Former FDIC chairman and Bank Director’s publisher, the late L. William Seidman, advocated for a strong and healthy U.S. banking market. In this panel discussion led by Bank Director CEO Al Dominick, three CEOs—Greg Carmichael of Fifth Third Bancorp, Gilles Gade of Cross River Bank and Greg Steffens of Southern Missouri Bancorp—share their views on the opportunities and threats facing banks today.
Businesses large and small are enamored with cloud computing. After all, it promises less information technology expense, delivering cheap, on-demand, and elastic processing power, disk storage and memory, while cutting down on energy use. By meshing their services with the cloud, companies gain social and mobile capabilities that can connect them more closely with their customers. But is it right for financial institutions?
In short, it depends—both on what systems your financial institution is considering and what types of data will be processed, stored or transmitted by the cloud service provider. With careful monitoring and attention to key risk areas, cloud computing can work, and it can be a solid, budget-friendly choice for financial institutions seeking computing power and the ability to scale quickly as business grows.
Cloud Deployment When considering a cloud solution, you’ll first need to choose a deployment model. Your bank may select from private clouds, which belong to a single organization; public clouds, offered by companies including Amazon and Microsoft; and hybrid clouds, which use a mix of public and private clouds.
Second, consider your service model:
Software as a service (SaaS): Your bank uses the provider’s applications and operates them on the provider’s infrastructure.
Platform as a service (PaaS): Your bank deploys its own applications onto a cloud infrastructure using the provider’s programming tools—a good choice for banks that develop their own applications.
Infrastructure as a service (IaaS): Your bank runs operating systems and applications on the cloud provider’s infrastructure.
Though FFIEC and other guidelines give some clarity on how banks should approach data security, they miss some key nuances of cloud computing. Specifically, banking institutions will also need to consider:
Provider and Data Location Where your institution’s provider is located and where your data is stored, processed or transmitted can trigger a variety of state, federal or international privacy compliance concerns and issues.
Multiple Levels and Layers of Risk Cloud providers commonly resell other providers’ services or rely on other subservice providers, which makes risk assessment extremely difficult. Furthermore, data could be backed up and stored by multiple service providers and facilities.
Vendor Risk Your vendors may use cloud services to store your customers’ information. As a result, you may need to spell out in your contracts what your cloud computing policies are, or at least incorporate questions about cloud computing practices into your vendor risk management program.
Institutions that implement cloud technology will need to address these risks specifically, requiring all parties involved to conform to the security and privacy mandates outlined in their contracts. You’ll also need to develop plans to continually monitor the activities and performance of both service providers and third parties.
Moving to the Cloud Cloud computing is likely here to stay. And while the shift may be too large for some banks’ tastes, it does come with certain benefits. Keeping compliance and regulations in mind, embracing the cloud may mean increased agility, speed and competitiveness for financial institutions of all sizes.