Barnaby Mote, CEO, 4sl
The ongoing mass migration to the cloud shows little sign of slowing. According to IDC, by 2025 49 percent of the 175 zettabytes of data worldwide will be stored in public cloud environments as organisations realise the benefits of using IaaS, PaaS and SaaS. The financial services sector is no exception when it comes to cloud adoption, with cloud use increasing by 43 percent between 2017 and 2019.
However, while cloud can give significant benefits, it also introduces new challenges – many of which can be unforeseen. For instance, many financial services organisations are choosing to hand over the responsibility of backup to their cloud providers. Yet there is often a clear gap between backup policies that cloud providers find acceptable, and ones that fit the obligations placed on financial organisations. Organisations that aren’t aware of any gaps can place themselves at serious risk of data loss and even non-compliance.
Backup services lost in translation
The reasons for FS investment in the cloud are clear and numerous – from improving the scalability of infrastructure and applications, to saving costs and time when implementing new applications or infrastructure. Another frequently identified benefit is being able to hand over responsibility for backups, which have paradoxically become ever more complex as cloud adoption increases. As such, any opportunity to pass on responsibility will seem attractive to many FS organisations – especially if it’s as part of an existing service, meaning the cost and complexity of sourcing, setting up and then paying for a new and separate service are eliminated.
However, there is currently a gulf between perception and reality when it comes to organisations’ backup needs and the services offered by cloud providers. In a recent survey carried out by 4sl, for instance, only a quarter of financial services organisations claimed to know their cloud providers’ backup provisions in detail, whilst 36 per cent of firms using AWS and 43 per cent using Office365 wrongly believed that their data would still be available long after it’s gone. At a glance, this may seem of little importance. However, when we consider that the ability to demonstrate data availability is such an integral element of meeting regulatory obligations in the sector, the risks become apparent.
What are the risks?
The truth is that many cloud providers’ out-of-the-box backup services will not match the regulatory requirements that financial organisations have to meet when it comes to holding data. Quite simply, there are wide variations in the backup and recovery capabilities of cloud services and few provide even the most basic provisions by default. Where backup can be added on, the data is always held by the provider; not an ideal situation for organisations concerned about having all their eggs in one basket.
By assuming that cloud providers’ backup policies meet rigorous regulatory demands, FS organisations are putting themselves at serious risk of data loss and even non-compliance – which could in turn lead to fines, other disciplinary action or even reputational damage. Organisations within the heavily regulated finance sector should not leave backup to chance. So, what can they do to gain more control?
Bridging the gap in understanding
FS organisations have a few options available to them. One potential route is to do the legwork to understand what each provider offers and configure accordingly – a course of action that is possible but could be time consuming for firms using multiple cloud services, as many do.
A second option is for financial services organisations to use a separate technology or service that ensures corporate standards can be applied consistently across the board, from mainframe to microservices. Whether this is done in-house or as part of a separate third party service, the most important thing is that data is kept secure and backed up regardless of the organisation’s approach to infrastructure. Ultimately, it’s down to each organisation to understand what best suits their individual business.
From fintech to the growing cyber threat, the financial sector already has enough challenges on the horizon. Not knowing whether cloud data is at risk need not be added to the long list. With data finding its way into increasingly diverse on-premises and cloud locations, the solution to this challenge is in sight for those who choose to look.
