Computing through the cloud offers new ways of doing business. Choosing a private, public, or a hybrid of private, public and community clouds should create new business models to conduct business in a highly competitive finance industry. Internet-based cloud IT solutions provide not only enormous cost reduction in infrastructure and operating expenditure, but also enable flexibility, agility and ability to scale up or down as per the needs of a business and its affordability.

BANKING SECTOR

Emerging cloud services for banks aim at enhancing productivity by facilitating real time collaboration, being omnipresent and providing virtualisation. Cloud-based services help in knowing the customers' preference by social networking interfaces and focussing on better customer relations, human relations and finance management, helping the banks to retain customers and attract new consumers. Front-end bank offices connected to cloud-based back-end computing and analytics save substantial cost on licensing, energy and space.

Cloud based e-invoicing provides dynamic invoices, making payments when exchange rates are most favourable, and enabling the banks to network constantly with postal and telecommunications companies. It improves access to social network profiles to help reach out to new consumers in new markets.

SECURITY CONCERNS

The banking industry is not so enthusiastic to embrace cloud computing in spite of its vast potential, because of the industry's concern on security, privacy, confidentiality, data integrity, and authentication requirements, along with location of data, availability, and recoverability.

Moreover, the industry has unique and dynamic regulatory, legal and compliance issues to address before switching to cloud services. Bankers apprehend that computing in “the cloud” is risky, as it involves outsourcing the data of its customers to third-party cloud service operators.

In order to take advantage of the emerging powerful Internet-based business solutions, what is needed is an IT technology architecture that combines the merits of the public cloud with the security and data-privacy of the private cloud.

The appropriate business strategy seems to be to outsource relatively less sensitive data to the public cloud infrastructure service with cryptography and simple password access, along with dedicated servers with firewalls and intrusion detection devices and other updated safety features for housing ultra-secure critical data centres that demand strong authentication for access.

STRATEGIC POLICY

There should be a clear strategic policy for cloud computing and management, prioritising data that can be entrusted to the cloud operator, with clearly defined service level agreements (SLA) with milestones and a set time-frame, backed by a comprehensive governance structure.

While choosing the cloud service provider, it is important to look into the firm's financial stability, ability to improve functionality and service levels and integrate data across different technology platforms and cloud services.

The policy-based key management, with industry-standard encryption, is emerging as the cryptography model for better control on data in the cloud as the common encryption key management techniques are susceptible to vulnerability.

Cloud security services are emerging to address data security, privacy and compliance risks, as well as prevention of data theft, ensuring disaster management, and detecting compliance violations with robust server security for virtualised data centres.

(The author is a Director-General, CAG Office.)

Related Topics
comment COMMENT NOW