According to the Vision 2023 Report on Digital Acceleration Insights for Asia Pacific by StrategINK, over 82% professionals in the BFSI industry believe that cloud computing is a key technology driving digital transformation. Furthermore, 83% of financial services companies already use cloud infrastructure in some capacity. Cost optimization, enhanced security, increased agility and flexibility, ability to innovate faster are some of the top reasons for increasing cloud adoption in BFSI.
To further understand the current landscape and future trends of banking and financial services in the cloud, we have insights from Mr. Bhagwati Dubey, Chief Information Security Officer (CISO), Axis Mutual Fund.
What are the most common cloud applications, which currently are dominating BFSI and are any new applications expected to transition to cloud?
The most common application of BSFI that are on cloud as learning management, attendance, ITSM- IT support and ticketing, IVR Bot for customer support. In the near future, applications that require computation power and do not have any regulatory compliance requirements will see a transition to the cloud. However, the cloud journey of banking is more peculiar than other industries due to a lot of regulatory binding and compliance.
Would you agree that cloud computing has delivered on its promise of reduced costs and financial savings by justifying the investments?
Cloud investment is justifiable for compute and automation requirement. Though it’s easy to move on cloud but not easy to come out of cloud. Invariably, the cost effectiveness is demonstrated by the ease and flexibility for scale up and down, which is difficult to achieve with an on-prem solution.
However, cloud investments keep on increasing once you have adopted the cloud. You can’t control automation and customer expectation; at the same time your data keeps growing in the cloud. Nevertheless, cloud adoption cost is justified with increase in customer adoption and experience and finally increase in market share. The cost effectiveness or ROI with customer experience can be improved and achieved with cloud adoption due to scalable environment that is part of cloud services.
At the same time, there are indirect ways in which cloud computing facilitates cost savings in terms of property cost, energy, human resource, management of IT infrastructure, E-waste management and carbon emission management.
Invariably, there are certain factors which are preventing companies in BFSI from realizing the financial prudence with cloud, including:
- Lack of local regulatory compliance
- Lack of visibility of assets and cost calculation
- Lack of skilled resources
Furthermore, cloud cost exploitation is more in terms of capital investments of data that is stored and processed over there.
Do you believe the nature of attacks is changing in cloud for BFSI and are you rethinking your security strategy to address new attacks or will the on-premise approach continue to dominate mitigation?
So far, the attack faced by BFSI with respect to cloud is due to miss configuration and lack clarity on roles and responsibility of CSP and the customers. At the same time, since the attacks are becoming increasingly automated, it is integral that the response and protection also scales up to that level. Here is a list of Cloud Security Standards theta BFSI organizations can adopt for better security and resilience:
- ISO-27001 / ISO-27002
- ISO-27017 / ISO-27018
- General Data Protection Regulation (GDPR)
- System and Organisation Controls (SOC) Reporting (SOC 1, SOC 2, SOC 2+ and SOC 3)
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- CIS AWS Foundations v1.2
- CIS Controls Top 20
- NIST cloud security framework
Overall, by adopting managed services and with right hiring or upskilling to manage the organization, cloud adoption can be enabler to create value to businesses, while mitigating the security threats for BFSI.
Will 2023 be the year of public cloud repatriation?
Considering the cyber-attack, hacker targeting the cloud environment, lot of regulatory imposition across the world, cloud adoption in BFSI will see a limited growth. Some of the factors that might pose as a challenge leading to anticipated public cloud repatriation include:
- Increase in cyber-attacks.
- Increase in regulatory adversaries with regards to cloud
- Lack of skill sets
With regulatory interventions, the visibility and security management has improved. With such awareness, risk of public cloud is more visible and that can lead to challenge is public cloud adoption. Overall, there will be a transition to hybrid cloud adoption that I can see based on the requirements of customers and regulators.