Multicloud strategy guide: one cloud good, two clouds better?

1 comment

Multicloud strategy guide: one cloud good, two clouds better?

Contributed

This content is contributed or sourced from third parties but has been subject to Finextra editorial review.

Cloud-based computing is an integral element to any forward-looking digital transformation strategy for financial institutions. This article will explore the key attributes of multicloud adoption being undertaken by many financial institutions, and features commentary from Commerzbank, Wells Fargo, and McKinsey.

Multicloud strategy is now increasingly favoured by banks, allowing them to source their cloud computing and storage services from a number of cloud service providers (CSPs), therefore spreading their cloud reliance across a number of vendors. This is often viewed as an essential risk mitigation decision.

In order to complete cloud evolution, however, banks must assess and manage the challenges inherent to cloud migration in order to minimise any negative impact that may arise.

Benefits of a parallel multicloud strategy

Carsten Bittner, CTO and head of group technology foundations for Commerzbank AG, states that  the German bank relies on a multicloud approach, first and foremost, through its strategic partnerships with Google and Microsoft. “It’s crucial for us to remain independent of a specific provider as we benefit from the respective advantages and know-how. Working with different partners also gives us more flexibility in case of an exit scenario.”

“For Commerzbank, we believe that the multicloud approach is key to building a cloud transformation organisation and to innovate new solutions for our customers.”

Similarly, Christopher Marsh-Bourdon, head of hybrid environments, technology infrastructure at Wells Fargo, explains that the bank chose a multicloud approach to reduce the dangers around concentration risk and data monopolies. “That has been a core concern of regulators globally over the last few years, and it is at the forefront of what we drive out as part of our strategy.”

Vijay D’Silva, advisor to McKinsey’s Global Banking & Securities Practice and former senior partner, also states that financial institutions are targeting a multicloud strategy to take advantage of different capabilities of cloud service providers and minimise lock-in and commercial risks. 

D’Silva also highlights the point of increased regulatory attention, explaining that watchdogs such as the Bank of England have also voiced concerns publicly about the need for greater oversight to ensure resilience and financial stability from the overreliance on few vendors. “Many large FIs see some level of multicloud strategy as inevitable

While it is clear that spreading cloud reliance over multiple CSPs is frequently cited by institutions seeking to avoid concentration risk, it also guarantees a level of flexibility to adapt or exit should circumstances ever change. Reducing the concern around data monopolies will also ease regulators’ minds in the long term, as their focus shifts toward bolstering operational resilience in financial services.

Challenges of transitioning to a multicloud strategy

Cloud transformation involves a combination of strategy and management, business domain adoption, and foundational capabilities, explains D’Silva.

In order to reap the full benefits of cloud, financial institutions are compelled to modify large numbers of applications -this necessitates substantial investment. D’Silva explains that this cost is amplified further when compared to the high running costs of (already depreciated) on-prem systems. He continues that establishing a multicloud strategy also demands the reassessment of the  operating model and acquisition and training of new engineering talent. “A move to a multi-cloud strategy will in turn require financial institutions to build up talent capable in operating in multiple CSP environments.”

Bittner cites organising the migration of decentralised applications on the cloud, and training staff on handling cloud-based applications as key challenges financial institutions face in this transition. “Another major objection is to achieve a mindset change concerning cloud technology within the organisation, but also among external stakeholders.”

Marsh-Bourdon adds that for every individual CSP a financial institution works with, it must learn their unique services and approaches. It is not all bad news though, because while the service names may differ, there are a lot of commonalities in this space and they do share a lot characteristics.

Adding to these challenges is the fact that not all financial institutions are equally prepared to launch multicloud strategies. For financial institutions to effectively operate in a multicloud environment, the level of engineering skills and resources required are considerably higher. D’Silva argues that digitally mature institutions that already have effective cloud operating models will be better positioned to make the transition to multicloud.

While qualifying that only the financial institutions themselves can truly answer this question, Marsh-Bourdon says that Wells Fargo’s view is that selecting only one single cloud service provider poses too many questions from a concentration risk perspective, “and it limits your ability to leverage services that may be specific to a given CSP.”

Cost will always accompany a change in operations, and both the sourcing and training of new talent will remain a challenge for as long as innovation is pursued. Maintaining a culture which promotes an innovation-first mindset will therefore remain essential as institutions evolve and capitalise on the opportunities presented by the cloud. Despite the challenges, with an innovation first culture which leverages the commonalities across CSP offerings, there is no reason for the challenges of multicloud adoption to overshadow the significant upside it presents.

Data security and reduced data loss as pillars of multicloud strategy

Cloud and data go hand in hand. Financial institutions depend on the cloud’s computational capacity to leverage the value of data, but in doing so they must have confidence that data will remain secure and protected.

Cybersecurity, explains D’Silva, is one of the biggest risks being faced by financial firms currently, and it is seeing increased focus within the boardroom. “Five years ago, executives in McKinsey research identified cybersecurity as a barrier to cloud adoption. Today, many recognise that resources dedicated by cloud service providers to cybersecurity dwarf their own capabilities. One of the advantages of moving to the public cloud is that the major CSPs have built-in tools and mechanisms to minimise cyber-risk.”

Despite this, he adds, almost all breaches to date have resulted from misconfiguration. In this sense the emergence of security as code (defining cybersecurity policies and standards programmatically) can work to increase resilience.

Conversely, Marsh-Bourdon points to the positive impact that strong data management can have, noting that public cloud object storage services “have been a boon around retention and data resiliency in recent years. Not only do they minimise the potential for data loss, but they also do so at a much more completive rate than traditional storage, especially for data that is accessed infrequently. We fully intend to leverage them.”

According to Bittner, it goes without saying that data protection has top priority within Commerzbank given that General Data Protection Regulation (GDPR) compliance is an absolute must. “Our cloud strategy does not change this rationale.” 

Will it ever be possible to completely avoid downtime?

We understand all too well the frustrations that accompany an outage. While a disruption to social media or entertainment access can be an annoyance, when financial institutions’ online presence experiences an outage, their customers can find themselves unable to make payments. Not only is this terrible for reputation (and business), it can put customers at risk.

D’Silva observes that “as long as we have a dynamic environment, in which manual error or external shocks are possible, downtime, no matter how remote or diminishing the likelihood, is a reality that institutions need to plan for.” Managing this risk is therefore of the utmost importance.

The potential for zero downtime is available to us now, argues Marsh-Bourdon, however, applications need to be architected for zero downtime. “That doesn’t mean just the business logic itself, but also how an application is built and deployed. Leveraging patterns such as blue/green deployments not only allow for zero (or minimal) downtime, and it also provides a resilient pattern for roll-backs, should a release not go as planned.”

Bittner furthers that cloud data centres and services offer the advantage of a 24/7 and high availability – 99.9% of the time. Furthermore, he notes that there is no need for a downtime window for maintenance work and updates are carried out seamlessly and on a rolling basis.

While achieving zero downtime (or getting as close it as possible) should remain a fundamental objective for financial institutions hoping to perfect their cloud delivery, risk management and smoothing out deployments go a long way toward developing a resilient strategy that is sufficiently robust to weather unexpected events, and the integration of new technology.

Channels

Comments: (1)

Andrew Smith Founding CTO at RTGS & ClearBank

The reality is, the only time you need a "multi-cloud strategy" is when one cloud provider does something fundamentally better on a specific product. In such a case, Cloud should be thought of as a provider of technology, especially since interconnectivity between cloud providers is so easy to achieve. 

You should not be thinking multi-cloud for core operations or for failover, if you are, you are not understanding the high availability models that clouds operate. Sure you can implement it if needs be, but the cost of doing so, then maintaining that strategy over time and alongside the ever increase pace of evolution on each cloud is simply nuts, especially given the actual risk of a total outage.

/devops Long Reads

Hamish Monk

Hamish Monk Reporter at Finextra

What is an API?

/devops

John Barber

John Barber Vice President and Head at Infosys Finacle

Trade finance: Progressive business models to beat the slowdown

/devops

Hamish Monk

Hamish Monk Reporter at Finextra

How to leverage quantum computing

/devops

Contributed

This content is contributed or sourced from third parties but has been subject to Finextra editorial review.