“What happened to the generation of power a century ago is now happening to the processing of information. Private computer systems, built and operated by individual companies, are being supplanted by services provided over a common grid – the Internet – by centralized data processing plants. Computing is turning into a utility, and once again the economic equations that determine the way we work and live are being rewritten.” –Nick Carr, “The Big Switch,” 2008
Nick’s right. The question is how long it’s going to take the financial services industry to catch up with him. Cloud computing (or at least talking about it) is all the rage, and there are a host of providers offering services today. Your bank or credit union may not be procuring raw infrastructure from these providers, but it’s highly likely you’re using Software as a Service (SaaS) for one or more of your applications. Those SaaS applications are hosted “in the cloud” and are indeed a form of cloud computing.
Cloud computing is relevant to a variety of audiences within a bank or credit union. The cloud will allow CIOs to scale their infrastructure on demand, enable CFOs to deal with less capital investment, and help business unit leaders gain speed-to-market for desired system implementation efforts. The cloud is not without additional risk management demands vs. do-it-yourself, and these demands are the primary inhibitor of financial institutions fully utilizing cloud computing.
First, some quick definitions of key cloud computing terms are in order:
- Internal Cloud – Does your institution use virtualization, where multiple servers are consolidated into fewer servers that adjust their capacity on demand, reducing hardware and support costs? Guess what—you’ve already got an internal cloud!
- Private Cloud – Private clouds are equivalent to internal clouds, except the servers, databases, and storage are hosted at a third party provider. The infrastructure is not shared and is accessible only through a private network.
- Public Cloud – This is what’s getting most of the hype. Servers, databases, storage, etc. are hosted at a third party on shared infrastructure that can be provisioned and accessed over the Internet.
- Software as a Service (SaaS) – Cloud applications delivered over the Internet are SaaS applications; SaaS can be distinguished from ASP (application service provider) models based on multi-tenancy, which describes SaaS’ ability to serve multiple customers on a single platform.
- Platform as a Service (PaaS) – PaaS provides the tools to support the development and deployment of Web applications over the Internet, typically as an add-on to an existing SaaS offering (think Salesforce.com’s force.com offering)
- Infrastructure as a Service (IaaS) – This describes the provisioning and deployment of virtual servers, storage and bandwidth in the cloud. The financial institution installs its operating systems, applications and/or data onto the IaaS infrastructure.
Savings, Speed and Skills Drive Benefits
Financial institutions already understand the benefits that SaaS applications can offer over internally hosted solutions. How about the rest of the systems that banks and credit unions are still commonly deploying internally – what benefits will make the cloud a better option? Reduced capital outlays, reduced time-to-market and refocused I.T. resources are three key benefits.
Cloud computing reduces the waste associated with excess and unused capacity. Servers are provisioned and capacity is increased/decreased as needed, on a pay-as-you-go basis, without one-time capital outlays. Note that private clouds are more expensive than public clouds as servers are dedicated to a financial institution.
Ad hoc capacity planning frequently produces “gotcha” moments in in-house shops. With the cloud, financial institutions can add capacity almost instantly using self-service tools vs. having to order hardware and wait days or weeks for it to arrive, reducing delivery time for new systems and capacity.
By eliminating physical hardware on-site and utilizing virtualized cloud servers, commoditized infrastructure support functions are left to external providers, enabling the CIO to focus on developing higher-value architecture, business analysis and application integration skills. Don’t fall into the same trap many financial institutions buying ASP or SaaS applications run into: just because it’s outsourced doesn’t mean you don’t need anybody to install and maintain it – someone still has to integrate these applications!
Risk Management and Service Levels are Key Considerations
What must be addressed for a successful cloud deployment? Mitigating risks and ensuring high-quality service levels are at the top of the list.
Hosting standards have not yet emerged for cloud computing providers, although organizations like Trusted Cloud are working to change this with security certification programs. Banks must extend their audit process to cover cloud providers and secure access to details of the underlying infrastructure, relevant logs, etc. A big issue is uncertainty around just how much sensitive personal information about customers can be stored in the cloud and the level of security required to protect it. This is one of the reasons core banking applications will be among the last to be offered in a public cloud (if ever at all). Relationships with cloud providers can change, so institutions also must ensure they can get their data back from the cloud provider.
User provisioning, authentication, user profile management and compliance processes must all be in place to ensure only authorized users have access to hosted data. Banks must either deal with dual user security processes (very undesirable) or integrate the cloud service with their user security system (formally known as the identity provider).
To ensure a high service level, negotiating an appropriate service level agreement with the cloud provider and regularly monitoring performance are necessary. Hiccups are bound to occur just as they do with internally hosted systems – the SLA in the contract (and penalties) will incent the cloud provider to perform.
Bandwidth must be addressed both at the cloud provider and the financial institution. Single points of Internet connectivity failure must be eliminated and adequate bandwidth provisioned at the financial institution. While bandwidth can scale at the cloud provider, understanding expected bandwidth needs will avoid surprises when the cloud hosting bill comes.
Finally, some applications are better suited for the cloud than others. Those with heavy input and output demands will cost more. Some vendors may also not allow their systems to be used in a cloud environment per their licensing agreements (if they are architected in a way that supports the cloud at all). So, bandwidth-intensive applications like imaging may not be ready for prime time in the cloud.
Cloud Computing: Today and Tomorrow
Let’s take out our trusty crystal ball and see which categories of applications are going to gain cloud deployment traction. You’re not going to hold me to this, right?
| Today: 2010 | Prediction: 2013 | |
|---|---|---|
| Core | Core applications are commonly outsourced today in an ASP (not SaaS) model. | Core won't yet be offered in a SaaS model due to lingering concerns around protection of confidential data, despite improvements in encryption and authentication technology. |
| Electronic Delivery | Internet banking, mobile banking, public Web sites, account opening/funding and online lending solutions are all widely deployed in a SaaS model. | The percentage of institutions deploying these applications in-house will continue to decline in favor of the SaaS model. Deployment of call center/telephony applications in the cloud will increase (voice response units, for example). |
| Infrastructure | Branch and local file servers are widespread, and desktop operating systems and office suites are installed in workstations. | My my, hey hey. File and print is here to stay. Branch servers are on the decline, but your corporate "shared drive" isn't going anywhere (yet). But, deployments of Windows 7 virtual desktops via internal cloud will have occurred in a material (>10%) number of institutions. |
| Internal clouds are being utilized for testing and disaster recovery infrastructure, with private clouds under consideration. |
The percentage of institutions utilizing either internal or private clouds vs. dedicated infrastructure for testing and disaster recovery will increase. | |
| Email/Archive and enterprise collaboration (e.g. SharePoint) solutions are offered with competitive per user pricing, but financial services companies have been slow to get on board. |
Data protection, data retention guideline enforcement and eDiscovery challenges will be resolved and the race will be on to get rid of Exchange and other internally hosted email solutions. Outsourced collaboration solution deployments will begin. | |
| Banks and credit unions are making huge investments in internal storage and data replication. | These investments will continue, but costs will decline as pricing for backup to private cloud providers continues to improve, making that option more attractive as internal application storage demands decline. | |
| Strategic Systems | HR and customer relationship management (CRM) applications were early to the SaaS party; applications failing to gain SaaS traction include: * Data warehouses * Financial systems * Loan origination systems (non customer-facing) * Imaging and workflow systems Note that some of the above applications are deployed in private cloud and ASP models today. |
For the same reasons as core applications, data warehouses will not yet make it into the public cloud, but private clouds will host warehouses or handle heavy processing cycles in a hybrid internal/private cloud model. Financial and loan origination systems will begin to see cloud deployments. Because of the input/output demands and associated costs, imaging and workflow solutions will be slow to migrate to the public cloud, although private cloud deployments will increase. |
Don’t Worry, This Cloud Won’t Rain on Your Parade
As new applications and infrastructure are considered in the coming years, CIOs should consider the opportunities that cloud deployment can bring. Starting with application testing and disaster recovery, banks and credit unions can move beyond basic SaaS application delivery and internal virtualization used today. IT shops can then work to understand how to integrate public, private and internal cloud applications and move more production applications outside of their internal cloud. Just as the manufacturers found benefit in ditching their internal power-generating systems over the past century in favor of electric utilities, banks will find ditching internal infrastructure in favor of computing utilities will provide great benefit.
-QS
Technology Direction a Little Cloudy?
Managing a financial institution’s growing and complex technology environment can present a significant challenge for senior management.
Cornerstone Advisors’ Strategic Technology Planning services can help you:
- Prioritize technology initiatives
- Analyze system payback
- Invest appropriately in new systems
- Ensure staff is prepared for the company’s emerging technology environment
Our Integrated Business and Technology Approach is backed by a team of professionals that specialize in communicating an integrated strategic and technology vision appropriate for senior management, board members, regulators and vendor partners.
Contact Cornerstone today to discuss how to best leverage your technology investments.