WikiLeaks, Amazon & You: Will Banks Hesitate in the Cloud?
Forgetting for now the political fallout, the WikiLeaks affair has evolved into one with major business implications for the financial services industry. First, and covered elsewhere in today's American Banker, is the 'information war' that's erupted, with WikiLeaks' guerrilla supporters inflicting collateral damage on enemies like MasterCard, Visa and PayPal. Second, and with longer-term ramifications for innovation and efficiency in financial services technology, are the risks raised in Amazon's — reportedly Sen. Lieberman-induced — decision to cut off WikiLeak's access to Amazon's cloud-based servers.
"Amazon's decision to pull the plug on WikiLeaks sets a dangerous precedent, and flies in the face of over 100 years of precedent relating to common carriers," says Bill Roth, EVP of IT monitoring company LogLogic. "While there's certainly a moral dilemma associated with WikiLeaks, there's a genuine concern that common carriers are going to get into the business of censorship.
Until now, most large-bank CIOs have been skittish about taking advantage of the cheap and vast computing powers that reside in the cloud, testing the waters first with software development functions and non-core systems like HR. Smaller banks have taken the leap much more readily, as they're increasingly reliant on outsourced applications and vendors. But the buzz in the blogosphere are worries that Amazon's Orwellian actions will give pause to many enterprises considering utilizing the range of public cloud applications and services.
"Novell see[s] two ramifications for the financial services sector when it comes to WikiLeaks and a public cloud deployment: The adoption will, in the short term, increasingly shift to private clouds," says Richard Whitehead, director of Intelligent Workload Management at Novell. "Financial enterprises will deploy their own private cloud infrastructures …in order to take advantage of the agility and flexibility the infrastructure can deliver - minus the security concerns."
The chorus on this side of the debate is loud and full-throated, but not everyone agrees. Opponents say the movement of data and processing to the cloud is an unstoppable force. "I think [Amazon's treatment of WikiLeaks is] an anomaly and it's not going to slow the cloud at all," says Terry Austen, CEO of Guardian Analytics, which provides security and authentication services to banks.
But both sides agree the near-term fallout will be increased legal scrutiny on the software-as-a-service and cloud contracts that are under negotiation in all aspects of financial services — from lending technology, to security monitoring, to public-cloud usage. And calling for increased scrutiny is saying a lot. Leslie F. Spasser, an attorney with Virgina-based law firm LeClairRyan, says 70 to 80 percent of her work already involves negotiating this type of hosted services contracts, a dramatic increase over just a year ago.
So while some pundits have said that WikiLeak's release of its trove of diplomatic cables is the most significant US foreign policy event in decades; Amazon execs may be feeling the same kind of heat. It's hard to imagine a scenario in which a bank would find itself so politically out of favor, and legally unprotected, as WikiLeaks did. But bank risk managers are by necessity a paranoid lot. And with the possible exception of Jamie Dimon (if you believe the New York Times Magazine, anyway), bankers are still a politically and popularly unpopular demographic. The combination of these two realities mean that Amazon, and its cloud-promoting brethren, have some urgent damage control to do if they want bankers to stay on the cloud-driven path in the year ahead.
Top 3 Cloud Contract Concerns
Most banks won't fall victim to the same circumstances as WikiLeaks did, not least because "in the banking industry, in most cases these contracts are significantly more negotiated than you would get from the kind WikiLeaks had with Amazon," says Leslie Spasser, an attorney with Virginia-based LeClairRyan.
But the last thing a bank can afford to do is check a box that says, "I agree" to a provider's boilerplate agreement. And while smaller institutions don't have the same leverage as big banks, there are three issues that are top of mind when negotiating cloud contracts on behalf of community banks, Spasser says.
"First is data security and privacy," she says. "That's really critical to get that right."
Second is access to the data — both legal access and the technical access that's addressed in service level agreements.
Finally, and this is where WikiLeaks got burned, is termination or end-of-life agreements. "How do you wind down and make sure your data is preserved in a away that you can transport it to another platform?"