Six things financial institutions should know about moving to the cloud

Financial institutions are often wary about moving sensitive data to the cloud because of compliance requirements. But that’s a common misconception, according to one expert.

“For most Canadian financial institutions, it’s not a regulatory issue,” said Dan MacKay, Financial Services Compliance Specialist with AWS at a recent Canadian CIO virtual roundtable. “Whether or not a particular FI chooses to move sensitive data or personally identifiable information to the cloud is typically a matter of risk tolerance.”

Many financial institutions have moved production workloads with sensitive data to the cloud, said MacKay. Often organizations start with one workload that contains personal data. “What we advise our customers to do is to assess the workload against global security standards and our Well-Architected best practices to ensure the organization can demonstrate that they can achieve or exceed the same controls in the cloud as they currently have on-prem,” he said.

That was one of six key points that MacKay and Robert Cruz, VP of Information Governance at Smarsh, discussed with CIOs from the financial sector:

Cost savings is no longer the primary driver to cloud

Two years ago, the initial conversation with financial sector customers often started with costs, said MacKay. However, that thinking has changed since many FIs have had to incur transition costs to ensure they have the appropriate cloud governance and operations in place to meet regulatory expectations. Now, the primary drivers are the agility and scalability that cloud offers, he said. Cloud is about response time and speed to market, added Cruz. “Do you have systems that allow you to respond quickly? If you don’t, that is a cost.”

The participants noted that innovation is another key driver. “Cloud opens up a lot of opportunities we couldn’t imagine before,” said one CIO. Another said his company was motivated by the ability to connect third parties securely and separately from on-premises systems. “There will always be new ways that clients and employees will want to interact, and cloud enables that,” said Cruz.

The migration involves more than data

Migration strategies have evolved over time, as well, said Cruz. The focus now is on moving data selectively and in smaller components that are easier to manage.

However, it’s not just about how to move data. It’s really a change in management processes,” he said. “You have to look at how to adjust policies and training to make stakeholders comfortable because it won’t be the same.”

Think about an iterative plan

The approach is different for everyone, but few go “all in” on cloud at the start, said MacKay. “Most start with some experimentation and progress from there.”

Coordinate with stakeholders on compliance

The IT team shouldn’t be alone in developing the cloud strategy, said Cruz. “This must be done in concert with legal, compliance and other stakeholders involved in the decision-making process.”

As well, the organization must remember that it shares responsibility for maintaining compliance with its cloud provider and its software-as-a-service provider.

The cloud provider should work as a partner

Cloud providers have significant resources, such as expertise on compliance for specific sectors. “If your provider isn’t offering those types of resources, then push them to do so,” said Cruz.

The most common pitfalls are not technology-related

Most of the challenges in cloud migrations stem from organizational issues, said MacKay. “The number one thing is that leadership has a clear strategy,” he said. “If they don’t have the will, it can be slow and painful. But if there’s a will, there’s a way.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Cindy Baker
Cindy Baker
Cindy Baker has over 20 years of experience in IT-related fields in the public and private sectors, as a lawyer and strategic advisor. She is a former broadcast journalist, currently working as a consultant, freelance writer and editor.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now