EXECUTIVE REPORT: 2014 CLOUD TECHNOLOGY & IT OUTSOURCING TRENDS

Similar documents
2014 HIMSS Analytics Cloud Survey

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses.

Contact Centers in the Cloud: A Better Way to Source

Everything You Need To Know About Cloud Computing

Hedge Funds & the Cloud: The Pros, Cons and Considerations

WHITEPAPER. Why Businesses are Embracing Cloud IaaS

How To Understand Cloud Computing

How To Choose A Cloud Computing Solution

Archiving: To SaaS or not to SaaS?

Cloud Computing. What is Cloud Computing?

Credit Unions and The Cloud. By: Chris Sachse

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

Trends in Cloud Computing in Higher Education

Kroll Ontrack VMware Forum. Survey and Report

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Tips For Buying Cloud Infrastructure

Things You Need to Know About Cloud Backup

THOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis

LOW RISK ADOPTION OF CLOUD INFRA- STRUCTURE FOR ENTERPRISES

Using the Cloud to fill the void between the business and the IT Department

Business white paper Top 10 reasons to choose Cloud-based Archiving

The Key Components of a Cloud-Based Unified Communications Offering

Communications in the Cloud: Why It Makes Sense for Today s Business

Managed Services. Business Intelligence Solutions

Cloud Computing; What is it, How long has it been here, and Where is it going?

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

How cloud computing can transform your business landscape

Cloud models and compliance requirements which is right for you?

The Cloud Revolution - A Case Study

security in the cloud White Paper Series

WhitePaper. Private Cloud Computing Essentials

1 Introduction. 2 What is Cloud Computing?

Communications in the Cloud Why It Makes Sense for Today s Business

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC

Cloud Computing Safe Harbor or Wild West?

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

Processing invoices in the cloud or on premises pros and cons

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

Case Study. SNW Asset Management. (866)

Cloud Computing. Exclusive Research from

The Production Cloud

Trends in Business Intelligence

Cloud ROI Survey Results Comparison 2011 & 2012

Session 2. The economics of Cloud Computing

BMC s Security Strategy for ITSM in the SaaS Environment

The Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management

Cloud Computing for SCADA

SaaS Security for the Confirmit CustomerSat Software

The Key Components of a Cloud-Based UC Offering

Leveraging the Cloud for Your Business

How To Choose Between A Phone System For A Business

W H I T E PA P E R. Cloud Migration Methodology -Janaki Jayachandran (Director of Technology) a t t e n t i o n. a l w a y s.

The Elephant in the Room: What s the Buzz Around Cloud Computing?

CLOUD MIGRATION STRATEGIES

UBISTOR WHITE PAPER: NAVIGATING THE ROAD TO THE CLOUD

Archiving: To SaaS or not to SaaS?

The Benefits of Virtualization for Small and Medium Businesses. VMware SMB Survey Results

Creative Configurations

THE CORNERSTONE DIFFERENCE

The Pitfalls of DIY Approaches to Disaster Recovery

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Security in the Cloud: Visibility & Control of your Cloud Service Providers

To Cloud or Not? Fri, 08/31/ :28pm Don Lyman, CEO, Docassist cloud document managment

What you need to know about cloud backup: your guide to cost, security and flexibility.

white paper Using Cloud for Data Storage and Backup By Aaron Goldberg Principal Analyst, Content4IT

Fujitsu Managed Hosting Delivers your Cloud Infrastructure as a Service environment with confidence

TOP 7 THINGS Every Executive Should Know About Cloud Computing EXECUTIVE BRIEF

Avaya Aura Scalability and Reliability Overview. Deploying SIP Reliably at Scale for Large Corporate Communication Networks

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Your complete guide to Cloud Computing

Managed IT Secure Infrastructure Flexible Offerings Peace of Mind

PHP in the Cloud. Running Business-Critical PHP Applications in the Cloud

20 th Year of Publication. A monthly publication from South Indian Bank.

Developing SAP Enterprise Cloud Computing Strategy

Differentiate your business with a cloud contact center

CLOUD ERP AND ACCOUNTING: SELECTION AND PLANNING GUIDE

Can Cloud Database PaaS Solutions Replace In-House Systems?

Cloud Computing: Legal Risks and Best Practices

Managed Security Services for Data

Transcription:

EXECUTIVE REPORT: 2014 CLOUD TECHNOLOGY & IT OUTSOURCING TRENDS INTRODUCTION As technology continues to advance, so does the complexity of implementing a strategic, all-encompassing IT infrastructure that meets each financial institution s unique needs. Organizations are now turning to technology partners that can help provide and manage these infrastructures using their skilled resources and support systems. This annual report summarizes the findings of Computer Services, Inc. (CSI) Managed Services survey of how financial institutions are using cloud technology and IT outsourcing. Major trends include: Financial institutions increasingly recognize the operational benefits of implementing cloud technology, including improved disaster recovery and simplified management. There is a steady increase in the number of financial institutions strategically choosing to completely outsource IT services. Generally, concerns regarding the migration of systems to the cloud have decreased, yet security and compliance concerns remain at the top of the list.

EXECUTIVE SUMMARY Financial institutions are increasingly seeing the benefits of implementing cloud technology, as well as the advantages it provides in remaining competitive within their given markets. Finding the necessary resources among IT staff and trustworthy third-party vendors is an issue affecting institutions across the country. Cloud technology and IT outsourcing services have already been adopted by many organizations, as previous concerns and skepticism have decreased while benefits have increased. Also, institutions are recognizing the improved disaster recovery and simplified management that cloud technology allows. This year s survey findings demonstrate a definitive trend in the use of cloud technology and IT outsourcing, as well as a recognized increase from respondents in the value and benefits it can provide financial institutions. While this may be a step in the right direction from a managed services standpoint, service providers are still addressing institutions top concerns security and compliance. CSI Managed Services surveyed financial institutions throughout the U.S. and received data from more than 140 respondents. The results of the 2014 Cloud Technology and IT Outsourcing survey provide the latest insight on the use of these services from executives and senior IT management at financial institutions in response to the following areas: Their level of familiarity with cloud technology and services, cloud models and cloud platforms; Which IT services their institution is currently outsourcing; What their plans are for outsourcing IT services in the future; What percentage of their IT assets are in the cloud; What benefits their institution has seen from cloud technology; What services they are considering using in a cloud hosted environment; What level of cloud management makes the most sense for their organization; What their greatest concerns are in regard to the cloud; Whether an examiner or auditor has provided guidance in relation to cloud services; and What qualities they look for in a cloud services provider. 2

A SUMMARY OF THE SURVEY S KEY FINDINGS SHOWS: More than 60% of survey respondents rated themselves as knowledgeable to very knowledgeable of cloud technology and services, and they were generally familiar with private (61.5%) and public (50.4%) cloud models. Respondents expressed familiarity with Software as a Service (SaaS) cloud platforms (49%); however, 39.9% of respondents expressed no familiarity with any cloud platforms whatsoever. Over a three-year period, the number of institutions fully outsourcing IT has grown to 16.1%, while the number of institutions outsourcing on a project basis has grown to 43.1%. Additionally, organizations that reported no use of outsourced services dropped from 14.9% to 10.2% between 2013 and 2014. The number of financial institutions expressing interest in outsourcing IT services has remained relatively consistent from 2013 to 2014, with 89.8% of institutions planning to outsource the same services or more during 2014. There was a sharp decline in the number of institutions reporting no IT assets currently being delivered in the cloud, from 39.1% in 2013 to 21.1% in 2014. What s more, over the survey s three-year span, that percentage has decreased even more drastically, from 51.2% to 21.1%. There is an increase in confidence in the abilities of cloud service providers, with 20.3% reporting that a fully managed IT enterprise makes the most sense for their institution, versus 12.4% in 2013. Across the board, respondents reported increases in all areas of benefits based on their use of cloud technology and services. The percentage increases relative to 2013 ratings were significant, ranging from 20% to 203%. Institutions point to the highest rated benefits for leveraging cloud technology and services as improved disaster recovery at 39.5% and simplified management at 33.9%. Respondents indicated lower levels of concern regarding migrating their systems and services to the cloud. Security and compliance concerns remained the top issue, but dropped from 75.2% in 2013 to 58.1% in 2014. The top concern with respect to security/compliance in the cloud was data privacy/segregation, at 76.6%. In addition to high expectations regarding the speed of disaster recovery, respondents also place a premium on uptime of cloud-based services. While many institutions are still determining the actual percentage of IT assets they are planning to deliver in the cloud over the next 12-18 months, there is a steady increase in their use of cloud and hosted environments across all areas of IT infrastructure and core banking applications, with the exception of data warehousing. 3

DETAILED REVIEW Knowledge of Cloud Services The following summarizes the detailed responses of each survey question. On a scale of 1-5, please rate your knowledge of cloud technology and services. Knowledge of cloud services mimics a normal distribution curve throughout the various financial institutions surveyed. According to the survey results, more than 60% of respondents rated themselves knowledgeable to very knowledgeable of cloud technology and services. The remaining respondents rated themselves as not knowledgeable or not very knowledgeable. This year s responses came from individuals with different roles within the organization. Of the respondents, 43.6% were in IT roles for their institutions, versus 33.3% who were executives in non-it roles. The survey suggests that knowledge of cloud services rests in the hands of IT roles, and that non-it executives may need more education on the applications and benefits that cloud technology can bring their institutions. KNOWLEDGE OF CLOUD SERVICES Very Knowledgeable Knowledgeable Not Very Knowledgeable 4

Which cloud models are you familiar with? Respondents were generally familiar with private cloud models, at 61.5%, and public cloud models, at 50.4%. Financial institutions reported less familiarity with such cloud models as hybrid, at 29.4%, and community cloud models, at 16.1%. Given the variances among cloud models, financial institutions should ensure they understand the differences among all options. A public cloud offers cloud services from a service provider that hosts and operates its infrastructure, making it available publicly over the Internet. Cloud users share the infrastructure and have no control over where the infrastructure is located. Conversely, a private cloud is hosted by a dedicated organization and is not shared with other organizations. Private clouds provide higher levels of data security and control, since one cloud user s data can be separated from another s. In terms of a hybrid cloud, infrastructure is a composition of two or more cloud models (private, public or community) that are used in conjunction with one another. While certain benefits come from hybrid cloud environments, this model does leave financial institutions with multiple cloud providers to monitor. Similarly, a community cloud offers a multi-tenant environment that s shared among several organizations. These cloud environments are typically public clouds built for the use of designated organizations, which helps with privacy and security concerns. It is important for financial institutions to understand the model they are considering, so they can identify what issues they should be concerned with and ask the necessary questions to ensure the cloud model they adopt is right for the organization. WHICH CLOUD MODELS ARE YOU FAMILIAR WITH? Private Public Hybrid Community Not familiar with any 5

Which cloud platforms are you familiar with? Nearly half of all respondents were generally familiar with Software as a Service (SaaS) cloud platforms, at 49%. This is due to the widely accepted practice of providing access to business software through the cloud. However, 39.9% of respondents expressed no familiarity with any cloud platforms. And less than one-third of respondents were familiar with other cloud services platforms, including Infrastructure as a Service (IaaS), at 30.1%, Desktop as a Service (DaaS), at 28.7%, and Platform as a Service (PaaS), at 25.9% of respondents. In terms of understanding the various cloud platforms, financial institutions should be aware of the following: SaaS, which is basically software that s deployed over the Internet, allows software to be managed from a central location, and updates only need to be applied in one location for all users to receive them. PaaS allows users to create applications, as well as control software deployment and configuration settings, thereby eliminating the cost and complexity associated with buying hardware and establishing hosting capabilities. IaaS includes a cloud provider delivering such infrastructure needs as servers, firewalls, IP addresses and software bundles. DaaS creates a virtual desktop infrastructure in which a cloud provider manages the back-end infrastructure, and it can provide individual images or a single shared image that s delivered from a secure, centralized location. WHICH CLOUD PLATFORMS ARE YOU FAMILIAR WITH? Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS) Desktop as a Service (DaaS) Not familiar with any 6

Which IT service(s) is your institution currently outsourcing? The outsourcing of IT services by financial institutions over the past three years reveals mixed trends, but does indicate an increase in cloud adoption overall. The number of institutions completely outsourcing IT has increased consistently, with 16.1% now reporting full outsourcing. This has risen steadily over the past few years, from 12.8% in 2012 to 14.9% in 2013. Conversely, there were decreases for those institutions outsourcing network security monitoring and/or maintenance, as well as those outsourcing infrastructure monitoring and maintenance, which includes servers, routers and switches. There are several possible reasons these two instances have decreased in popularity over the year. The reduction in outsourcing network security and infrastructure may be partially the cause of the increase in completely outsourced IT, because this approach encompasses network security. According to Gartner s Market Trends: Managed Cloud Infrastructure 2013, a second explanation could be that the boundaries between the traditional types of infrastructure outsourcing including managed hosting, data center outsourcing, and remote infrastructure are blurring, and over the next 10 years, these markets will converge 1. Additionally, according to a December 2013 report from the FDIC 2 and a report from the Credit Union National Association (CUNA) 3, the number of banks and credit unions is at 13,616. This represents 7% fewer than in 2012, which is primarily a result of mergers and acquisitions, and may also be a reason for the drop in the outsourcing of network security and infrastructure. The number of institutions reporting no outsourcing at all has decreased by 4.7%, to only 10.2% of all respondents. The survey also indicates that project-based outsourcing jumped from 31.1% to 43.1% between 2013 and 2014. With technology continuing to increase in complexity and more new banking services coming to market, the need to outsource implementations increases as well. WHICH IT SERVICE(S) IS YOUR INSTITUTION CURRENTLY OUTSOURCING? 2012 2013 2014 We completely outsource IT We outsource network security monitoring and/or maintenance We outsource infrastructure (servers, routers, switches) monitoring and/or maintenance We outsource IT compliance We outsource on a project basis We do not outsource at all 1 Leong, L. (2013). Market Trends: Managed Cloud Infrastructure, 2013. Samford: Gartner. 2 Quarterly Banking Profile. (2013, Fourth Quarter). Retrieved July 8, 2014, from FDIC: Federal Deposit Insurance Coporation: http://www2.fdic.gov/qbp/2013dec/qbpdep.html 3 (2013). Credit Union Report Year-End 2013. Madison: CUNA Credit Union National Association. Retrieved from http://www.cuna.org/research-and-strategy/credit-union-data-and-statistics/credit-union-reports/ 7

What are your plans for outsourcing IT services in general in the next 12-18 months? Financial institutions plans for outsourcing IT services remain relatively consistent from 2013 to 2014, with 89.8% of institutions planning to outsource the same services or more during 2014, versus 93.8% in 2013. This is consistent with current industry trends. For example, in a December 2013 Aite article by Christine Pratt entitled, Top U.S. Lenders Risk and IT Challenger: Not Their First Rodeo, financial institutions were asked the likelihood of adopting new technologies 4. The article reveals that 61% of respondents stated that it was likely or very likely that a new lending solution delivered in a hosted SaaS or hybrid environment would be approved by their institution. Overall, financial institutions trend toward adopting new technologies and outsourcing IT services in the next year. WHAT ARE YOUR PLANS FOR OUTSOURCING IT SERVICES IN GENERAL IN THE NEXT 12-18 MONTHS? 2012 2013 2014 Plan to outsource more IT services than today Plan to outsource at the same level as today Plan to outsource less than today 4 Pratt, C. (2013, December 11). Top U.S. Lenders Tackle Risk and IT Challenges: Not Their First Rodeo. Boston: Aite. Retrieved from http://www.aitegroup.com/report/top-us-lenders-tackle-risk-and-it-challenges-not-their-first-rodeo 8

What percentage of your IT assets is currently delivered from the cloud? Most financial institutions have already embraced the cloud to deliver a portion of their IT assets. There was a sharp decline in institutions reporting no IT assets currently being delivered in the cloud, from 39.1% in 2013 to 21.1% in 2014. The estimated percentage of IT assets currently delivered from the cloud has steadily increased for all percentage ranges, with the exception of the top range (76-100%), which dropped slightly from 5% to 3.1% in 2014. While we are still at the forefront of the adoption curve, the survey indicates that momentum continues to gain significant traction among financial institutions. In examining the shift to more assets being delivered in the cloud, it is apparent that both awareness and acceptance of cloud services are growing. What s more, financial institutions that started with a measured, smaller approach are now moving more solutions to the cloud as they become more comfortable with the environments. WHAT PERCENTAGE OF YOUR IT ASSETS IS CURRENTLY DELIVERED FROM THE CLOUD? 2012 2013 2014 1-25 % 26-50 % 51-75 % 76-100 % Not Sure 0 % 9

What percentage of your IT assets do you plan to deliver from the cloud in the next 12-18 months? With larger percentages of IT assets in the cloud already, respondents are still trying to determine which IT assets they are planning to move to the cloud in the next 12 18 months. The percentage of respondents reporting no plans to deliver IT assets in the cloud in the coming months dropped from 21.7% in 2013 to 14.1% in 2014. This indicates that institutions are planning to convert more IT assets in the cloud, but the question lies in how much more. The data reveals varying levels of increases and decreases across the years, and the uncertainty is punctuated by the fact that many respondents selected Not Sure in regard to their upcoming outsourcing plans. These last two questions and responses suggest a tipping point for cloud services. The previous two questions indicated that there is a high percentage of IT assets delivered in the cloud already. However, financial institutions plans for the next year suggest hesitancy on how much more they will embrace. This is likely the result of many financial institutions making initial migrations of commodity services to the cloud, and now they are facing more specific project-oriented deployments that take more planning and effort to execute. WHAT PERCENTAGE OF YOUR IT ASSETS DO YOU PLAN TO DELIVER FROM THE CLOUD IN THE NEXT 12-18 MONTHS? 2012 2013 2014 1-25 % 26-50 % 51-75 % 76-100 % Not Sure 0 % 10

Are you currently using, or considering using, any of the following services in the cloud/hosted environment? Financial institutions are steadily increasing their use of cloud and hosted environments across all areas of IT infrastructure and core banking applications, with the exception of data warehousing. Categories with the highest percentage of already using included: Hosted Email Encryption (37.5%) and Core Banking Application (35.9%). These were followed closely by Hosted Email and Backups, at 30.5%. Categories with the highest year-over-year increases were: Hosted Email, jumping 8.3%, and Hosted Voice, increasing 8.6%. There also was a widespread decrease in those institutions specifically Not Considering the use of cloud/hosted environments, but most of that change in sentiment has moved into the Don t Know category. As indicated in the previous questions, respondents widely understand cloud services, implementation measures and associated benefits. Most respondents also understand the benefits of cloud services; however, they may be unsure of how and when to move forward. ARE YOU CURRENTLY USING, OR CONSIDERING USING, ANY OF THE FOLLOWING SERVICES IN THE CLOUD/HOSTED ENVIRONMENT? Already Using Plan to Implement within 12 Months Considering Not Considering Don t Know 2012 2013 2014 2012 2013 2014 2012 2013 2014 2012 2013 2014 2012 2013 2014 Security 15.5% 25.0% 28.1% 1.1% 2.6% 0.8% 9.6% 12.2% 14.1% 41.7% 48.1% 35.2% 32.1% 12.2% 21.9% Data Warehousing 17.6% 23.7% 16.4% 3.6% 1.9% 2.3% 16.6% 14.7% 18.8% 33.2% 43.6% 39.1% 29.0% 16.0% 23.4% Remote Access 18.2% 20.7% 25.0% 3.6% 3.2% 0.8% 15.6% 18.1% 19.5% 33.3% 43.2% 33.6% 29.2% 14.8% 21.1% Disaster Recovery 14.4% 23.6% 25.0% 6.7% 5.7% 2.3% 22.1% 21.0% 23.4% 28.2% 36.9% 28.1% 28.7% 12.7% 21.1% Hosted Email 14.9% 22.2% 30.5% 7.7% 3.2% 1.6% 15.5% 20.9% 21.1% 35.6% 38.6% 28.9% 26.3% 15.2% 18.0% Hosted IM 2.7% 6.8% 10.2% 1.1% 0.7% 0.8% 9.2% 12.2% 12.5% 47.6% 60.1% 48.4% 39.5% 20.3% 28.1% Hosted SharePoint/Intranet 7.0% 8.3% 15.6% 5.4% 5.1% 1.6% 14.5% 13.4% 13.3% 38.7% 52.2% 42.2% 34.4% 21.0% 27.3% Core Banking Application - 26.1% 35.9% - 1.9% 1.6% - 5.1% 6.3% - 56.1% 36.7% - 10.8% 19.5% Imaging 21.5% 23.4% - 4.4% 3.1% - 10.1% 15.6% - 52.5% 36.7% - 11.4% 21.1% Backups - 28.0% 30.5% - 6.4% 0.0% - 22.3% 18.8% - 32.5% 28.9% - 10.8% 21.9% Server Hosting 15.8% 16.4% - 3.8% 0.8% - 12.7% 14.8% - 53.8% 44.5% - 13.9% 23.4% Hosted Antispam/Virus - 20.7% 25.0% - 1.9% 2.3% - 12.3% 15.6% - 49.0% 35.2% - 16.1% 21.9% Hosted Email Encryption 29.0% 37.5% - 3.2% 3.1% - 18.1% 11.7% - 37.4% 25.8% - 12.3% 21.9% Hosted Email Archiving/eDiscovery - 15.6% 26.6% - 2.6% 1.6% - 16.2% 15.6% - 47.4% 32.0% - 18.2% 24.2% Hosted Virtual Desktops - 10.4% 7.0% - 1.3% 1.6% - 14.3% 14.8% - 59.7% 50.0% - 14.3% 26.6% Hosted Mobile Device Management - 12.8% 18.8% - 5.1% 5.5% - 18.0% 20.3% - 48.1% 35.2% - 16.0% 20.3% Hosted Voice - 3.9% 12.5% - 3.3% 2.3% - 10.5% 10.9% - 65.4% 50.0% - 17.0% 24.2% 11

What level of cloud management makes the most sense for your organization? There is an increase in confidence in the ability of cloud service providers to fully manage such initiatives as monitoring, maintenance and remediation, with 20.3% selecting this as the best scenario for their organization. This represents a 7.9% increase over 2013. Shared management and self-managed by in-house IT dropped during the past year, as more institutions see the value of a fully managed cloud service provider. WHAT LEVEL OF CLOUD MANAGEMENT MAKES THE MOST SENSE FOR YOUR ORGANIZATION? 2012 2013 2014 Fully managed by cloud service provider (monitoring, maintenance, alerts and remediation) Shared management between cloud service provider and in-house IT Self-managed by in-house IT Don t Know 12

WHAT BENEFITS HAS YOUR INSTITUTION EXPERIENCED BY IMPLEMENTING CLOUD TECHNOLOGY AND/OR SERVICES? 2012 2013 2014 Reduced Cost Improved Cost Predictability Agility 25.2% 16.2% 29.8% 10.4% 9.3% 20.2% 10.4% 6.2% 18.6% 25.7% Flexibility Scalability 12.9% 24.8% 29.8% 19.9% 25.8% Higher Performance Security/Reduced Risk 13.4% 11.2% 18.6% 13.9% 13% 28.2% Simplified Management 18.8% 24.8% 33.9% Improved Disaster Recovery 26.7% 28.6% 39.5% 7.9% None 5% 5.5% Have Not Implemented 26.6% 34.8% 47.5% 2.2% Other 2.2% 4% 13

What benefits has your institution experienced by implementing cloud technology and/or services? Across the board, respondents reported increases in all areas of benefits from their use of cloud technology and services. The percentage increases relative to 2013 ratings were very significant, rising as much as 15.2%. Highest-rated areas of benefit: Improved disaster recovery 39.5% Simplified management 33.9% Reduced cost 29.8% Flexibility 29.8% With improved disaster recovery being the highest-rated benefit, respondents confirm their understanding that cloud services are much more effective in recovering from any possible outages. Cloud applications and models typically provide a higher level of redundancy, thereby reducing the number of service outages. Additionally, it is more cost effective and faster to create virtual environments in the cloud. Financial institutions must be able to prove to examiners that they can recover from a disaster in an appropriate amount of time, so respondents recognition of this benefit underscores the significant role cloud services can play in disaster recovery. Respondents rated simplified management highly as an overall benefit to cloud services. This may be the result of the processes implemented when a cloud provider moves systems to the cloud, including standardization when a customer first comes on board. It also smooths out one-off environments and creates a standard environment for the organization. This takes the daily burden of management off internal IT resources. Largest numerical increases in rating of benefit: Security/reduced risk 28.2%, a 15.2% increase over 2013 Reduced cost 29.8%, a 13.6% increase over 2013 Agility 18.6%, a 12.4% increase over 2013 Interestingly, cloud agility rose significantly this year. Cloud agility gives institutions IT staff the opportunity to respond to a business need with an IT solution very quickly. For example, when a financial institution has acquired a new branch, it can bring the branch online into the overall IT infrastructure much easier using a cloud-based network and asset deployment. According to Gartner s Market Trends: Managed Cloud Infrastructure 2013, the chief concern of customers looking for managed cloud infrastructure is achieving business agility. This includes quick but real-time provisioning, flexible capacity and other benefits. 14

What are your greatest concerns with migrating your systems and services to the cloud? 1 2 3 4 5 Security & Compliance Loss of Control Availability/ Reliability/Speed Cost or Uncertainty on ROI Fear of Vendor Lock-In Overall, financial institutions fears surrounding migrating systems and services to the cloud have decreased over the years. Respondents, for the most part, reported lower levels of concern, but some areas still remain high. Three major declines in percentages have occurred over the past year. Security and compliance remain at the top of the concerns, but dropped 17%, from 75.2% in 2013 to 58.1% in 2014. Loss of control also remains a top concern for financial institutions, but it, too, has decreased from 49.1% in 2013 to 42.7% in 2014. Additionally, cost or uncertainty on ROI decreased by 12.4%, from 44.7% in 2013 to 32.3% in 2014. The availability, reliability and speed concerns increased slightly, from 41% in 2013 to 42.7% in 2014. Fear of vendor lock-in also increased marginally this year, at 25% from 21.1% in 2013. This increase may be due to the fact that some vendors, specifically larger corporate entities, make it extremely difficult to switch providers. When selecting a provider for outsourced cloud services, it is important that you conduct due diligence on all third-party relationships in order to best protect your institution. This includes reviewing the contract termination clause to ensure you can terminate early, if necessary, with minimal penalties. 15

With respect to security/compliance in the cloud, please select your primary concerns. As stated in the previous section, security and compliance top the concerns for financial institutions, at 58.1%. More specifically, the leading issue regarding security and compliance focuses on data privacy and segregation, according to 76.6% of respondents. For most institutions, the concern is that data must reside in the United States and be managed distinctly by the institution. As such, due diligence on your third-party vendor is crucial for alleviating this concern. As reported by 54% of financial institutions surveyed, the second-highest security/compliance concern is security incident management. This is based on how quickly the cloud provider alerts the institution to a security threat and takes action. Security incident management has become a rising concern for financial institutions, with well-known security threats occurring more frequently than ever, including the Heartbleed bug. The third-highest concern is cloud provider viability. Again, understanding your vendors and their financial standing is very important for your financial institution. WITH RESPECT TO SECURITY/COMPLIANCE IN THE CLOUD, PLEASE SELECT YOUR PRIMARY CONCERNS. Data Privacy/Segregation Disaster Recovery/ Business Continuity Cloud Provider Viability Security Incident Management Transparency of Architecture and Internal Policies Other (please specify) 16

What are your disaster recovery expectations of the cloud? Concerning the timeliness of disaster recovery operations within the cloud, expectations for a quick recovery are high, with 42.8% of respondents expecting the automatic failover of systems to a secondary site to occur either immediately or within four hours, and another 19.4% expecting backup and recovery of data and systems within 24 hours. WHAT ARE YOUR DISASTER RECOVERY EXPECTATIONS OF THE CLOUD? Don t Know 20.2% How much uptime does your organization require for cloud services? In addition to high expectations concerning the speed of recovery, respondents placed a premium on uptime of cloud-based services, with 35.5% of respondents expecting downtime of less than nine hours per year. While expectations can be high, in reality, minimizing downtime comes at a cost. Cloud providers can deliver faster response rates, however, this will cost the institution more. Most financial institutions choose to balance downtime at a cost that makes the most sense for their institution. A large percentage prefer a limited downtime of roughly nine or more hours a year, because it is more reasonable from a price standpoint. Backup and Recovery of Data and Systems Within 24 Hours 19.4% HOW MUCH UPTIME DOES YOUR ORGANIZATION REQUIRE FOR CLOUD SERVICES? Backup and Recovery of Data and Systems Within 48 Hours 7.3% 99% ( two nines ) = Downtime less than 3.65 days/yr 7.20 hrs/mth 1.68 hrs/wk 20.2 % Ability to Recover Systems to a Remote Site Within 24 Hours 8.1% 99.8% = Downtime less than 17.52 hrs/yr 86.23 minutes/mth 20.16 minutes/wk 13.7 % Automatic Failover of Systems to a Second Site Immediately 23.4% 99.9% ( three nines ) = Downtime less than 8.76 hrs/yr 43.8 minutes/mth 10.1 minutes/wk 23.4 % Automatic Failover of Systems to a Remote Site Within 4 Hours 19.4% 99.999 ( five nines ) = Downtime less than 5.26 minutes/yr 25.9 seconds/mth 6.05 seconds/wk 12.1 % Have No Defined DR/BC Return to Service Windows 2.4% Don t Know 30.7 % 17

Has an examiner or auditor provided any guidance on the use of cloud services within your financial institution? While examiner or auditor guidance on the use of cloud services remains relatively low, 12.9% of respondents report that examiners and auditors have discussed cloud services with their institution. This represents a more than 330% increase over 2012. In the survey, respondents also provided insight on the types of guidance they were receiving from their auditor. Much of that guidance strongly urges financial institutions to ensure they are conducting the necessary due diligence on cloud vendors. Auditors have not specifically expressed concerns regarding where the data resides, and some cloud providers do not inform their financial institution customers on where the data is stored (domestic vs. international). However, most financial institutions prefer keeping data in the U.S. to minimize regulatory concerns that can arise when sensitive information is stored overseas. All financial institutions must perform proper vendor management and ask their vendor these types of questions. HAS AN EXAMINER OR AUDITOR PROVIDED ANY GUIDANCE ON THE USE OF CLOUD SERVICES WITHIN YOUR FINANCIAL INSTITUTION? 2012 2013 2014 Yes No Don t Know 18

Do you have redundant network connections to the cloud? Approximately 33% of respondents using cloud services employ redundant network connections to the cloud. This component of cloud services is critical for financial institutions. Redundant network connections protect against a single point of network failure, and it is standard practice for cloud providers to have redundant network connections. Therefore, financial institutions lacking redundancy should consider cloud strategies to put them in place. DO YOU HAVE REDUNDANT NETWORK CONNECTIONS TO THE CLOUD? 33.1% 21.8% 20.2% 25% Yes No Do not use cloud currently Not Sure How many cloud service providers does your organization use today? Of respondents currently using a cloud services provider, 23.7% reported using a single provider; 20.3% reported using two providers; and 25.4% reported using three or more. HOW MANY CLOUD SERVICE PROVIDERS DOES YOUR ORGANIZATION USE TODAY? 30.5% 23.7% 20.3% 11.9% 9.3% 4.2% 0 1 2 3 4 5 or more 19

What qualities do you look for in a cloud services provider? Please rank from 1-5, 1 being most important; 5 being least important Respondents rated disaster recovery availability as the most important quality they look for in a cloud services provider, at 72%. Examinations/ certifications (SOC1, SOC2) came in as the second most important quality, at 67%. The following characteristics were marked in the middle: Built-in redundancy 59.3% 24x7 monitoring/remediation support 57.6% Specializes in the financial industry; FFIEC and industry specifications 55.9% The least important quality for respondents was the provider s location near their institution s city/region, with 42% of respondents ranking it accordingly. WHAT QUALITIES DO YOU LOOK FOR IN A CLOUD SERVICES PROVIDER? Please rank from 1-5, 1 being most important; 5 being least important 2014 1 2 3 4 5 Examinations/Certifications: SOC1, SOC2, etc. 67.0% 16.1% 6.8% 1.7% 8.5% Specializes in the Financial Industry; FFIEC and Industry Specifications 55.9% 21.2% 11.9% 4.2% 6.8% Located Within Same City/Region as Organization 13.6% 11.0% 33.1% 15.3% 27.1% Low Price 22.0% 27.1% 39.8% 4.2% 6.8% 24x7 Monitoring/Remediation Support Included 57.6% 23.7% 10.2% 1.7% 6.8% Transparency of Architecture 26.3% 32.2% 28.0% 7.6% 5.9% Built-in Redundancy 59.3% 21.2% 11.9% 0.9% 6.8% Disaster Recovery Availability 72.0% 10.2% 8.5% 0.9% 8.5% 20

DEMOGRAPHICS This survey represents feedback provided by 143 respondents. The majority of contributors (43.6%) were individuals in IT-related roles. Additionally, 46.2% indicate that their institution has 0-50 full-time employees. Most of the respondents (58.1%) noted that they employ between one and three in-house IT staff. ASSET SIZE Of the responses, 48.7% came from institutions with an asset size between 0-$249 million. Sixteen percent of responses were received by institutions with an asset size between $250 million and $499 million. Financial institutions with an asset size between $500 million and $1 billion provided 18% of the responses. And institutions with an asset size greater than $1 billion provided 17.1%. BREAKDOWN BY ASSETS 18% 17% 16% Less than $100M $100M - $249M $250M - $499M $500M - $1B 17% More than $1B 32% ABOUT CSI MANAGED SERVICES CSI understands our customers needs, delivering dynamic solutions with superior results. Our Managed Services division allows you to experience the benefits of technology in the cloud. Managed Services gives you many competitive advantages, so choose a partner like CSI with in-depth expertise, scalable solutions and trusted service. CSI provides not only relevant solutions that ensure your success, but also one-on-one account management to help you utilize them to their fullest potential. Your financial institution matters and our team of knowledgeable professionals will ensure you achieve superior results for both your business and your customers. LEARN MORE AT www.csiweb.com/solutions/managedservices August 2014 KY_070814_201_V1

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information