Are you mixing with the wrong cloud? Building the right cloud strategy for your financial services organisation
Is your head really in the cloud? Or are you just making use of cloud technology? Understanding this subtle distinction can make a big difference to your financial services business. The cloud is not a mythical utopia with unparalleled benefits located somewhere in the computing ether. It s simply a tool, but it s a powerful one that works alongside your existing computing assets to provide many benefits, including: Low cost New business opportunities Agility What is the cloud? Cloud computing is: A computing capability provided in a consumption model, on-demand and pay-as-you-use. This definition doesn t mention where data is stored, let alone say anything about it being in the cloud some sort of airy, computing no man s land. Properly defining cloud computing helps enterprise IT concentrate on selecting the cloud-enabled platforms that are useful and relevant to business needs. 2
Pick your own cloud From on-premises corporate data centres to private hosted data centres and public commodity-based services (such as Office 365), there s a huge variety of cloud models around. You choose the model that works for you. Non-cloud on-premises: Existing apps and data are stored in your data centre on physical servers. Typically delivered with little transparency in costs, or any burst expansion capability. Private on-premises: Storage is on your own machines, on-site and only used by your organisation. But it s delivered using cloud principles; making apps available on a pay-as-you use basis. Focusing on obstacles means missed opportunities. Managing customer financial accounts is a big responsibility, so it s understandable that if you are in charge of that data, risk is something you should take seriously. Cast your mind back ten or so years. Internet banking was a new and for some people dangerous business idea. Yet to others it was an opportunity that promised huge benefits. Today it seems almost laughable to question the value of Internet banking. Online banking and mobile banking are now absolute must-haves. Private off-premises: Storage is provided off-site using third-party servers managed by a third party. Services are dedicated to a single organisation and delivered on a payas-you-use basis, often for commodity services. The cloud can be seen in a similar way. But when you balance the challenges against the benefits and opportunities, moving to the cloud makes complete sense. Public off-premises: A third party runs and manages off-site services on behalf of multiple organisations. These are provided on a commodity-based, pay-as-youuse model. It s about delivering agility and low cost to the business whilst managing costs, risk, regulation and security for operations. Only by focusing on the advantages and developing a strategy to exploit can a bank successfully move towards cloud service enablement. So why isn t everyone using it? Resistance can come from misunderstandings of cloud computing within your business. In financial services, security and compliance often top the list of obstacles to adoption in Financial Services. This leads to organisations avoiding cloud computing because it is perceived as risky. But the benefits far outweigh any pitfalls and with proper implementation, the cloud is perfectly safe and secure. 3
So what does this all mean for financial services IT? Enterprise IT has traditionally managed all of an organisation s applications from commodity systems such as email to key business applications such as trading systems or corporate transactional websites. With this set up, all these systems, with the exception of a few outsourced services, are located in the same data centre. They would use different sets of SLAs as determined by application type, and would mostly be contained within the company firewall. But this model is inflexible restricting the business to just one way of doing things. But with the cloud, IT departments can now be much more agile. The new technologies enabled by the cloud allow you to adopt the right computing model for your organisation, and for each individual department. Most organisations have already recognised that one size doesn t fit all and they re adopting all four cloud models to varying degrees. The key to picking the right option is understanding the enterprise landscape, and how the different models work. Step into the cloud Defining a cloud categorisation strategy The first step for any organisation is to define a cloud categorisation strategy; and this means looking at assessing which applications will generate the most benefit and least risk. Doing this thoroughly means you can take advantage of new cost models, greater flexibility and highquality, enterprise-grade security. You also need to consider the two ends of your application landscape: from differential apps to commodity, and think about what fits where. Let s take email as an example. You may think that, as a commodity, it is ideal for the cloud. But others may argue the cloud isn t a safe place for a bank s confidential data. So who s right? Well, the answer isn t so simple. From different points of view both opinions are equally as right as they are wrong. For the parts of the bank using email for external marketing, the public cloud might be the right option. But for risk and compliance and customer interaction, it might well be that remote off-premises services won t support regulatory frameworks. But this doesn t have to be a problem. Your strategy could be to use a cloud-based solution for your external marketing only. That s the beauty of the cloud it s flexible. 4
Cloud categorisation: Fixed or hybrid? Fixed platform Based on overall enterprise architecture requirements delivering a single platform. Hybrid deployment Providing choice and flexibility. Cloud or local server solution Public cloud Marketing CRM data Non-cloud on-premises Customer data Marketing CRM data Internal financial data Private on-premises cloud Customer data Internal financial data Avanade can help As the leading business technology solutions and managed services provider, we connect insight and innovation with expertise in Microsoft technologies. This unique combination gets results. We can help you: Define and deliver a cloud strategy Deliver cloud-enabled applications both on-premises and in the commodity space Manage full commodity-based services including email, messaging, enterprise voice and collaboration, as well as specific offerings covering digital marketing We re already helping many organisations develop cloud delivery models capable of supporting all stakeholder needs, from risk management, security and compliance through to business and IT. We do this through a combination of the various cloud deployment options which, when wrapped up with Avanade s management and support layer, deliver a fully managed service. This model is illustrated by Avanade s Communication and Collaboration Managed Service a unique service that delivers a complete managed solution, across the Microsoft collaboration and communication platform. Unique in the industry, it provides a range of services delivered on a per-user cost model across a spectrum of configurations from on-premises to host to cloud. An example of how it works: An organisation wants email and instant messaging via a managed service at the lowest price point, but a third of the users need secure email retention, to allow for auditing. The remaining two-thirds of users are internal and don t deal with customer issues. What s more, the organisation deals with a range of third parties that each need external access to collaboration sites. And, despite strict policies that ensure access to sensitive data is not shared via IM, the whole organisation requires IM for collaboration. Okay, this might be an unusual scenario, but it shows how different parts of the same organisation can have very different needs. How we d solve it: With the ability to deploy and manage an on-premises mail solution based on Exchange, we d integrate a single sign-on and federation with Office 365. This service also offers on-premises managed SharePoint for internal collaboration linked to SharePoint in Office 365 all utilising Lync on Office 365. The great thing is, the user doesn t even notice the deployment differences because access is controlled by a federated Active Directory across public and onpremises cloud. And all of this is managed and supported by Avanade. When integrated with other cloud applications in both public and private deployments, this model can achieve significant benefits in terms of speed to market, flexibility and cost.
Clouded judgement Concerns over regulation and the rules surrounding data location, security and access, and the fear of reputational risk if data is lost, causes financial services organisations to limit their use of the public cloud. Obviously, you shouldn t ignore the risks, but it s worth considering the regulations, implications and technology provision at a level that will enable you to make informed decisions. Although you re required to take reasonable steps to avoid undue operational risk when entering into material outsourcing arrangements, the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA) and associated regulations do not prohibit the use of cloud services. So, if you want to take advantage of the opportunities, costs savings and flexibility of the cloud, you need to categorise your estate and analyse your systems so you can make informed decisions. By looking at your critical platforms carefully, you ll be able to understand what systems and data should be classified as critical. You can do this using tools to scan content for critical information such as personal identifiable information (PII). By understanding the data, the implications and risks associated with it, along with the systems that process it, you ll be better able to make decisions about what outsourced services are viable and appropriate. The public cloud: three main concerns: 1. Right to audit As with all suppliers of outsourced service, cloud services providers must be willing and able to work with regulators in an open and cooperative fashion, for example they must allow auditors access to their premises. For traditional data centres, this is pretty easy. But for cloud providers, with many clients, the costs can be prohibitive. That s why some public cloud providers, including Microsoft, provide the right to examine their auditor s reports rather than providing access directly to the physical locations. Because public cloud providers are not seen as hosts, this approach is acceptable to many auditors. Regulators such as the FCA are becoming increasingly comfortable with the right to examine audit reports in the UK. 2. Security All cloud providers have to give clear statements on their security procedures. In fact, many cloud providers have much better security mechanisms in place than traditional hosts or outsourcers. They often use biometric air-locked security with access limited to very few individuals. 3. Data sovereignty It s important to know where your data is and who can access it, and much of this concern is borne out of the US Patriot Act, which gives the US government access to data located within US geographical territory. While this is true, it is important to remember that many governments around the world already have these types of powers, irrespective of location of private, public or traditional data centres. Safe Harbour agreements between the US and EU protect much of the data from unauthorised access and many providers, including Microsoft, subscribe to this. But given the range of choice on offer from cloud service providers, you can avoid these issues by choosing where your data and services are located. Cloud concerns There s no reason to have more misgivings about the cloud than you d have about any other new technology. The point is to make sure you don t dismiss it until you have a thorough understanding of your organisation s data, its systems and the risks and opportunities of the cloud. Only then can an informed choice be made. Remember, the cloud is no different in this respect to any other platform or technology. 6
Where to get help To make the most of these new models you need a partner with in-depth product knowledge, skilled resources, and experienced delivery. You also need someone with the infrastructure and services to provide a complete service. Avanade works with many organisations to define and deliver cloud strategies. This includes on-premises management and deployment of bespoke cloud applications on the Microsoft Azure cloud platform and managed cloud services. We have the skills and technology to define the cloud service model that s right for you. Contact us today Our experience helping enterprises and financial services organisations plan and implement cloud strategies means we understand your sector and the main challenges. We re already helping financial services companies like Aviva, RSA and National Australia Bank make better use of their technology and we d love to help you too. 020 7025 1000 ukmarketing@avanade.com @AvanadeUK www.avanade.com Who we ve worked with Call, email or tweet us 020 7025 1000 ukmarketing@avanade.com @AvanadeUK www.avanade.com About Avanade Avanade provides business technology solutions and managed services that connect insight, innovation and expertise in Microsoft technologies to help customers realize results. Our people have helped thousands of organizations in all industries improve business agility, employee productivity and customer loyalty. Additional information can be found at www.avanade.com. 2014 Avanade Inc. All rights reserved. The Avanade name and logo are registered trademarks in the US and other countries. North America Seattle Phone +1 206 239 5600 America@avanade.com South America Sao Paulo Phone +55 (11) 5188 3000 latinamerica@avanade.com Africa Pretoria Phone +27 12 622 4400 SouthAfrica@avanade.com Asia Pacific Singapore Phone +65 6592 2133 AsiaPac@avanade.com Europe London Phone +44 0 20 7025 1000 Europe@avanade.com 7