The financial services industry has been notoriously slow when it comes to cloud adoption. According to a recent survey conducted by OneMarketData, "Is Cloud Technology Gaining Momentum in Capital Markets?", the benefits of lower technology costs, rapid scalability, and solution flexibility have been obscured by security, performance, and vendor flexibility concerns.
In Europe, these concerns have been taken seriously. The European Union has recently backed a Digital Agenda, a legislative package that calls for the creation of a new broadband regulatory environment and plans to accelerate cloud computing via public sector buying power. But how will the Digital Agenda affect financial firms when choosing a cloud service provider to cover their European operations? More importantly, will the Digital Agenda ease the fears of capital markets and their take up of the cloud?
OneMarketData's (OMD) survey shed some light on three areas of particular concern to the capital markets as it debates the benefits and dangers of the cloud:
1) Security:According to OMD, "security, or more importantly managing the recovery process from a failure or breach, when transferred to cloud vendors is a terrifying thought for firms when managing other people's money."
The most common method of dealing with cloud security is through the agreement of specifications of systems and physical infrastructures used by digital service providers. Once service providers are rated or accredited to a same set of standards, customers can then make clearer comparisons.
The European Commission, intent on not recreating the wheel, acknowledged that there are "many good and widely adopted existing standards which relate to security that can be used by cloud computing" and intends to publish a list of recognized standards in 2014. These standards, covering aspects from resilient power supply to the physical security of the data centre, do differ greatly from one another so attention must be paid to the levels of security that each EU-recognized approach takes.
While a good thing in principle, the creation of a list of EU-approved security standards does not go far enough in terms of clarifying each of the security standards, particularly those relating to physical security.
For example, the infrastructure of our central London data centre is fully redundant. Our 33kV power supply is fed from two separate sub-stations from the national grid, while all carriers have diverse fiber links into the facility. Roughly speaking, most of London would have to suffer an outage before we need to initiate our back-up generators. The resilience and security of the physical infrastructure that enables cloud based technology and powers a digital economy is paramount.
Financial services firms with a European operation will need to evaluate for themselves the levels of security deemed necessary and should ensure that their cloud service provider is compliant with at least one of the guidelines published by the European Union Agency for Network and Information Security (ENISA). Top of the list in this regard is resilient infrastructure needed to run cloud-based services.
2) Loss Of PerformancePerformance is critical to capital market participants, as the OMD survey highlights: "Fast access to markets and low-latency processing speed has an immediate impact on trade decisions and the difference between winning and being just another also-ran."
The EU, recognizing that investing in infrastructure is key to building confidence in cloud technology, stated that, "the cloud is the 'killer app' for superfast broadband". The recently adopted legislative package for a "Connected Continent: Building a Telecoms Single Market" is expected to boost European cloud computing and improve quality of service. The expected casualty of a single telecoms market, however, is diversification. The EU predicts a large wave of consolidation to occur amongst digital service providers and in terms of cost efficiency, a reduction in the number of datacenters resourced by each provider is foreseen. Consolidation in the form of minimizing the number of datacenters available on the Continent could, however, run the risk of compromising performance and latency. The laws of physics dictate that no IP packet will go down the wires faster than the speed of light, so naturally, the further away two systems are from each other; the longer it takes for communication to occur.
If a financial services firm relies on latency to improve performance, the location of the data centre is crucial. In order to ensure improved performance it is prudent for businesses to know where their data lives and how quickly they can get to it. Any firm wanting to trade quickly between all the available markets will recognize that a central location can offer a competitive advantage through latency arbitrage opportunities. Fast and resilient connectivity is key and central London is unrivaled in the number of carriers running their fiber connections underground. Consequently, companies could benefit from choosing a cloud service provider that operates from data centre locations that are in proximity to their business operations and provide low latency connectivity via world-class carriers in order to safeguard time-critical performance.
3) FlexibilityOne of the well-known benefits of the cloud is solution flexibility and the ability to rapidly scale operations up or down with a minimal amount of overhead. Flexibility when it comes to cloud vendors can, nonetheless, be seen as a barrier to cloud because of the difficulty in switching providers; the relationship between the cloud providers and its customers being commonly labeled as "sticky."
The Commission has recognized that many available proprietary and open source cloud solutions currently exist, but notes that there are very few, if any, standards. The Commission points out that, "this is potentially an issue since vendor lock-in is a significant concern in relation to cloud computing services."
The future looks bright as the development of EU standards will allow companies to better measure performance between cloud service providers and ultimately permit greater flexibility in switching providers. Until these standards are created and adopted, companies in the meantime will have to thoroughly validate the technology processes of potential cloud vendors, assessing the product life cycle as well as how incident, problem and change management are handled.
ConclusionThe EU's attempt to compile existing security standards and create standards to measure cloud computing performance are welcomed by the industry as these efforts should help towards reassuring those capital market firms currently hesitating in regards to their take up of the cloud. Until these standards are created, financial firms will need to remain vigilant when assessing physical security standards and monitoring performance of cloud services providers. Moreover, it is hoped that new standards and single markets will not come at the expense of competition and the choice that could ultimately affect time-critical performance considered crucial for capital markets firms.
About The Author:
Matthew Dent, CEO, Volta
Matthew Dent is a finance and property investment professional with over 13 years experience in acquisitions, fund structuring and management, strategic asset management, corporate financing and restructuring. A Chartered Surveyor, Matthew previously worked for Chelsfield plc. While at Chelsfield, he was appointed to the main board of Global Switch to implement corporate restructuring and business turnaround across its 3 million square foot datacenter portfolio, located in London, Paris, Amsterdam, Frankfurt, Madrid, Singapore and Sydney.