Big Banks Still Say 'No' to Cloud
MBIA, the municipal bond insurance giant, suffered a major customer data breach that exposed customer data of an asset-management subsidiary that Bank of New York Mellon has agreed to buy.October 7
Storing sensitive material on the Internet makes it a target for hackers, but the password gaming that appears to have been behind the theft of celebrities' photos could happen to any server, on or off the cloud.September 3
Although bankers are (hopefully) less likely to store compromising selfies in the cloud, the infiltration of celebrities' iCloud accounts illustrates the danger of saving anything with a consumer-oriented cloud service.September 2
The cloud beckons, but large banks keep clinging to their data centers, for competitive, compliance and security reasons.
Cloudsourcing an arrangement in which a company pays a cloud provider to carry out services that could be provided in-house would appear to have many advantages. It could help banks alleviate the cost of running large data centers at a time when the industry is grappling with tight budgets.
But at last week's annual Sibos conference in Boston, several bank technology executives said they remain leery of using the public cloud, particularly for treasury and asset management data.
"Data is a competitive asset, why would I outsource that?" said Lee Fulmer, chief technology officer and global head of cash management at J.P. Morgan. "That's parking the legal ramifications."
Third-party providers don't have the same custodianship mandate a bank does, he argued.
"The market infrastructure doesn't have the integrity that allows me not to go to jail if my outsourcing provider does something wrong," he said.
Paul Ventisei, head of software architecture at HSBC, takes a similar view. The very idea of the cloud is antithetical to banks' role as data custodians for their customers, he said.
"The cloud is people in their garage writing code," he said. "They don't care about security. We care much more about security. You have to make sure there's a third party checking processes, checking for liability insurance. None of that is there right now."
These concerns may eventually be addressed, Ventisei said. "I think it will get there, I hope it does get there. I don't think we want to continue running big IT operations."
Regulatory challenges related to data security and compliance also shape decisions at Bank of New York Mellon, said Saket Sharma, the bank's chief information officer for treasury services. However, he envisions the bank adapting the concept of cloudsourcing within its own operations.
"My view of cloudsourcing is internal to BNY Mellon, rather than outside," said Sharma. "We have 13,000 people in IT. How do I tap into that talent pool and break down the silos? If somebody's doing something great, why shouldn't somebody else be able to do it? The reusability of components becomes important. That all relates to time to market and costs going down."
The bankers' concerns about security seemed prescient when, a few days after the discussion at Sibos, news broke that a misconfiguration in a company Web server at the bond insurer MBIA had exposed thousands of customer account numbers, balances and other sensitive data. It happens that the breached customer data was from Cutwater Asset Management, a fixed-income unit of MBIA that is slated to be acquired by BNY Mellon.
The bankers seem to be fine, however, with the idea of outsourcing some aspects of data center management. "I'm happy to work with partners in the data center," Fulmer said.
Banks realize they can't compete with the efficiency of large- scale data center providers like Verizon and Equinix.
"When you look at the future of data centers, it's clear that as big as HSBC is, we're going to be subscale when it comes to data centers sooner," Ventisei said. "With the scale and size of what's being built, to not use that in future is unlikely."
The bankers also talked about the difficulties of finding nuggets of useful information in the massive storehouses of data their companies hold.
"We have to stop assuming all data is valuable," Fulmer said. "I don't care if someone made a cup of tea at two o'clock in Bangladesh. I don't want to see their Facebook post. There has to be a focus on how do we extract the value, how do we understand what data is relevant."
For instance, a payment workflow might have 80 steps, and two might be "pivot" points that are causing a problem for the customer. Finding the signals through the noise is the top challenge of Big Data.