Transferring key resources to a virtual sphere is having a moment these days. But will we ever look back, asks Karol Leszczynski, factoring product manager at Comarch Financial Services.
With cloud computing, businesses don't need to invest in software licenses, databases, workstations, or network devices. All they are obliged to do is to pay a monthly subscription fee in exchange for access to desired solutions that are already present.
There are many advantages to that. The scalability of the cloud gives growing businesses the flexibility to expand their bandwidth and capacity on demand. Similarly, if a company is experiencing a period of decline, it can scale down. As a result, companies can adapt to change in real-time. When it comes to capacity concerns, the cloud can take expensive hardware out of the equation.
Then, there are microservices. Thanks to those, a cloud-based system is no longer one big monolith - which it had to be when operating offline. For example, a factoring system can have different modules, e.g. repayment module, contract module, administration module, etc. Thanks to microservices, each of those modules acts as a separate entity. What this means is any change or maintenance done to one module does not affect the operation of the entire system.
The cloud also seems to be particularly well-suited to the financial market, at least when it comes to keeping up to date with ever-changing regulations. Integration with external systems, be it ERPs or other ones, also plays an important role here. Using a cloud-based system, bank customers can, say, import their invoices and provide transparent reporting.
What is worrying potential customers about switching to the cloud though is not so easy to alleviate. The first worry is an increased risk of a data breach. No online system seems to be as secure as an offline one. It is vital then that cloud-based services meet the most restrictive security requirements. "If something goes wrong, and regulators or the media find out the bank was using a cloud provider, the bank could be held up as an outlier and have that business decision questioned," Dan Latimore of Celent told American Banker back in 2015.
But these days cloud providers design, build, and operate their data centres in a way that strictly controls physical access to the areas where customer data is stored and secured. The possibility of unauthorized users gaining access is slim to none. And the security checks are as stringent as the ones we know from airports: even metal detectors are put to work.
On top of that, various encryption models are in place. This includes both server- and client-side encryption, with customer-managed keys in the key vault or on customer-controlled hardware. With client-side encryption, one can manage and store keys on-premises or in another secure location.
But the second worry is compliance – or lack thereof. If the rules which the cloud is founded upon vary between countries, then how does one know which of those rules apply to a service hosted in country X?
A response to this might be: any cloud infrastructure needs to meet a broad set of international and industry-specific compliance standards. ISO, HIPAA, FedRAMP, SOC…the acronyms here almost span the whole alphabet. These are some of the reasons why banks may ultimately turn less reluctant about moving some of their operations to the cloud. If not, what may catapult them there are poor returns on equity and the urging pressure to streamline their businesses. After all, no disruption is painless.
So it’s our prediction the subscription model – with the option to cancel anytime – will ultimately become standard in the B2B IT industry. 3 to 5 year-long contracts out, monthly subscription payments in.