BID® Daily Newsletter
Jan 26, 2022

BID® Daily Newsletter

Jan 26, 2022

An Update On Cloud Services For CFIs

Summary: Community financial institutions have been hesitant to use cloud services due to regulatory and security concerns. However, there may be changes on the horizon. More than nine out of ten financial institutions recently stated that they are either using cloud services or plan on doing so within the year. We give you the latest developments on cloud services within the financial industry.

Anvil clouds are a sight to see. They form during thunderstorms and look like thin umbrellas, or anvils, stretching across the sky for miles. It forms when the updraft from the storm reaches the tropopause--the boundary between the troposphere and the stratosphere. From there, the air spreads out and forms the anvil cloud. While these clouds can be beautiful, they are also associated with weather disturbances, including heavy rain and strong winds.
Speaking of clouds, community financial institutions (CFIs) avoided the use of cloud services due to regulatory and security disturbances for years. However, as cloud technology advances, providing additional layers of security, and regulators offer more detailed guidance, that may change.
Increased cloud spending
More than nine out of 10 financial institutions surveyed recently by the Cloud Security Alliance are either using cloud services or plan to do so within nine months, which is 2x the number in 2017. Global cloud revenue is forecasted to rise 16% this year to $474B, according to research firm Gartner. Furthermore, public cloud spending is expected to represent 45% of all enterprise IT spending by 2026, up from 17% in 2021.
While only 12% of financial institutions in North America use the cloud for their business, it is expected to double in 2Ys according to Accenture. Big banks, like Goldman Sachs and JPMorgan Chase, seem to be leading the way. David M. Solomon, the chief executive of Goldman Sachs, says “it’s got to be done with high levels of security and real protection of data and information…That’s why you’ve got to go slowly and you’ve got to go cautiously.
Regulatory view on cloud services
Regardless of the benefits of cloud systems, connecting an institution’s often dated or disjointed legacy systems to more modern cloud systems can give rise to regulatory issues and delays. While regulatory guidance has existed for 10Ys, many financial institutions think the regulatory direction will become clearer. Indeed, a Google/Harris study found that 88% of financial leaders had an overall positive view of how regulation will eventually provide “guidance and clarity” on cloud usage going forward.
In fact, the Financial Industry Regulatory Authority (FINRA) recently moved to the cloud and notes that the organization is spending only a small portion of the tens of millions of dollars it cost to support in-house servers. However, Steven J. Randich, FINRA’s chief information officer commented in the NY Times that “there’s a way to do it right and there’s a way to do it wrong.” Getting it wrong could open a financial institution up to cyber breaches.
Hybrid cloud architectures
Considering the regulatory and privacy implications of storing customer information and other private data in the cloud, many traditional financial institutions using the cloud have employed the use of “hybrid cloud” architectures. These combine elements of public and private clouds with an institution’s on-premise systems, to make the most of cost-saving benefits while still keeping the most sensitive data protected and compliant. According to a 2021 study by Google’s cloud division and the Harris Poll, which surveyed over 1300 global bankers, 83% of their institutions are using the cloud as part of their main systems and 38% are using hybrid cloud architectures. This was followed by 28% that utilize single or private cloud systems.  
Many CFIs will likely remain on the sidelines of cloud services until security and regulatory concerns are fully resolved. Yet, those concerns may be resolved earlier rather than later. So, make sure you have done your research and are ready.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Protecting Your Website Domain from Common Cyberattacks
Attacks on Domain Name Systems are rampant and can result in major problems. A compromised domain name can cause myriad headaches for both the company and its customers.
FDIC Aims To Change the Definition of Deposit Broker
The FDIC is proposing a rule that would change the definition of “deposit broker” and expand the types of exceptions allowed. We outline how the proposed rule could significantly impact banking operations.