Liberty Bell Bank's Chief Technology Officer Brian Schaeffer wanted to upgrade its email system last fall. Had he gone through with it, he might have seen his new inbox filled with angry shareholder missives.
Schaeffer says the technology provider was "crazy" — asking $30,000 for the email upgrade project, an amount equal to nearly 30 percent of the $179 million- asset community bank's third-quarter profit.
Instead, Schaeffer moved the Marlton, N.J.-based bank's email to the cloud, utilizing Google's Apps for Business. And the cost was not much more than $2,250—the amount he spent to get 45 employees and executives their own $50-a-year Gmail corporate email account.
The Gmail service gives him automatic backup of message archives—negating the need for disaster-recovery resources in the back office—and allows him to retain the bank's current email domain address. As a bonus, he also discovered the encryption security features of Gmail's Web service are supported on the Android smartphones used by Liberty's staff to access corporate email. Also, no "upgrade" costs. "We killed four birds with one stone," he says.
Liberty is not alone. For the past several years, cloud computing in the financial services industry has been associated primarily with enterprise information technology initiatives at large institutions like Bank of America or Deutsche Bank. But analysts say even small banks and credit unions are now growing attached to the idea of moving business services and applications into cloud settings, part of a much-hyped strategy of shifting software and information away from the data center and onto Web-only platforms.
A 2010 survey from Gartner Research reported that 51 percent of North American banking and investment firms were using a popular cloud computing option—software-as-a-service, or SaaS. That's growth from a similar 2009 poll by IDC Financial Insights that showed just 26.5 percent of institutions deploying a cloud service of any sort, including platform-based products (like Web conferencing service WebEx) or infrastructure clouds such as off-site data storage alternatives. Gartner estimates that by 2014 revenue in the cloud computing market will be double the $6 billion tallied in 2010.
"Financial institutions of all sizes are preparing for the transition to cloud services, and making their first bets now," wrote IDC Research Vice President Jeanne Capachin in a report.
Many banks still consider a move to the cloud too risky because of fears about security and access — uncertainty about the safety and availability of software and data in the hands of a giant like Google or Amazon. But for some the appeal of saving money by lowering software and hardware costs, and the promise of new types of product development and service-provisioning models, outweighs the actual, and perceived, risks.
Capachin says she finds small institutions like Liberty Bell are most often exploring the use of inexpensive "public" cloud offerings through Google (office applications, email) and Amazon (data storage) that are readily available on a self-service basis. Midsize and large banks, she says, have been turning to vendor specialists like Salesforce.com—a cloud pioneer in the on-demand business app space—to provide more customized, enterprise packages in such areas as customer relationship management or delivery of Web and mobile-banking services.
For large institutions, "it's more about a private cloud," she says. Now that banks have virtualized much of their data center hardware, "they can develop their own cloud services."
Global giant Deutsche is a leader. Over the last two years it's built internal, proprietary cloud platforms that can speed up the in-house development of new banking and investment products. "One of the more obvious use cases for the cloud is to move a major portion of our development and testing to third-party facilities," says Sean Kelley, the New York-based global chief information officer for Deutsche Asset Management and head of the platform services group. There the company can run many tests simultaneously without worrying about resource limitations, and also save money by not paying for hardware that would be running idle during lulls in testing. "We can spin down the testing/development environments when the programmers have gone home for the day," says Kelley.
Deutsche has also adapted its cloud practices to store some administrative documents and data that don't have the same security demands as storing proprietary or customer information.
"We have found quite a few app types that could even be put straight on the public cloud as they do not contain sensitive data or critical functionality," says Kelley, who would not disclose which specific applications were designated for cloud use.
Examples of large-scale, public-cloud usage include Nasdaq, the New York Stock Exchange and the American Stock Exchange all using Amazon's storage cloud, which Gartner estimates together add 30 to 80 gigabytes of new market data to the cloud daily. By going cloud, the exchanges do not have to invest in any storage hardware since the data is instantly retrievable from Amazon servers and is automatically scaled up when they need more capacity.
Examples from Liberty Bell all the way up to Deutsche show the industry's increasing comfort with utilizing the cloud for data and tools that aren't core competencies. But using the cloud to hold banks' more sensitive data—including personal consumer information and transactional data—is a riskier proposition, and may never be suitable for cloud settings, some bankers say.
Wells Fargo & Co. in San Francisco has thus far shunned most efforts at converting thousands of internal programs, databases and platforms to cloud services because of the fear that customer data might still inadvertently leak outside its firewalls.
"Quite honestly, a lot of issues that we have in general are around security," says Sherrie Littlejohn, Wells' executive vice president of enterprise architecture. "The last thing we would want is for our customers not to feel secure."
Even when cloud vendors can attest to their security moxy—most submit to international SAS 70 audits and certifications vouching for their organizational controls—other risks still stand as hurdles. Cloud can be a difficult sell because of the liability issues.
"If an institution's vendor has a data breach and the institution gets sued, it doesn't have the access to sufficient information to defend itself," says Leslie F. Spasser, an attorney for Virginia law firm LeClairRyan, who negotiates cloud service contracts for community bank institutions. "A lot of the large vendors refuse to provide indemnification in these [cloud] instances, because their view is that they are not an insurer."
Another issue is guaranteed access. When Amazon announced last December it was shutting off the server access to Wikileaks because of that site's release of classified U.S. military and State Department documents, it underscored the worries of institutions that with their data under someone else's roof, availability to that information may not be absolutely inviolate. Those kinds of issues can be addressed ahead of time with the proper negotiation of service-level agreements, Spasser says.
For community bankers like Liberty Bell's Schaeffer, however, those concerns weigh less than the promise of cloud computing. Having already pushed email into the cloud, he's going to look next at expanding to some of Google's other business applications in the areas of communications and collaboration (such as Google Docs) so his colleagues will always be working with the latest versions of software with no maintenance costs—often the largest part of a technology budget.
"Yeah, it's a huge gut check," he says. "But the economies of scale are there, and it's very compelling. You've gotta be thinking that way."
