As with most sectors, financial services experienced a surge in cloud adoption since the start of the COVID-19 pandemic, with institutions across the space looking to make its services more agile and secure, in line with evolving customer needs. This has meant not only a change in tech, but also process and culture, with buy-in and support from across leadership teams and the workforce as a while being a must. However, for many, there are still obstacles to overcome before they can realise the full potential of the cloud.
Consulting, system integration and digital services organisation Reply has been helping its financial services clients to overcome strategic challenges surrounding cloud adoption. According to a recent study by the company, 30% of financial service organisations have found regulatory compliance concerns to be their most significant cloud challenge. Meanwhile, security concerns (18%) and a lack of cloud expertise or cultural readiness (16%) also prove prominent obstacles.
Ben Walker, partner and founder at Airwalk Reply, explained how Reply has been helping customers to overcome these challenges: “We have dedicated teams for this vertical, which means we bring two things: deep industry expertise, and technical expertise.
“We help our clients talk to regulators in ways they understand; identify and address security concerns; and apply our industry expertise towards aiding completion of goals in the sector, in a modern way.
“There are also accelerators dedicated to financial services that we provide, which help to speed up adoption of modern technologies.”
Matt Mould, partner at Storm Reply, commented: “We’ve invested time in crystalising our cloud adoption framework, called the Cloud Adoption Framework for Enterprise (CAFFE). Within this is a common approach to governance strategy, architecture engineering and managed services.
“This helps to define organisation maturity and a target operating model, as well as building an appropriate organisation design behind this, the technology, and finally the running of the infrastructure, with the aid of multi-cloud managed services. This includes partnerships with AWS, Azure and GCP.”
Overcoming regulatory concerns
With regulatory concerns being front of mind for many financial service providers, there is a need to stay on top of any changes, and adjust accordingly. For global operations, there are also differing regulations by region to consider: the UK, for example, tends to have a more cloud-friendly regulatory stance than countries in the Middle East.
“Globally, the views of regulators are fragmented, and when you have large, global financial organisations that can be regulated by numerous external bodies, compliance becomes very difficult,” said Walker.
“Issues include data sovereignty, operational resilience and cyber resilience, but steps are being taken towards harmonisation of regulation such as the Digital Operational Resilience Act (DORA) in the EU, however there needs to be far greater collective engagement between the CSPs, the leading regulators across the globe and the multi-national and regional FS companies.”
“A lot of this needs to be levied back on to the CSPs —they need to understand how to develop their offerings for financial services. This way, the potential of the cloud can be better realised by financial service companies.”
Adapting the culture
There’s also the people challenge in financial services to consider: with the move to the cloud requiring new skills, acquisition and training need to be rethought. A department dedicated to managing cloud services and infrastructure can no longer suffice — the entire organisation needs to play a role in maintaining performance and ensuring that cloud deployments meet business goals. Reply’s research found that multi-cloud approaches in particular have been a source of complexity for financial institutions.
“There are always complexities when dealing with multiple providers, but this can be made by making some considered choices up-front starting with a single cloud centre of excellence with strong governance that sets out the guardrails and decides what should be common across the cloud ecosystem and decides what the standards are going to be across those different cloud programs,” said Walker.
“This can mean architectural standards and policies; making the right decisions around common shared services; and how you want to manage security. Once you get these elements right, which would normally be found in the cloud centre of excellence, it becomes much easier.
“There also needs to be investment in people, knowledge, training and skills, which is why we get involved in these programs.”
Weighing in on the culture challenge in financial services, Mould added: “We have to accept that people are learning about ICT in a different way to when we did traditionally 10-15 years ago. It’s less about feeding and watering technology, and more about creating and innovating.”
Building from within
For cloud adoption to be successful, buy-in is required from the workforce and leadership. This is key to aligning tech investment and deployment with clear business goals, but a deep understanding of the strategic implication of cloud migration among C-suite and board members can sometimes be absent. Business leaders often believe it is the full responsibility of the CTO, but the discussion must go both ways, and therefore, there is a gap to be bridged between business and IT to ensure that both sides are on the same page.
“It’s easy to forget that you need a case for change, and to overlook alignment of any staff member in charge of a team,” said Mould. “The leadership team also need to consider how they put the organisation across as an attractive place for talent to help them with the cloud migration.
“The alternative is to outsource a capability that won’t be invested in internally, but a big part of this adoption is thinking differently about the brain drain, and look at creating an internal capability.”
Walker, meanwhile, believes that the best cloud adoption strategies are business led, stating: “Having business goals in place is critical, because if you’re not sure what you’re trying to achieve, whether the focus is on stability, being innovative or being competitive, the outcome won’t be there.”
The role of DevSecOps
Another way to overcome the challenge of adapting organisational culture for cloud adoption success, and an emerging approach to stronger security, is that of DevSecOps — a concept entrenched in ongoing, cross-company collaboration on fixing vulnerabilities while continuing to innovate. Some financial institutions that participated in Reply’s study stated that they’re turning to this strategy, in response to the increasing pace of innovation powered by DevOps, with developers becoming security engineers. Given the sensitivity of the data at play in the sector, overcoming security issues quickly is critical.
However, Mould believes there are many tech-related angles to explore, but not enough aspects of culture that need to be addressed, and explained the obstacles that are still to be overcome: “DevSecOps is expected to be retrofitted to existing systems, and applying new approaches to tech that has been in place for years is a challenge.
“On a talent perspective, we’re just about feeling comfortable with the concept of DevOps, so DevSecOps is still a purple unicorn. It’s there, and security by design needs to be in place, but this means starting from a new, native application.”
When it comes to realising the value of DevSecOps, Walker said: “The objective is finding security vulnerabilities and risks earlier in the lifecycle. This can mean as part of design activities, writing code, or at run time.
“Financial services companies have a good understanding of perimeter security, but for DevSecOps to be successful in the space, organisations must realise the need to pass education around security down to everyone involved in the end-to-end supply chain, and to provide the right tools.”
As the financial services sector continues to evolve with the aid of cloud adoption, and partnerships between incumbents and neobanks continue to emerge, collaboration without silos will be key to overcoming the most prominent challenges faced by institutions.
This article was written as part of a paid-for content campaign with Reply