The dangers posed by data leaks and general compliance challenges, including the GDPR, are still defined as the biggest threats preventing public cloud migration, with over half of interviewees stating compliance. This is according to our recent research looking into the state of public cloud in banks.
Compliance teams are under increasing stress as more data protection regulations come into force. This impedes the progress of public cloud projects in banks for a number of reasons. Personally Identifiable Information (PII), which is the focus of the platinum-standard data protection regulation in Europe – the GDPR – is arguably at greater risk if stored in public clouds. This is because of the open nature of public clouds – other banks and the general public can share the same servers, and therefore banks have to relinquish control to the vendors.
If there is a data breach and unencrypted PII should leak, local data protection regulators need to determine where the fault lies: at the bank, the vendor, or the vendor’s subcontractors. With the GDPR coming into force, there is just as much penalty emphasis on the vendor (the “data processor”), as there is on the “data controller” (the bank). This has not been the case previously: the bank would be fully liable. Because of this change to how data privacy regulations work in Europe, there are now equal incentives for banks and their cloud providers to prevent data breaches. In addition, the specific security concerns posed by public clouds have been identified years ago, with cloud vendors often employing some of the world’s best cybersecurity and data protection experts to help allay any threats.
All of this makes using public clouds more appealing.
Furthermore, as more regulations appear, such as BCBS 239 and MiFid II, compliance hires are becoming more important. A bank’s compliance team needs to have eyes across the entire bank, and that will become increasingly difficult if more banks introduce public cloud projects before 2020. Arguably, the majority of our respondents in our research say compliance is the number one priority in 2018 in banks instead of public cloud projects. In all likelihood, once a fully-functioning compliance team is in place, there can be more engagement with public clouds, in general.
We have no doubt that compliance is the main focus for banks in 2018, but public cloud projects will increase in the next two years as compliance teams are given more resources.
To read our research into the state of public clouds in banks, please click here.