Prevent, respond, recover: Boosting digital resilience in financial services by moving to the cloud
Though caution is understandable, there is some urgency for leaders to embrace cloud services
Financial services organisations are reluctant to embrace cloud technology — “you’ve got to go slowly and you’ve got to go cautiously”, as David M. Solomon, the chief executive of Goldman Sachs notes.
True, to a point, but in reality, it’s not that these companies aren’t integrating cloud services, or that they’re dragging their feet in doing so. They’re just not fully embracing them — yet.
| Nearform expert insight: | “We help organisations build environments in the cloud and leverage cloud services to release applications easier and faster, while shifting their cost, security and ownership models for greater scalability and agility.” Keith Madsen, Technical Director at Nearform |
Though caution is understandable, there is some urgency for leaders to make the switch. McKinsey reports that “Fortune 500 financial institutions alone could generate as much as $60 billion to $80 billion in run-rate EBITDA in 2030 by making the most of the cost-optimization levers and business use cases unlocked by cloud.”
| Expert insight: | “I think what struck me most was that nearly every bank has taken off on its journey to the cloud, but very few have gotten more than a few feet off the ground.” Mike Abbott, Global Banking Lead, Accenture |
| By the numbers: | - Only 40% of banks and less than half of insurers fully achieved their expected outcomes from migrating to cloud - More than 50% of firms have only moved a minimal portion of their core business applications to the cloud - Although banks almost doubled their reliance on the cloud between 2021 and 2022, this still amounted to an average of only 15% of their total workloads - Cloud and edge computing are the top technologies being considered by financial institutions, with 84% of executives recognising their relevance - 89% of financial services executives believe that a cloud-enabled platform is crucial for delivering the agility, flexibility, innovation, and productivity necessary to meet escalating business demands |
Financial services executives recognise that in order to compete and stand out in an increasingly crowded marketplace, the speed, power, and flexibility afforded by cloud computing is critical. Most financial services companies are indeed exploring how moving to the cloud can benefit their businesses, but many are still only scratching the surface of what’s possible.
Graphic: GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Considering investments in legacy systems and concerns about regulatory compliance and data security, hesitancy to go all-in on the cloud has been understandable. However, changing regulations and the obligation for financial services organisations to have the resilience to identify potential disruptions and minimise their impact highlights the importance of modernising with cloud-native systems.
Defining (and regulating) digital resilience
Threats to business continuity encompass human-made attacks such as cybersecurity breaches, unpredictable events like power outages or natural disasters and potentially preventable issues including hardware or software failure. Digitally resilient organisations analyse available information to anticipate potential disruptions, and have the resources to minimise and recover from the impact of disruptions that do occur. For financial services organisations in particular, disruptions can mean not only lost revenue for the affected company, but also losses for customers and negative effects to the larger economy. For this reason, digital resilience is even more necessary.
This necessity extends beyond simply responsible business practices - new regulations, including the Digital Operational Resilience Act (DORA) in the European Union, require financial services companies to demonstrate that they have created thorough incident response plans and infrastructure in place to prepare for and mitigate interruptions of service. According to the Act, responsibility to comply lies not just with financial companies as a whole, but with individual officers of the company. The text states “Under DORA, the Board of Directors is personally liable for cybersecurity governance and risk management, including all aspects such as reporting, testing and other necessary measures.”
In the United States, the Federal Reserve Board, Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation worked together to develop and issue the “Sound Practices to Strengthen Operational Resilience” guidance. This guidance explicitly defines practices that large banks should undertake to prepare for and address the operational risk of cyberattacks, natural disasters, and pandemics. A similar group in the UK, comprised of the UK's supervisory authorities, the Prudential Regulation Authority (PRA), Financial Conduct Authority (FCA) and Bank of England (BoE) announced resiliency requirements for UK banks and insurers. The purpose of all of these coalitions is to ensure that the financial institutions operating in their countries are taking appropriate and adequate steps to protect consumers, the overall financial sector, and country economies.
Digital resilience can limit losses from disruptive events
The prospect of complying with regulations can sound daunting, but in the case of regulations instituted to promote digital resilience, there are actual economic benefits. Key requirements of DORA and other operational resilience guidance documents are incident-response plans, business continuity plans, and regular risk assessments. Regulations aside, all of these assets are important for companies to have in place and up-to-date in order to limit financial losses in the event of a disruption. Fees for noncompliance with regulations can be steep, but they would be minimal in comparison to the damage done by a major event that an organisation is unprepared for.
It makes financial sense for companies to invest in resilience, and many are in the process of doing so. Studies show that executives in financial services organisations are decreasing spending on legacy systems, and increasing it on technologies that boost productivity and promote resilience such as cloud services. In 2022, 53% of banking tech executives surveyed expressed that they planned to increase investment in cloud platforms by the largest amount compared to other tech spending**. McKinsey reports that by 2030, value drivers could enable cloud services to deliver more than $3 trillion in EBITDA value, $407 billion of it in IT resilience improvement, across the Forbes Global 2000.
**Data source: Tool: Cloud Computing Use Cases for Banking and Investment Services, 2023, 21 June 2023 - ID G00796050 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
How the cloud enables prevention, response and recovery
Cloud services are a key part of building resilience due to their ability to help organisations prevent, respond, and recover from disruption. They’re built to be reliable, with redundant systems, backup mechanisms and disaster recovery plans in place. These help minimise the risk of service interruptions and ensure applications and data are accessible even in the event of hardware failures or other disruptions.
Additionally, cloud service providers handle the technical processes of database management and security. They also monitor and analyse their systems, which creates the potential to identify and address potential service delivery issues before they escalate, helping to maintain high levels of service availability and performance. Managed service plans enable organisations to contract these operational tasks to a third-party vendor, and focus their resources on application development and improvement.
When it becomes necessary to respond to an event, Cloud Service Provider (CSP) flexibility enables quick adjustments to resources and configurations in response to service delivery issues such as performance bottlenecks or hardware failures.
In the recovery phase, cloud-based systems are able to recover from issues faster than traditional on-premises infrastructure. CSPs handle underlying infrastructure management, allowing organisations to focus on restoring service rather than troubleshooting hardware or software issues. Additionally, automated backups and data replication enables companies to quickly recover their data and applications if a truly disastrous event wipes out the existing infrastructure.
Embracing the cloud
The reasons holding many financial services companies back from migrating more of their business to the cloud are fading away. But the complexity of modernising legacy systems or integrating them with cloud-based solutions requires an experienced partner who truly understands an organisation’s business and technology needs.
| Nearform client insight: | “With Nearform, we found a partner who could help us explore ‘the art of the possible’. They understood straight away what we were trying to do.” Carlo Marcoli, API Economy Solutions Leader – Europe, IBM |
In its work with IBM, Nearform leveraged its cloud expertise to develop a leading-edge, open banking app that enables a complex, real-world customer journey.
Nearform’s track record of boosting digital resilience
When diagnosing how to help a client’s business be more resilient, Nearform uses a proprietary method to get an overview of a business’ structure and operations. During the first phase, the goal is to get a holistic understanding of system issues and where problems may lay, and objectively assess the client’s technology, resources, and processes in place.
Nearform case study: Building resilience and boosting observability for a global organisation
| Issue: | Excessive service outages were preventing customers from accessing their accounts, making payments and more. The client organisation needed to rework how it monitors, prevents and responds to incidents to limit downtime and increase their resiliency. |
| Solutions: | Nearform experts developed a roadmap to improve the client’s Site Reliability Engineering (SRE) practices, and collaborated with company engineers to streamline monitoring and incident reporting. Specific improvements included: - Standardisation/simplification of onboarding for digital services - Automated alerts - Custom dashboards showing site metrics and data |
| Impact: | - Updated process, from concept ideation to dashboard implementation, completed within 6 weeks - Site improvements resulted in zero downtime during the first product launch - Average time to recovery reduced by 93% |
In this case study, Nearform identified core issues with monitoring and alerting, incident management and observability. The diagnostic phase revealed an over-reliance on manual operations, and an inability to effectively prioritise tasks, making the team reactive instead of proactive. These insights led the team to the solutions, and provided a clear path to improve the company’s resiliency.
There’s no denying that cloud migration is a complicated and challenging process. With an experienced partner to help identify the most effective path forward and design a secure, resilient customised digital solution, financial services companies can fully embrace the power and versatility of the cloud.
Insight, imagination and expertly engineered solutions to accelerate and sustain progress.
Contact