Multi-cloud, multi-headaches?
As banks embrace cloud computing, many are adopting a multi-cloud strategy, utilising services from multiple cloud providers like AWS, Microsoft Azure, and Google Cloud.
While a multi-cloud strategy offers potential benefits for banks, it also introduces significant challenges
While this approach offers benefits like avoiding vendor lock-in and leveraging the strengths of different providers, it also introduces significant challenges that banks must navigate carefully.
One of the primary challenges is ensuring compliance with regulations like the Digital Operational Resilience Act (DORA). DORA mandates that banks must have robust resilience measures in place to mitigate the risks of IT disruptions, including the ability to swiftly switch to alternate cloud providers in case of an outage or service disruption on their primary platform. This requirement necessitates that banks design their systems and applications to be portable across different cloud environments – a complex and resource-intensive undertaking. This is a separate task to designing solutions to be truly cloud native as I have written about previously.
Achieving true cloud portability requires adhering to open standards, avoiding proprietary services, and abstracting away cloud-specific dependencies. This often involves refactoring or re-architecting existing applications, which can be a daunting task for banks with extensive legacy systems and monolithic architectures. Failure to properly plan for portability can lead to vendor lock-in, negating one of the key benefits of a multi-cloud strategy.
Another challenge lies in managing and optimising costs across multiple cloud providers. Each provider has its own pricing models, billing mechanisms, and cost optimisation strategies, making it difficult to maintain a consistent and efficient cost management approach. Banks must invest in specialised tools and expertise to monitor and optimise cloud spending across their multi-cloud environment, ensuring they are not overpaying for resources or services. As I mentioned last week, this is a burgeoning area called FinOps.
Security and compliance are also critical concerns in a multi-cloud world. Banks must ensure that their data and applications are protected according to industry standards and regulations, regardless of the cloud provider they are using. This requires implementing consistent security policies, controls, and monitoring across all cloud environments, as well as maintaining a comprehensive understanding of each provider’s security offerings and shared responsibility models.
Furthermore, managing and maintaining a multi-cloud infrastructure requires specialised skills and expertise that may be in short supply. Banks must invest in training and upskilling their IT teams or partner with third-party experts to ensure they have the necessary knowledge and capabilities to effectively operate and maintain their multi-cloud environments.
This week, I’m just saying that while a multi-cloud strategy offers potential benefits for banks, it also introduces significant challenges related to compliance with regulations like DORA, achieving true cloud portability, cost optimisation, security and compliance, and specialised skill requirements.
Banks and core banking solution providers must carefully evaluate these challenges and develop robust strategies to mitigate the associated risks and complexities.
About the author
Dharmesh Mistry has been in banking for more than 30 years both in senior positions at Tier 1 banks and as a serial entrepreneur. He has been at the forefront of banking technology and innovation, from the very first internet and mobile banking apps to artificial intelligence (AI) and virtual reality (VR).
He has been on both sides of the fence and he’s not afraid to share his opinions.
He founded proptech start-up AskHomey (sold to a private investor in spring 2023) and is an investor and mentor in proptech and fintech. He also co-hosts the Demystify Podcast.
Follow Dharmesh on X @dharmeshmistry and LinkedIn.
Read all his “I’m just saying” musings here.
