On 18/7/21 1:37 pm, Kim Holburn wrote: > https://www.zdnet.com/article/banks-now-rely-on-a-few-cloud-computing-giants-thats-creating-some-unexpected-new-risks/ >> ... the Bank of England ... voiced concerns about [cloudsourcing] >> services being provided by only a handful of huge companies that >> dominate the market ...
Takes them a while, doesn't it. Would some forethought have helped? Contingent Risks: http://www.rogerclarke.com/II/CCBR.html#TRC Security Risks: http://www.rogerclarke.com/II/CCBR.html#TRS Business Risks: http://www.rogerclarke.com/II/CCBR.html#BR That was all pretty obvious in late 2009, published mid-2010 Short version of 2011: http://www.rogerclarke.com/EC/CCSec.html Summary-table of 2012: http://www.rogerclarke.com/EC/CCEF.html#Exh2 Could it be that they listened to consultants-who-spruik, failed to apply any scepticism, and failed to perform effective risk assessment? _____________ >> Banks' growing reliance on cloud computing >> <https://www.zdnet.com/article/what-is-cloud-computing-everything-you-need-to-know-about-the-cloud/> >> could pose a risk to financial stability and will require stricter >> oversight, according to top executives from the UK's central bank. >> >> In a report focusing on financial stability in the UK over the past >> few months, the Bank of England drew attention to the increasing >> adoption of public cloud services, and voiced concerns about those >> services being provided by only a handful of huge companies that >> dominate the market. >> >> Outsourcing key banking data and services to a small number of cloud >> service providers (CSPs), said the Bank of England, means that those >> providers have the power to dictate their own terms, potentially to >> the expense of the stability of the financial system. >> >> >> Cloud >> >> * The top cloud providers >> >> <https://www.zdnet.com/article/the-top-cloud-providers-of-2021-aws-microsoft-azure-google-cloud-hybrid-saas/> >> >> * What is cloud computing? Everything you need to know >> >> <https://www.zdnet.com/article/what-is-cloud-computing-everything-you-need-to-know-about-the-cloud/> >> >> * The best cloud storage services >> <https://www.zdnet.com/article/best-cloud-storage/> >> * OneDrive tips and tricks: How to master Microsoft's free cloud >> storage >> >> <https://www.zdnet.com/article/onedrive-tips-and-tricks-how-to-master-microsofts-free-cloud-storage/> >> >> >> For example, cloud providers might fail to open up the inner workings >> of their systems to third-party scrutiny, meaning that it is >> impossible for customers to know if they are ensuring the level of >> resilience that is necessary to carry out banking operations. >> >> "As regulators and people concerned with financial stability, as >> (CSPs) become more integral to the system, we have to get more >> assurance that they are meeting the level of resilience that we need," >> Andrew Bailey, the Bank of England governor, told reporters in a press >> conference. >> >> In the past years, financial institutions have accelerated their plans >> to scale up their reliance on CSPs. From file sharing and >> collaboration to fraud detection, through business management and >> communications: banks have used cloud outsourcing both to run software >> and access additional processing capacity, and to support IT >> infrastructure. >> >> Until recently, cloud services were used mostly to run applications at >> the periphery of banking operations, such as HR systems with no direct >> impact on financial services. According to the Bank of England, >> however, this is now changing, with CSPs being called in to process >> operations that are more integral to the core running of banks. >> >> "We've crossed a further threshold in terms of what sort of systems >> and what volumes of systems and data are being outsourced to the >> cloud," said Sam Woods, the chief executive officer of the Prudential >> Regulation Authority (PRA). "As you'd expect, we track that quite >> closely." >> >> Last year, the Bank of England opened bidding for a cloud build >> partner >> <https://www.digitalmarketplace.service.gov.uk/digital-outcomes-and-specialists/opportunities/11682>, >> with the goal of creating a fit-for-purpose cloud environment that >> could better support operations in a digital-first environment. At the >> time, the institution said that it had already been in talks with >> Microsoft's Azure, Google Cloud and Amazon's AWS, and that it would >> likely be targeting Azure in a first instance. The possibility of >> adopting a multi-cloud strategy was also raised. >> >> There are many benefits to moving financial services to the public >> cloud. For example, while using old-fashioned, on-premises data >> centers incurs extra expenses, a recent analysis by the Bank of >> England estimated that adopting the ready-made services offered by >> hyperscalers could reduce technology infrastructure costs by up to 50% >> <https://www.bankofengland.co.uk/research/future-finance>. >> >> Another advantage of public cloud services is that they are more >> resilient. The sheer scale of CSPs enables them to implement >> infrastructure that integrates multiple levels of redundancy, and as >> such, is less vulnerable to failures. >> >> Moving to the cloud, therefore, is not intrinsically detrimental to >> banking services – quite the contrary. But the main sticking point, >> according to the regulators, lies in the concentration of major >> players that dominate the cloud market. According to tech analysis >> firm Gartner's latest numbers, the top five cloud providers currently >> account for 80% of the market >> <https://www.gartner.com/en/newsroom/press-releases/2021-06-28-gartner-says-worldwide-iaas-public-cloud-services-market-grew-40-7-percent-in-2020>, >> with Amazon holding a 41% share and Azure representing nearly 20% of >> the market. >> >> "As of course a market becomes more concentrated around one supplier >> or a small number of suppliers, those suppliers can exercise market >> power around of course the cost but also the terms," said Bailey. >> >> "That is where we do have a concern and do have to look carefully >> because that concentrated power on terms can manifest itself in the >> form of secrecy, opacity, not providing customers with the information >> they need in order to be able to monitor the risk in the service. And >> we have seen some of that going on." >> >> As Bailey stressed, part of the reason for CSPs to remain secretive >> comes down to better protecting customers, by not opening up key >> information to potential hackers. But the regulator said that a >> careful balance has to be maintained on transparency, to enable an >> appropriate understanding of the risks and resilience of the system >> without compromising cybersecurity. >> >> Leighton James, the CTO of UKCloud, which provides multi-cloud >> solutions to public sector organizations across the country, explains >> that these issues are not unprecedented, and it is unsurprising to see >> them trickle down to the financial services. >> >> "We're anxious about cloud providers becoming so big that the terms >> and conditions are pretty much 'take it or leave it'. We're definitely >> seen that happening already in the public sector, and we can >> definitely see it happening in the financial services sector if we are >> not careful," James tells ZDNet. >> >> According to James, part of the risk stems from traditional banks >> attempting to compete against new disruptive players in the sector. >> Financial institutions are now rushing to overhaul their legacy >> infrastructure and catch up with the digital-native customer >> experiences that were born in the cloud and are now widely available >> thanks to fintech companies. >> >> "It's clearly imperative for the financial sector to modernize and >> adopt digital technologies," says James. "The question becomes how >> best they can do that by balancing the risk of digital transformation." >> >> And in this scenario, the risks of placing all of banks' eggs in a >> handful of CSP's baskets is too high, argues James. >> >> The Bank of England has similarly urged financial institutions to >> exert caution when developing their digital transformation strategies, >> and is currently in talks with various regulators to discuss how to >> best tackle those risks. >> >> With cloud concerns widely shared by other nations, especially in the >> EU >> <https://www.zdnet.com/article/meet-gaia-x-this-is-europes-bid-to-get-cloud-independence-from-us-and-china-giants/>, >> those discussions are likely to become international, and the UK's >> central bank predicts that global standards will be created to develop >> a consistent approach to the issue. >> > -- Roger Clarke mailto:[email protected] T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Visiting Professor in the Faculty of Law University of N.S.W. Visiting Professor in Computer Science Australian National University _______________________________________________ Link mailing list [email protected] https://mailman.anu.edu.au/mailman/listinfo/link
