Destination Cloud: can in-house tools cope?
The Financial Services Industry is comfortable with the Cloud. If individual Institutions are not quite there yet, they soon will be, and all the benefits of security and extensibility will be available to those making the move.
Healthily, this will open up a whole host of new challenges for Banks and Brokers alike, no matter what their flavour of business. One critical question is: will all those legacy tools, lovingly developed in-house over many years, be up to it? At one level, giving secure internal access to a desktop tool is one thing; enabling it to survive the vicissitudes of penetration testing and source code integrity checks ready for the Cloud is another.
As the sophistication and complexity grows, of what is required from traditionally hosted and now Cloud-based platforms, so the need to keep up will be paramount. In-house I.T. teams that have suggested they can readily step up to the plate to deliver functional requirements will be exposed to the double- or even triple whammy of maintaining code, evolving functionality and doing so in a Cloud-based environment – and all at the same time. There remains deep scepticism from business lines about the speed and efficacy of in-house solutions anyway and if the move to the Cloud does not obscure delivery of business line requirements, the distraction is bound to impact resource availability and prioritisation.
The proposed Digital Operational Resilience Act (DORA) was put forward late last year; this will be yet another consideration for Network and Vendor Management teams sitting in an Operations or a Risk hierarchy and will have slipped by unnoticed by many. The EU is seeking to impose tighter controls around new incident responses and reporting, and improved third-party risk requirements and monitoring for firms operating within the EU. DORA touches aspects of many regulations – CRD IV, Solvency II, PSD2, EMIR, MiFID and others – which directly and indirectly impact both the buy-side and sell-side of firms active in the EU.
“Digitisation before digitalisation” has been our mantra for many years; a coherent data strategy naturally precedes a digitalisation strategy and DORA merely heightens the need for both. And to benefit from digitisation and the automation brought on by digitalisation, systems must be robust and maintainable. They must be secure and extensible, with the need to evolve functionality matched by the ability to deliver that functionality. I.T. teams have historically struggled to deliver the functionality that business lines need – are Banks Financial Services Institutions or Technology Development Houses? Certainly not the latter – and that is unlikely to change with a move to the Cloud. They will simply not be able to keep pace.
The move to the Cloud is a reality; it is more secure, it is more robust from a BCP-DR perspective, it permits instantaneous expansion in capacity and the move to Cloud-native applications is now an irreversible trend. Many Financial Institutions would struggle to find sufficient Cloud-ready platforms, but the move to the Cloud is not a big-bang anyway. Striving to recreate legacy, perhaps core technology in the Cloud is questionable, and complete reinvention is too risky. “Re-platforming” is not quite accurate when describing a move to the Cloud, but simultaneously layering in upgrades for legacy technology to cope with the Cloud, simply magnifies that risk. Leave it to the experts who can provide secure, tried and tested platforms that are already Cloud ready.
CEO, MYRIAD Group Technologies Limited