The question of security is the biggest handbrake to financial institutions migrating data, processing and execution to the Cloud.
Despite the efforts of the big tech giants, banks, exchanges, brokers and financial services firms remain wary of making too hasty a leap into cloud technology, and for very good reasons.
Graeme Marsh, Chief Information Security Officer of Beeks Group, the leading, specialist cloud infrastructure provider in the Capital Markets sector since 2011, warns against the lure of deploying technology that may fall foul of regulators.
“Big tech’s Innovative algorithms, on demand scalability and increased access to markets all sound great,” comments Marsh.
“Beeks’ infrastructure provides this capability but also has Capital Markets regulation and security at its core. The public cloud providers can’t claim that.”
According to a Gartner survey, less than 30% of Google’s business is IaaS – even less than that is financial market focused.
It’s a similar story with Microsoft and AWS, although their IAAS revenue is double that of Google.
Marsh says: “Our customers are mostly worried about FCA, PRA and GDPR compliance, business and customer data protection, and safe-guarding against malicious attacks, power outages and Denial of Service events.
“They want reassuring that their cloud provider can anticipate their need for cost-effective ultra-low latency compute, flexibility and choice without making any compromises to security, privacy and performance whatsoever.”
“We have achieved ISO27001 accreditation in respect of international security standards,” Marsh explains, “and we use these as the bare minimum requirements.
“Beeks will always aim for a strong security posture, utilising additional frameworks and standards to provide further assurance.
“These include the Center for Internet Security controls, UK-governed National Cyber Security, and the National Institute of Standards and Technology.”
Regarding data protection Marsh comments: “Our policies are aligned and compliant with the financial markets and brokers’ regulations.”
As regulators suck their teeth about cloud migrations in the sector, this should provide them with some reassurance.
Beeks Group is highly experienced and knowledgeable about all the different permutations of private, public and hybrid cloud capabilities, and how far these are suitable for the needs of financial institutions.
Whilst Beeks recognizes the cost-effective value of public cloud shared resources, they recommend a ‘horses for courses’ approach. This means ensuring that their customers align the importance of their workload with the relevant solution.
“Private cloud technology that connects directly to public cloud providers, means that organizations’ ‘crown jewels’ of financial trading are inherently secure,” says Marsh.
“But it also allows shared resources to be harnessed when needed and this provides significant customer benefits.”
Financial applications, trade and market data can be kept on the private cloud, whilst information processing can take place on the public cloud without the data having to be exposed.
“We provide a highly secure infrastructure topology that is controlled internally but monitored by us, in line with the client’s security and resiliency requirements.
“In the public cloud it would be wholly the responsibility of the client to manage their own infrastructure configuration, with no way of monitoring adverse events.
“This is another advantage to working with a dedicated specialist partner.”
“As an independent CISO team we take a top-down approach to security. Our networks and apps meet the highest standards and our end-to-end managed security protocols protect customer information from both the internet and Beeks access.
“We define rigorous user permissions for access to configuration management, and we provide a clear and visible audit trail of all access – either by Beeks or the client.”
Beeks latest offering, Proximity Cloud, replaces all shared infrastructure with a dedicated, client-owned environment that can be deployed wherever the organisation wishes.
“Proximity Cloud goes one step further than even the standard private cloud implementations,” comments Marsh.
“It enables data to sit within a customer’s own physically held location, so we can absolutely point to where it is under the customer’s specific physical and logical security configuration.”
Having all data under one postcode, where power resilience, DR and security are keenly monitored and observed, is also reassuring to both client and regulators alike.
Beeks Group offers secure, high-performance, guaranteed private and hybrid cloud Infrastructure as a Service all around the globe, and can accommodate exclusive, single-tenant security requirements, as well as replication of hosting. Beeks help connect their customers to all the cloud providers they need in a safe environment, bypassing the public internet.