Most banks know about the cloud, and many have even started to develop limited private clouds, leveraging the massive computing power of their internal data centers.

But Deutsche Bank (DB) and National Australia Bank are in the minority of banks actively strategizing about opportunities in the public cloud.

Though Deutsche Bank, of Frankfurt, said it began developing internal cloud computing capabilities in pieces starting about 2002, the external cloud represents its next frontier, and journeying there puts the bank face to face with the primary roadblocks all banks face when they think of moving computing beyond their own perimeters.

"We want a complete solution, it is not just the technology, it is an operating environment," Andrew Stokes, chief infrastructure architect for Deutsche Bank, said during a presentation at the Open Data Center Alliance Forecast 2012 in New York last week.

To get to that environment, Deutsche Bank, like every other bank, needs to resolve important security, transparency, management and regulatory issues; banks would also benefit if vendors providing cloud computing products and services would adhere to standards for use and access, Stokes said.

Security and regulatory issues are the most nettlesome for banks hoping to use a public cloud, experts say, because the cloud is a distributed environment. That means banks have to guard against their customer data moving into far-flung geographical regions, for compliance and regulatory reasons. Ensuring privacy and security of the data is also critical.

Once it's in the public cloud, "It's out of your control and more vulnerable to being accessed outside your environment," Mary Knox, a research director at Gartner, said.

About 13% of banks worldwide use the public cloud in some form, according to Gartner.

Primarily banks will use the public cloud for non-critical, non-core applications, such as marketing, back office applications that don't involve sensitive customer data, and potentially for check clearing and credit card processing, among other things, according to Accenture.

Half of the 204 banks surveyed by Gartner last year at Sibos said that security was their biggest concern with moving computing activities to the public cloud, followed by 37% who cited regulatory concerns.

Migration of applications is also a top concern, Stokes said.

While banks typically start small, even developing a private cloud within a bank can be extremely complicated, Knox said, because bank product lines are so famously siloed.

"Certain functionality is moved to a shared services layer within the bank, and this is positioned as the private cloud, and that is what we are seeing first," Knox said.

This drill rings true for banks that are in initial stages of moving computing networks to the cloud, like National Australia Bank, one of the largest banks in Australia with about $750 billion in assets. It first took baby steps toward the public cloud about four years ago, opening up its sales and marketing efforts by deploying and Oracle CRM on Demand, said Denis McGee, general manager of application, development, and testing.

Now it's actively building an internal private cloud. By the end of the second quarter, it will roll out infrastructure on demand, McGee said, which can ramp up and down depending on customer demand for things like Web banking and other online services.

"We will be able to spin those extra servers up for more capacity as it is needed," McGee said.

Further movement to the public cloud is still many years away for NAB, McGee said. Part of the hold up for the bank is lack of a set of industry standards for applications, protocols and interfaces with hardware stacks, he said.

Deutsche Bank also started out by developing an internal private cloud, creating a flexible, adaptive computing environment, Stokes said, and a small distributed environment for IT as a service.

"We evolved from an IT support organization, putting two servers out there and two [operating systems] together, to shared hosting services in a simple container, and we packaged this with different [service level agreement] criteria and recovery criteria," Stokes said.

Deutsche Bank launched its first generation internal cloud in 2008, something it called 3CV, combining data storage, high performance blades and server virtualization, creating self-service portals, fast delivery and thin provisioning, Stokes said.

Since 2010, it's created a contained environment capable of ramping up 2,000 virtual machines from the bank's internal network at any given time.

But making the jump to the public cloud is extremely nettlesome, and for that Deutsche Bank has more questions than answers, though the bank will likely take a hybrid cloud approach that balances internal cloud capabilities with external cloud capacity.

Its wish list items for a public cloud environment include a system that is easy to manage, and one that can be provisioned, patched, upgraded and even retired, as Deutsche Bank would any enterprise system. Said virtualization will be critical. And so will the ability to create a system where routine business activities, such as straight-through processing, can be achieved on an industrial scale. Other goals are price transparency, the ability to pay on a per-use case, and the elasticity of applications, Stokes said.

"We want to be able to do repeatable processing at this industrialized scale … Applications need to grow and shrink, depending on what the business demand is, on a second by second basis, " Stokes said.

To achieve that, as yet another intermediate phase, Deutsche Bank will settle on a hybrid approach.

"What we are trying to do here is bring together the external cloud with our … highly optimized internal cloud services and the thousands of application we run inside a big, global investment bank," Stokes said

Together with members of the Open Data Center Alliance, a group that includes 280 companies including banks JPMorgan Chase (JPM), National Australia Bank and UBS (UBS), Deutsche Bank will drive $50 billion in increased spending on cloud services and storage, as well as $25 billion in cost savings annually, Stokes said.