Are you in the cloud, or are you just making use of cloud technology?
Understanding this subtle distinction could make all the difference to how your organization approaches the cloud, which has become a major part of payments technology strategy, impacting issues such as the EMV migration and mobile wallets.
Today, many organizations are being asked when are you moving to the cloud? But this is the wrong question to ask, as it assumes the cloud as a kind of ubiquitous computing capability, a mythical utopia with unparalleled benefits located somewhere in the computing ether.
Instead, we need to look at cloud computing as an architectural and technological approach that can be hugely beneficial when used strategically alongside existing computing assets. To some, destination cloud is cheaper or more flexible or faster. But to others it presents specific and seemingly unbridgeable challenges, with security and compliance often top of the list of common obstacles to adoption for public cloud services.
The result is that many organisations err on the side of caution, avoiding cloud computing as an official strategy as the perceived risks are seen as being too high.
Organizations are continually asked to balance the equation of risk, security and compliance against needs like cost, agility and new business opportunities when making technology choices. However, simply focusing on the obstacles can result in opportunities being missed.
To illustrate this just cast your mind back ten or so years. Internet banking was a new, tentative and for some peopledangerous idea. Today it seems almost laughable to question if this was a worthwhile strategy, as the benefits have far outweighed the challenges; its now a must-have capability for almost all consumers, merchants and financial institutions.
Given this, perhaps the question should be where does cloud computing technology fit in your organizations landscape? Cloud computing is in fact a spectrum of technologies that can be a total solution or simply a part of the wider landscape of your technology assets.
The key here is to start thinking about cloud computing, in its entirety, in your application and infrastructure landscape. Consider the opportunities, the challenges and the options to ensure you can take maximum advantage of this disruptive technology in your IT architecture and technology choices.
The advent of cloud computing models has created a level choice for all enterprises through scale, flexibility and choice. For example, for parts of an issuer using email for external marketing, public cloud might be the right option but for risk and compliance or customer interactions, it might well be that on-premise solution may be the right choice. One thing is clear here, the cloud has democratized IT; it creates a level playing field and expands the opportunities for innovation and creativity
There are concerns about public cloud services, there should be no more misgivings than for any other new technology.
Card issuing financial services companies may limit the use of public cloud due to regulation concerns, the right to audit, data location and sovereignty, security and access. While these concerns should not be ignored, issuers should consider the regulations, implications and technology provisions at a level that will enable an informed decision to be taken. For example, The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) do not prohibit the use of cloud services. However, they do require organisations to take reasonable steps to avoid undue operational risk. Therefore, the key to adoption is for organisations to understand their data, their systems as well as the risks and implications associated with them.
Nic Merriman is CTO of financial services at Avande UK.