Cloud isn’t a tactic to shift privacy and security responsibilities
A Forrester study involving in-depth interviews of 34 senior IT decision makers in APAC, uncovers that the financial services sector is not leapfrogging their counterparts in the west after all.
“Instead, it took quite long for APAC to adopt the cloud, and we are currently in the middle of cloud adoption of all kinds of flavours,” said Forrester’s APAC research director, Frederic Giron.
The study which was commissioned by Microsoft, unveiled that the Malaysian financial services industry (FSI) is slow to adopt cloud technologies and are very wary of embracing digital transformation.
Similar to Indonesia, FSIs here are taking a wait-and-see approach when it comes to cloud.
In contrast, leading banks are taking stock of the quick evolving environment that’s facing disruption by lean and agile players that leverage digital technologies, and they have adapted their meaning of risk to now mean, “What will I stand to lose if I do not adopt new technologies like cloud?”
Giron observed that for traditional banks to compete, they need to be able to change the way they operate internally and, “…the cloud is extremely important for FSIs to innovate faster, create new sources of value and to digitise their operations and services.”
The three-month survey uncovered that business benefits of cloud do improve with maturity of adoption. An initial phase may include adoption of Infrastructure-as-a-service and software-as-a-service, to reduce infrastructure cost.
Following that, the organisation may begin to leverage platform-as-a-service, microservices and/or containers to develop, test and eventually deliver software services with more agility.
The most mature phase is when a whole, end-to-end digital platform is in place and is enabling new business models.
According to Giron, banks like Singapore’s DBS and Thailand’s Siam Commercial Bank, are trying to adopt a Data First strategy, because of recognition that data in huge volumes can uncover new insights about customers and improving operational efficiency, among other things.
Giron also pointed out that the right access to the right data, would further promote innovation, but making a Data First strategy a reality is tough because “it’s extremely difficult to finetune data environments.”
That said, the tide is turning in favour of cloud adoption, among leading banks in the region.
Notably, the head of IT infrastructure delivery for Japanese operations of a global bank said, “Our cloud policy has evolved over the past several years from ‘don’t do cloud’ to ‘here’s what you need to think about and plan for in order to consider leveraging cloud.’”
An Australian bank has also admitted that they see direct correlation between cloud and speed/agility with quicker deployment, bypassing traditional build models, rapid prototyping and quick releases.
Cloud isn’t a tactic to shift responsibility
There is a lot of resistance, in terms of interpretation of regulations in Malaysia. The more challenging worker segments within some banks, would even say that local regulations and the regulator, Bank Negara (BN), are against adoption of cloud technologies.
There are two main big misperceptions about the use of cloud technologies in financial services. The first is that regulation disallows data transfer to outside of Malaysia. The second is that personal data cannot be placed in the cloud.
These perceptions couldn’t be further from the truth.
Microsoft’s Corporate Attorney for Malaysia and new markets in Southeast Asia, Jarom Britton said, “Banks use regulation as excuse not to adopt cloud. But in most markets, regulation is not against cloud adoption.
“The excuse that data needs to reside in Malaysia, is a poor proxy for data security and privacy.”
The fact is that use of cloud is allowed in FSIs, but there is criterion to meet. Britton pointed out that there has to be customer consent to collection of data in first place and there must be assurance that data is protected in a way that is no less than it would be inside Malaysia.
Britton emphasised, “It is important to understand that merely outsourcing IT provisioning or serices to the cloud does not absolve banks from their fundamental responsibility.
“Regulators will still look to banks to be accountable, and absolutely FSIs should get commitment and guarantees from their cloud service providers around how their data will be secure and private.
“FSIs need to show Bank Negara that they asked those questions are satisfied with those answers,” Britton said.
As cloud take up increases in this region, trust in the technology’s capabilities and benefits are slowly permeating. Trust is also being reciprocated as one Hong Kong bank shared that vendors are much more open now about where their cloud infrastructure is located.
A key takeaway from Forrester is this – the better the FSI’s understanding of regulation, the more likely they are to embrace public cloud services.
Giron also encouraged FSIs to keep up a continuous engagement with regulators, to keep them abreast of their progress and their ability to adopt cloud. “Banks that stay away from regulators, usually don’t have cloud capabilities,” he shared.
Britton concluded, “Having helped many FSIs move to the cloud, including several in Malaysia, Microsoft has the resources, experience and expertise to deliver solutions that meet the compliance requirements of the financial services sector.
“We are trusted partners of FSIs as they adopt cloud in a way that meets the highest compliance, risk and security standards.”