Developing standards across cloud services - workshop summary
Cloud enables innovation but adoption in Capital Markets remains low - why?
The Association for Financial Markets in Europe (AFME) has recently set out 14 recommendations to help realise the full potential of public cloud computing across the capital markets industry, as issues such as legacy technology, security, regulatory concerns and standardisation have slowed uptake. One of the key themes of the research was that the industry as whole must continue to share knowledge, best practice, and promote standardisation and consistency, in how public cloud and wider cloud services are adopted.
The research identifies ample business benefits such as agility, innovation, improved cost management, efficiency, enhancing client experience and their service offerings. It is also recognised that it must be easier for organisations to move between cloud service providers to avoid being locked in or have over dependency on one provider. However, they estimate that less than 10% of banks surveyed had any of their current workload on the public cloud today. So how can this be achieved?
To explore these themes, I recently helped lead a workshop alongside David Ostojitch of AFME and John Gavin from ISITC, kindly hosted at the CISI. Held not long before the COVID-19 restrictions came in, the event was well-attended, with a good cross-section of the industry represented: from companies under five years old to institutions with over a century of trading and the FCA present too.
What was clear from the event was that regulators aim to protect consumers by ensuring 1) market fairness, and 2) operational resiliency. A fair market is facilitated via competition between firms. Firms, in turn, seek competitive advantage through innovation and agility. As we've seen from other industries, public cloud is a huge enabler of both. Fintech companies are now disrupting the capital markets sector just like the previous wave of challenger banks did in retail banking.
Despite identifying public cloud as "foundational requirement for enabling most other new technologies and innovations, and for driving future IT and business change," AFME reports that current adoption in the space is low, with fewer than 30% of survey respondents of the view there would be a "strong adoption of public cloud across the industry in the next five years."
Innovation arises in response to a particular need that is not currently met. It is common to see multiple solutions spring into existence to address the same need, leading to a fertile initial period of exploration and research. At this time, the new idea may represent a key competitive advantage to the originator.
On the left-hand side is genesis: highly innovative, rapidly changing/ evolving, often flaky. It may represent a closely guarded secret and their market differentiation . Innovation is the birthing of a novel idea, which may then undergo a journey towards mainstream acceptance and ultimate ubiquity. This is well described in "diffusion theory" and Geoffrey Moore's "Crossing the Chasm".
Over time, uniqueness/ competitive advantage diminishes; the weight of competing options becomes an impediment there is natural "thinning" of technologies; but not necessarily only one "winner". The conclusion of this is seen on the right-hand side where we find stability in the form of product, commodity and utility. This is produced when there is establishment of consensus driven often by market pressure, community best practices resulting from industry standardisation.
The Cloud Services Landscape
How does this picture change as we look to exploit cloud providers? What does "interoperability" mean in practice? A "lowest common denominator" approach is likely to be suboptimal.
The current crop of cloud service offerings lies along a wide spectrum. Don't over-analyse this; it's not intended to nit-pick, and we may well disagree about the relative positions of things.
Remember: novelty arises in a wild-west fashion where it's "exciting", then matures over time to become "boring". EVERYTHING started off on the left at some point.
We should expect differentiation: it's how cloud providers compete with each other; they will likely resist any attempts to "interoperate" which means different things depending which hat you're wearing: technical, business or regulatory.
In addition to the technical aspects there are of course the contractual and commercial terms to take into consideration. Cloud computing services are generally implemented on the provider's terms - although it can often be a struggle to figure out exactly what those terms are.
Some of the key issues that tend to recur in cloud contract negotiations include:
- customer control and visibility over subcontracting, with a general reluctance from providers to allow approval over, or even to identify, subcontractors.
- limitations on the provider's ability to change the nature of the services. (Here it's generally advisable for customers to focus on the commercial implications of such changes, rather than the right itself).
- privacy, jurisdictional and data security commitments.
- access to facilities for audit and inspection purposes.
- rights of the provider to suspend services, e.g., for non-payment or violation of an acceptable use policy.
- limitations of liability.
- exit provisions allowing the customer to extend service for a period after termination or expiry to allow migration to the replacement solution.
Could standards assist in these areas and promote easier facilitation of business between parties?
To take this forward specific dialogues are necessary. In particular the finance community need to determine:
- which cloud services are relevant right now?
- which are considered stable and in widespread use?
- which are currently constrained by regulatory pressure?
- is reliance on a single Cloud Service Provider too much "concentration risk"?
- which industry initiatives are currently in the "divergent" phase?
- which are currently over-differentiated?
- where would industry standards help? We understand that from the meeting on the 10th ISITC will be organising a Cloud Standards Forum to explore these issues further.
About the author
Alasdair Hodge, Principal Engineer at Cloudsoft
Alasdair is a solutions architect with 25 years' experience. An authority in cloud, software applications and automation across all major cloud platforms, he has been engaged in the design and optimisation of cloud services in baking and financed and other service-based sectors such as telecoms, electronic design, and supply-chain automation for over 12 years.