In 2023, we summarized the U.S. Department of Treasury report that raised concerns about the growing reliance of financial institutions (FIs) on cloud computing. Treasury highlighted structural imbalances and regulatory blind spots in the relationship between FIs and cloud service providers (CSPs).
More than two decades in, cloud computing is no longer a technology that requires a herald or proselytizer. What began with government agencies and then financial institutions seeking expanded storage solutions and an alternative to enterprise applications anchored to physical locations has matured into a cornerstone of many services the average person uses and benefits from every day.
But even as companies ponder exactly how, when, and to what extent cloud services such as IaaS (infrastructure as a service), PaaS (platform as a service), and cloud native solutions might best serve their needs, one thing remains constant—cloud transformation is complex and fraught with potential pitfalls.
On February 8, 2023, the U.S. Department of the Treasury released a report citing its “findings on the current state of cloud adoption in the sector, including potential benefits and challenges associated with increased adoption.” Treasury acknowledged that cloud adoption is an “important component” of a financial institution’s overall technology and business strategy, but also warned the industry about the harm a technical breakdown or cyberattack could have on the public given financial institutions’ reliance on a few large cloud service providers. The Treasury also noted that “[t]his report does not impose any new requirements or standards applicable to regulated financial institutions and is not intended to endorse or discourage the use of any specific provider or cloud services more generally.”
Modern cloud computing only came into existence about 20 years ago, but now virtually all enterprises (99%) are using cloud services. Cloud adoption accelerated further in the last two years because of the COVID pandemic as a result of an increase in remote work, the evolution of online business strategies (e.g., e-commerce), and the focus on business resilience. In addition, given budget uncertainties, moving technology tools, data and storage to the cloud usually results in significant cost savings to an organization, which is the top priority for organizations using cloud services six years in a row.
The last decade saw explosive growth in enterprise migration to the cloud, a trend driven by the promise of lower overhead costs and greater scalability. Given this, many have made the leap and moved both non-mission-critical workloads and mission-critical functionality into the cloud.
This is where “data gravity,” a phrase coined by Dave McCrory comes into play. Data gravity is the “effect that attracts large sets of data or highly active applications/services to other large sets of data or highly active applications/services, the same way gravity attracts planets or stars.” So, in the simplest terms, data gravity is the idea that increasing volumes of data can cause data to function like an anchor, making it increasingly difficult to move as the data in question continues to increase.
Oracle recently published a policy document entitled “Licensing Oracle Software in the Cloud Computing Environment” which sets out specific requirements on customers when licensing various Oracle programs and using them in the following cloud computing environments:
The European Banking Authority (EBA) has opened a consultation on its draft recommendations for financial institutions outsourcing to cloud service providers across all cloud-related domains including infrastructure as a service, platform as a service and software as a service. The recommendations are intended “to clarify the EU-wide supervisory expectations if institutions intend to adopt cloud computing, so as to allow them to leverage the benefits of using cloud services, while ensuring that any related risks are adequately identified and managed.” A public hearing will take place at the EBA’s Canary Wharf, London premises on 20 June 2017 and the consultation will close on 18 August 2017.
July 7, 2016, saw the UK’s Financial Conduct Authority (FCA) publish fresh guidance in order to clarify the requirements which apply to the financial services firms it regulates when outsourcing to the cloud. When the FCA talks about the cloud, it is referring to the full range of cloud solutions which have evolved (such as private, public and hybrid cloud) as well as the various “X as a Service” solutions such as IaaS (infrastructure), PaaS (platform) and SaaS (software).
We all know that “cloud computing” is one of the most tired and overused phrases in the technology industry, and it has been for years. Everyone has gone “to the cloud” now, right? Not so fast. When it comes to cloud-based enterprise email, the market has lagged somewhat behind.
A Gartner report published on February 1, 2016, found that “[t]he cloud email market is still in the early stages of adoption with 13 percent of identified publicly listed companies globally using one of the two main cloud email vendors.” Those two leading cloud email vendors are: (a) Microsoft, which offers Microsoft Office 365 and has an 8.5% adoption rate among global companies; and (b) Google, which offers Google Apps for Work and has a 4.7% adoption rate among global companies. There are other providers in this space, including Amazon Web Services and Rackspace, which also provide cloud email solutions.
There is no doubt cloud computing has delivered multiple benefits to the IT organization. However, without proper management and controls, these benefits could become a non-trivial expense to the organization. In a Wall Street Journal article earlier this year The Hidden Waste and Expense of Cloud Computing, Clint Boulton outlines the pitfalls of buying too much and not tightly controlling what is bought. ISG just released a Cloud Comparison Index which is described in Stanton Jones’ blog posting and makes many of the same points.
As Boulton rightly points out, after the cloud purchase is made, another big cost management opportunity remains: managing demand and shutting down compute resources when they’re not being used. Paying for unused resources can turn a good financial decision into a bad one.
Sourcing Speak