cloud-native culture is equally as important as the strategy. How can organizations drive this culture change?
Getting people trained on cloud-native skills, bringing in external hires and creating a cloud-first career path for internal talent are some steps that you can take.
Adopting cloud-native processes and capabilities are also important steps. Leveraging best practices such as DevOps and getting the organization certified in key cloud competencies for financial services, such as risk posture management, data management and core systems, can help.
Adopt an Architectural Framework
Cloud architectures are essential foundations for enabling cloud transformation. However, they can be complex and involve multiple pillars, such as cost, security and operations. Each of these pillars can have hundreds of best practices.
Why? Financial services organizations with multicloud/hybrid cloud strategies need to decide which workloads will stay on-premises and which will move to the public cloud — and which cloud to use.
A cloud architecture framework that leverages codified best practices can help you scale the architecture objectives and mitigate potential architecture risks. Compliance is especially important to financial services companies. They need to plan how they will ensure compliance with the General Data Protection Regulation and the PCI DSS data standard.
What framework is best? There’s the CIS framework and the National Institute for Standards and Technology (NIST) framework. Amazon Web Services (AWS) has a framework, too, and so do Azure (the Microsoft Cloud Adoption Framework) and others. (Full disclosure: My company is an AWS and Azure partner.)
Which framework is not as important as having one that supports the multicloud or hybrid cloud model.
Use Centralized Governance, Automation and Digital Guardrails
As financial services firms scale on the cloud, there are hundreds of cloud services and thousands of ways of tracking these controls. People alone cannot always keep up with all of that.
Financial services firms should consider investing in centralized governance and automation to keep track of their cloud cost, monitoring and cloud security postures. I advise customers to have digital guardrails in place, like continuous reviews and automated assessments of their security and core cloud architectures.
You can enable automation across the cloud life cycle using programs like my company’s, AWS, Azure and CloudSentry from TrendMicro. If there are configuration deviations, automated systems can detect changes and respond to anomalies before any potential impact occurs.
Financial services organizations should implement these systems and related processes up front, not later on. They need to validate security on an ongoing basis, not just every few months. And they should implement a continuous integration and delivery (CI/CD) pipeline to automate the steps in their software delivery processes.
Pick a Credible Partner
Organizations pursuing multicloud or hybrid cloud strategies need to understand something very important. Cloud providers will give them the tools, but organizations are responsible for security, compliance and for stitching everything together so they have common visibility and governance.
Businesses can figure out how to handle security and compliance. But it requires investment, talent and expertise. There is a more cost-efficient, expeditious and reliable option — engaging a partner with credibility in compliance and security. This is a point that many organizations miss.
Compliance and security specialists also understand the importance of capturing log data, and they can assist financial services firms with the best ways to provide evidence of what your organization did and did not do.
There are several factors to consider to identify the right specialist for your needs:
Get Started, Continuously Assess and Grow
Once a financial services organization has done preparation and planning and established a robust architectural framework, it should conduct assessments, architectural due diligence and validation of reference architectures. That should involve moving a few workloads to conduct experiments on performance and availability. This identifies what can be moved and controlled.
By constantly validating and assessing against workloads — before, during and after migration and implementation — organizations can compare expectations against outcomes, learn about their risks and address gaps.
Multicloud and hybrid cloud create new challenges for organizations, especially financial services firms. But with multicloud visibility and the right governance, partners, planning and technologies, financial services firms can be more competitive, compliant and secure.