Blog article
See all stories »

The Cloud is ready for Banks but are Banks ready for the Cloud?

Of all industries banking has been amongst the slowest to migrate core processing to the cloud. There is no doubt that the few cloud providers that started their businesses purely designed for the cloud have sophisticated, complete and secure offerings so what are some of the reasons for banks to consider using public cloud services?

Reduce costs

Reducing is always given as the number one reason to switch to the cloud and there are plenty of business cases that prove that to be true. Not least of all the ability to close data centres and reduce the headcount that is required to support IT infrastructure. On top of that is reducing the capital tied up by IT and deploying it in a more effective way for the business.


The ability to flex and pay for only the resources that are consumed whether it is storage, memory or processor power is a significant benefit for banks as all On Premise banks have very large quantities of redundant capacity both for operational and disaster recovery purposes.

As a simple example, the ATM network needs to comfortably support peak volumes. In the UK this is typically around 1.10pm on Christmas Eve where there is a huge spike in the number of people withdrawing cash for the Christmas period. This capacity is not only required in the operational system but also in the disaster recovery system should failover be required. Customers will certainly remember banks that weren't able to dispense cash on Christmas Eve. For the rest of the year much of that capacity will remain idle with maintenance bills and licences still being charged.

For Paypal there is nothing to fear from Black Friday or Amazon Prime Day, when enormous spikes are experienced. Paypal uses public cloud services and only pays for the volumes that are used and only for when they actually used it.


Scale Public Cloud providers have the numbers of data centres and nodes that banks simply cannot afford. They have the networks and dark fibre because they need them to provide their service. Because providing a resilient service is critical to staying in business and because their businesses were created and designed from day one in the cloud they have the advantage over those who have started from an on-premise mindset and move to public cloud.

It is unheard of that Amazon, Google or Facebook are not available? Public cloud providers do not put out notes to their customers like the one reported below.


Banks are under constant daily attack from hackers trying to break through their security and steal customer data or hold banks to ransom. As has been seen banks can and have been breached. However the providers of cloud services whose sole business is the provision of secure services to customers have much deeper pockets to hire the best and to invest in providing the most secure Identity & Access Management systems. Because their systems were designed for the cloud from day one and they employ the smartest technical people with the same mindsets as the hackers they have proved in many respects to far more secure than on-premise. If they weren't why would they be used by the security services?


With increasing mobility of both customers and employees being able to access systems from anywhere in the world on any device at any time is increasingly being demanded. A public cloud solution makes this far easier than an on-premise solution.


By moving to a standard public cloud architecture, the overall IT architecture is simplified. Most banks have grown over time and so has their banking architecture which has led to a heterogeneous architecture made up of a mix of hardware and software of different ages that requires integration.

Regulator approved

A concern that has been often expressed is that the regulators would not approve banks using public cloud. However that is not correct – Monzo is an example of a challenger bank that is running entirely in the public cloud.

Even in more conservative countries such as the Kingdom of Saudi Arabia the central bank, SAMA (Saudi Arabian Monetary Agency) has approved the use of the public cloud by banks.

Not only that but Central banks and regulatory bodies such as FINRA are big users of public cloud as it gives them the ability to work on large datasets, structured and unstructured data, supercomputing and analytics tools to carry out tasks such as identifying fraud and suspicious trading in real-time and only paying for it when they need it.

Designed for Mode 2 Development

As increasingly banks look to innovate using Mode 2 Development methods then setting up and managing environments and tools to manage this is made much easier when using a public cloud provider. For those providers who have designed their businesses for the cloud from the start Mode 2 has always been the market they have served. All the exponential organisations started out being developed using Mode 2. It is far easier for a Mode 2 cloud infrastructure provider to move to Mode 1 (traditional development) than it is for a Mode 1 organisation to move to the provision of Mode 2 cloud services.

Access to innovation

The large scale public cloud providers have been where the innovation around new technologies has all been taking place whether it is AI (Google DeepMind), Voice (Amazon's Alexa, Microsoft's Cortana), Image Recognition (Amazon x-ray), Autonomous Vehicles (Google Waymo), Augmented Reality (Google Tango, Pokemon Go) or Gaming. These are the technologies that banks and other financial services providers need to embrace if they are to be relevant and able to compete.

Public cloud is ready to enable the future of banking. The challenge for banks is to embrace and exploit what public cloud offers. 


Comments: (15)

A Finextra member
A Finextra member 23 August, 2017, 08:521 like 1 like A key title missing from your list is control. Banks like to have control. Outsourcing to the cloud means handing over control to a 3rd party. Monzo is a great example of potential pitfalls, with several recent customer impacting outages blamed on unreliable 3rd party providers. How should banks use the cloud whilst maintaining their desire for control?
A Finextra member
A Finextra member 23 August, 2017, 10:50Be the first to give this comment the thumbs up 0 likes

Public Cloud does not mean that control is lost it is more about allowing those with the expertise to do the tasks that they know best and allow the banks to focus on banking. Monzo outsourced certain functions in order to get up and running while developing their own solutions which will almost certainly continue to be hosted in the public cloud.

A Finextra member
A Finextra member 23 August, 2017, 13:34Be the first to give this comment the thumbs up 0 likes

Excellent post. Geezeo has been on AWS since 2007. Amazon has offered our company and clients remarkable flexibility, scale and control. We have seldom had push back from banks or credit unions regarding cloud services. In fact, we see larger financial institutions pushing towards cloud services as their appitite for innovation increases.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 23 August, 2017, 17:31Be the first to give this comment the thumbs up 0 likes


I thought "banks want to be tech companies". By pushing towards cloud services, won't they push back to being banks?:)

A Finextra member
A Finextra member 23 August, 2017, 17:461 like 1 like

Ha! I hear that all the time. I'm of the opinion that the cloud can empower just about any industry. 

A Finextra member
A Finextra member 24 August, 2017, 07:41Be the first to give this comment the thumbs up 0 likes

In response to Ketharaman by moving onto the public cloud it allows the bank's IT staff to focus on  innovation rather than the boring infrastructure maintenance. As the article states in the public cloud the professional Bank IT staff will find a far broader range of innovative tools than they will find either in the private cloud or in their internal IT department.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 24 August, 2017, 08:43Be the first to give this comment the thumbs up 0 likes

Whenever a cloud provider says "security", it means keeping customer's data secure from unauthorized third parties. But what about keeping customer's data secure from first party i.e. itself? IOW, what if a cloud provider uses Bank A's data to provide insights to Bank B? How many banks are ready for this? 

PS: I've posted a similar comment below Why migrating to the cloud offers more security than you might think

A Finextra member
A Finextra member 24 August, 2017, 08:47Be the first to give this comment the thumbs up 0 likes

In response to Ketharaman under GDPR that would be illegal without the overt permission of the customer and the fines would be 4% of global revenues so given the revenues of the major cloud providers it is extremely unlikely that that is going to happen.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 24 August, 2017, 09:29Be the first to give this comment the thumbs up 0 likes


TY for your reply.

If I understand this and this FORTUNE magazine articles correctly, Salesforce and Oracle are planning to do something like this. Nature of insights include:

  • Is there a major client that you haven’t heard from in awhile or who has been name-dropping your competitor in email or on social media? It’s time to reach out.
  • If you have hundreds or thousands of sales prospects on a list, how do you tell the potential winners from the duds?
  • Detect if a competitor is mentioned on an email thread.
Rodney Farmer
Rodney Farmer - Realtime Transactions - Little Rock 28 August, 2017, 15:541 like 1 like

Various banking corporate networks and underlying data are well suited to the cloud.  Other, more sensitive data rightly demands greater protection.  Makes me think that Monzo's card issuing, authorization and exception handling are not cloud based but tightly secured according to PCI DSS standards.  Other sensitive account and password data should be handled very carefully, if not in a private cloud, as well. 

As for resilience, Google "cloud downtime statistics" and you will see all the major services have significant outages that impact top companies across continents.   That should not happen in high availability environments.  Cloud must perform better.  

Operational challenges are the final issue.  Banks have very large, sophisticated software stacks that require specific release management, testing and promotion that is further complicated by cloud solution.

All these challenges are being addressed by the cloud providers (and software vendors) who will eventually succeed in closing each and every gap.  The banks will be eager when entire solutions are fully available.  In the meantime, it is comforting to know that banks are not penny-wise and pound-foolish on this topic.  

The transition has started with the challengers like Monzo.  How long before high street banks are 100% cloud?  


A Finextra member
A Finextra member 29 August, 2017, 09:30Be the first to give this comment the thumbs up 0 likes

Rodney - on security the investment that the public cloud providers have put into their Identity & Access Management exceeds significantly what most financial services institutions have invested so the question of on premise being more secure is increasingly invalid.

I would question Google downtime being an issue? When was the last time that you ran a query on Google and it said the system was unavailable? When resilience issues may arise is where corporations have badly implemented in the public cloud.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 29 August, 2017, 14:49Be the first to give this comment the thumbs up 0 likes

Just when you thought it was safe to move to the cloud, half a dozen Bitcoin companies like Sia will suddenly tell you, "When you store data on S3, it remains unencrypted on an Amazon server which is vulnerable to attack or misuse." As though that wasn't enough, these new-age storage space providers will promote their decentralized architecture by claiming "Users that value security and privacy tend to prefer the user-controlled approach over the company-controlled approach." Maybe it's only me but "User-controlled approach" sounds terribly like onpremise. Banks may gladly agree with that p.o.v. and smirk "we told you so". Presented with the opportunity to side with the coolest new kids on the blocks, banks may check the "do nothing" box and continue to keep their systems onprem.

Rodney Farmer
Rodney Farmer - Realtime Transactions - Little Rock 29 August, 2017, 16:10Be the first to give this comment the thumbs up 0 likes

Banks, if not everyone, expect physical security (Access and Identity); yet, most banks do not own the space but host/house with data centre providers in dedicated rooms or cages.  These environments are heavily partitioned, physically separated and firewalled.  Sensitive customer data and card data environments have layer upon layer of security features to prevent intrusion from in or outside the organization.  The nature of these large banking systems/software and hardware make secure, resilient, cloud deployment an impossible task today.....but it is coming.

Regarding the other topic: Sorry, I was using "Google" as a verb.  J

Look for articles like these:

Taking these at face value would suggest you need to plan for some unplanned downtime.  

Niraj Vaidya
Niraj Vaidya - Oracle - Mumbai 17 August, 2020, 08:16Be the first to give this comment the thumbs up 0 likes

Old article but still very relevant !

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 17 August, 2020, 11:57Be the first to give this comment the thumbs up 0 likes

This just in:

Oracle and Salesforce face multibillion dollar class action lawsuits for alleged GDPR violations caused by using data in the manner I described in my previous comment.

"It is to be alleged that Oracle's Bluekai and Salesforce DMP (formerly Krux) were misusing consumers' data by aggregating information collected from differing websites. That information was bundled up into profiles used to help them sell more effectively. Bluekai would collect data not just on one particular site but other sites too and then aggregate that data."

Now hiring