Adam Stringer, business resilience expert at PA Consulting, is quoted in Global Risk Regulator’s article on whether key cloud firms would be more regulated in the nearest future.
The article observes that cloud is not only critical to the financial system, but it is also playing a major role in the digital infrastructure of the world's economy. The move of financial institutions into the cloud space has been on the radar of global regulators who are worried about concentration risks.
Adam says: "My personal view is that I don't think the big tech providers will become regulated [by financial supervisors] any time soon. I think we will see increased pressure from the firms doing the outsourcing to cloud providers to prove that they have adequate controls in place."
He adds: "If financial regulators were to include bank supply chains as part of their supervision it would massively broaden the scope of their remit. Besides - where would you draw the line?. At the moment the regulators place pressure on the banks to determine the level of criticality and in fact the EBA [European Banking Authority] guidelines on outsourcing make it clear that it is the bank's responsibility to have a view on what is critical and what isn't."
On the potential danger of using cloud through outsourcing, Adam comments: "The cloud is inherently more resilient than traditional infrastructure. But you can still deploy legacy problems to the cloud and it will still fail. Cloud native businesses tend to adopt best practice, such as ‘design for failure’, just in time provisioning, multiple availability zones and so on."
He concludes: "The big cloud providers can deploy data and operations across multiple geographic zones, they use distributed computing, have the ability to quickly and consistently deploy tools across their networks, can do rapid software updates to deal with cyber threats, for example, and can do continuous integration. All this makes the cloud attractive."