Infrastructure

03:48 PM
Matthew Dent, Volta
Matthew Dent, Volta
Commentary
50%
50%

Can Europe's Digital Agenda Spur Capital Markets Public Cloud Adoption?

Proposed standards from the European Union may help ease some concerns capital markets firms have with public cloud.

Matthew Dent, Volta
Matthew Dent, Volta

The financial services industry has been notoriously slow when it comes to cloud adoption. According to a recent survey conducted by OneMarketData, "Is Cloud Technology Gaining Momentum in Capital Markets?", the benefits of lower technology costs, rapid scalability, and solution flexibility have been obscured by security, performance, and vendor flexibility concerns.

In Europe, these concerns have been taken seriously. The European Union has recently backed a Digital Agenda, a legislative package that calls for the creation of a new broadband regulatory environment and plans to accelerate cloud computing via public sector buying power. But how will the Digital Agenda affect financial firms when choosing a cloud service provider to cover their European operations? More importantly, will the Digital Agenda ease the fears of capital markets and their take up of the cloud?

OneMarketData's (OMD) survey shed some light on three areas of particular concern to the capital markets as it debates the benefits and dangers of the cloud:

1) Security:

According to OMD, "security, or more importantly managing the recovery process from a failure or breach, when transferred to cloud vendors is a terrifying thought for firms when managing other people's money."

The most common method of dealing with cloud security is through the agreement of specifications of systems and physical infrastructures used by digital service providers. Once service providers are rated or accredited to a same set of standards, customers can then make clearer comparisons.

The European Commission, intent on not recreating the wheel, acknowledged that there are "many good and widely adopted existing standards which relate to security that can be used by cloud computing" and intends to publish a list of recognized standards in 2014. These standards, covering aspects from resilient power supply to the physical security of the data centre, do differ greatly from one another so attention must be paid to the levels of security that each EU-recognized approach takes.

While a good thing in principle, the creation of a list of EU-approved security standards does not go far enough in terms of clarifying each of the security standards, particularly those relating to physical security.

For example, the infrastructure of our central London data centre is fully redundant. Our 33kV power supply is fed from two separate sub-stations from the national grid, while all carriers have diverse fiber links into the facility. Roughly speaking, most of London would have to suffer an outage before we need to initiate our back-up generators. The resilience and security of the physical infrastructure that enables cloud based technology and powers a digital economy is paramount.

Financial services firms with a European operation will need to evaluate for themselves the levels of security deemed necessary and should ensure that their cloud service provider is compliant with at least one of the guidelines published by the European Union Agency for Network and Information Security (ENISA). Top of the list in this regard is resilient infrastructure needed to run cloud-based services.

2) Loss Of Performance

Performance is critical to capital market participants, as the OMD survey highlights: "Fast access to markets and low-latency processing speed has an immediate impact on trade decisions and the difference between winning and being just another also-ran."

The EU, recognizing that investing in infrastructure is key to building confidence in cloud technology, stated that, "the cloud is the 'killer app' for superfast broadband". The recently adopted legislative package for a "Connected Continent: Building a Telecoms Single Market" is expected to boost European cloud computing and improve quality of service. The expected casualty of a single telecoms market, however, is diversification. The EU predicts a large wave of consolidation to occur amongst digital service providers and in terms of cost efficiency, a reduction in the number of datacenters resourced by each provider is foreseen. Consolidation in the form of minimizing the number of datacenters available on the Continent could, however, run the risk of compromising performance and latency. The laws of physics dictate that no IP packet will go down the wires faster than the speed of light, so naturally, the further away two systems are from each other; the longer it takes for communication to occur.

If a financial services firm relies on latency to improve performance, the location of the data centre is crucial. In order to ensure improved performance it is prudent for businesses to know where their data lives and how quickly they can get to it. Any firm wanting to trade quickly between all the available markets will recognize that a central location can offer a competitive advantage through latency arbitrage opportunities. Fast and resilient connectivity is key and central London is unrivaled in the number of carriers running their fiber connections underground. Consequently, companies could benefit from choosing a cloud service provider that operates from data centre locations that are in proximity to their business operations and provide low latency connectivity via world-class carriers in order to safeguard time-critical performance.

3) Flexibility

One of the well-known benefits of the cloud is solution flexibility and the ability to rapidly scale operations up or down with a minimal amount of overhead. Flexibility when it comes to cloud vendors can, nonetheless, be seen as a barrier to cloud because of the difficulty in switching providers; the relationship between the cloud providers and its customers being commonly labeled as "sticky."

The Commission has recognized that many available proprietary and open source cloud solutions currently exist, but notes that there are very few, if any, standards. The Commission points out that, "this is potentially an issue since vendor lock-in is a significant concern in relation to cloud computing services."

The future looks bright as the development of EU standards will allow companies to better measure performance between cloud service providers and ultimately permit greater flexibility in switching providers. Until these standards are created and adopted, companies in the meantime will have to thoroughly validate the technology processes of potential cloud vendors, assessing the product life cycle as well as how incident, problem and change management are handled.

Conclusion

The EU's attempt to compile existing security standards and create standards to measure cloud computing performance are welcomed by the industry as these efforts should help towards reassuring those capital market firms currently hesitating in regards to their take up of the cloud. Until these standards are created, financial firms will need to remain vigilant when assessing physical security standards and monitoring performance of cloud services providers. Moreover, it is hoped that new standards and single markets will not come at the expense of competition and the choice that could ultimately affect time-critical performance considered crucial for capital markets firms.

About The Author: Matthew Dent, CEO, Volta
Matthew Dent is a finance and property investment professional with over 13 years experience in acquisitions, fund structuring and management, strategic asset management, corporate financing and restructuring. A Chartered Surveyor, Matthew previously worked for Chelsfield plc. While at Chelsfield, he was appointed to the main board of Global Switch to implement corporate restructuring and business turnaround across its 3 million square foot datacenter portfolio, located in London, Paris, Amsterdam, Frankfurt, Madrid, Singapore and Sydney.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
2/7/2014 | 7:36:19 PM
re: Can Europe's Digital Agenda Spur Capital Markets Public Cloud Adoption?
The EU's move to create security standards around cloud computing is something we haven't seen in the U.S. As far as the issue of knowing where their data lives, that has been a big concern for capital markets firms and an impediment to adopting the public cloud.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Apprentice
2/7/2014 | 11:03:47 AM
re: Can Europe's Digital Agenda Spur Capital Markets Public Cloud Adoption?
Ulf, great points. Also, financial regulators always place the responsibility for the data back on the financial firm, not the cloud provider. So, if there is an outage, or a data breach, the financial firm needs to respond to the regulator to let them know that the data is safe (or not) and where it is located. Do the new EU standards address some of the data location concerns? And what do cloud providers need to do to help financial firms with their regulatory concerns?
Ulf Mattsson
50%
50%
Ulf Mattsson,
User Rank: Apprentice
2/6/2014 | 5:38:46 PM
re: Can Europe's Digital Agenda Spur Capital Markets Public Cloud Adoption?
I think that it is a good sign that "The EU's attempt to compile existing security standards" but it is not enough to focus on the old standards that are, "covering aspects from resilient power supply to the physical security of the data centre". New logical data security approaches are needed in Public Cloud.

We know that in many of these environments, my Data is NOT under my control, NOT in a computer within in my organization and I may not have information about who can access my data, maybe administrators or other tenants. I may be sharing disk, memory and other infrastructure components with parties that I donGÇÖt know about and they maybe stealing my data.

Below are a few words of guidance from the payment card industry, PCI SSC. The guidance is applicable for all sensitive data that is sent to the public cloud.

If you outsource to a public-cloud provider, they often have multiple data storage systems located in multiple data centers, which may often be in multiple countries or regions. Consequently, the client may not know the location of their data, or the data may exist in one or more of several locations at any particular time.

Additionally, a client may have little or no visibility into the controls protecting their stored data. This can make validation of data security and access controls for a specific data set particularly challenging.

In a public-cloud environment, one clientGÇÖs data is typically stored with data belonging to multiple other clients. This makes a public cloud an attractive target for attackers, as the potential gain may be greater than that to be attained from attacking a number of organizations individually.

I recently read a report from the Aberdeen Group about new logical data security approaches. The report revealed that GÇ£Over the last 12 months, data tokenization users had 50% fewer security-related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-usersGÇ¥. The name of the study is GÇ£Tokenization Gets TractionGÇ¥.

These new logical data security approaches are needed for higher cloud adoption.

Ulf Mattsson, CTO Protegrity
More Commentary
BYOD Policy: Don't Reinvent the Wheel
Financial firms still feel overwhelmed by BYOD risks and challenges. But these can be addressed by a good policy, and the guidelines are already out there.
The BYOD Challenge
Having a policy in place to manage mobile devices used by employees for work purposes is necessary in this current day.
Getting Onboarding Right in the Age of the Customer
Disparate “Frankenstein” systems slow down the onboarding process and impede customer service, says Pegasystems.
Performance Monitoring Key to Smooth Infrastructure Modernization
As banks consider how to shift infrastructure and storage solutions, they can’t afford to lose visibility into performance.
Accuracy in the Financial Data Supply Chain
Some of the best-practices from the retail world’s physical supply chain, including data standards and visibility, can be leveraged for efficiency in financial services.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.