This year’s Enterprise Cloud Index report, reported that financial services outpaced all other industries in the adoption
of hybrid cloud reaching 21% penetration today, compared to a global average of 18%. Whether it is purely with the public cloud providers, or more typically in a hybrid cloud model, utilising a mix of private cloud capabilities and multiple public cloud providers
is more focused on agility and speed of delivering change - whether as a FinTech with no legacy, or an incumbent firm. However, whilst most financial services firms have adopted some form of hybrid cloud, the focus is now turning to multi-cloud.
In a recent Flexera survey,
84% of respondents said they are working with two or more of the public cloud providers and actively have a multi-cloud strategy. However there is still much debate as to what multi-cloud actually is – ask any two firms who have a multi-cloud strategy what
it means to them, and you will likely get two different answers. Multi-cloud could be where more than one of the public cloud providers are used by a firm, with each being used for specific workload types, or it could be where the same workloads are run across
multiple public cloud providers. In the former, the drivers are typically to leverage specific IP available from different public cloud providers to enable a firm to accelerate a business idea or offering. In the later, the driver is typically regulatory or
With wider adoption of the public cloud providers by financial services firms, the various regulators have all started to focus on how to understand and mitigate the risk posed by multiple institutions relying on the same underlying providers. One example
of this is the Financial Stability Board (FSB), an international body of the G20 central banks and supervisory organisations, which noted is concerns about the concentration risk of cloud services in the financial markets in a report issued
earlier this year. Similar to this view point, the UK Governments Treasury Committee recently released a report that explored IT
Failures in the Financial Services sector. In this report they too highlighted the potential concentration risk that the large public cloud providers pose, with a recommendation that the UK Government should urgent consider how best to regulate cloud service
providers, and that regulating them as a critical infrastructure (the same as payment processing companies such as Vocalink) may be necessary.
Another example would be the advice given by the UK’s FCA which treats the use of public cloud by regulated firms the same as it treats
outsourcing the provision of any services; a key requirement being that “firms should have exit plans and termination agreement that are understood, documented and fully tested” as well as knowing “how [a firm] would transition to an alternative service provider
and maintain business continuity”.
There are many challenges to effectively supporting a multi-cloud strategy within a firm – these range from how do you ensure you have the right skills in your workforce, to selecting the right tools to effectively manage services on multiple cloud providers
environments, to effectively managing security and compliance across both your private cloud, as well as the environments managed within multiple cloud providers.
Firms that are looking to adopt a multi-cloud strategy to support portability of applications across multiple cloud providers, have typically already embarked on an approach to modernize their applications and leverage architectures such as micro-services,
container deployment patterns etc. Both Microsoft and Google Cloud have come to market with solutions to enabling a multi-cloud strategy.
In April 2019, Google Cloud announced their hybrid-multi cloud product set – Google Cloud Anthos. One of the key capabilities of Anthos is that it allows organisations
to deploy both virtual machines as well as container based applications in Google Kubernetes Engine (GKE) on Google Cloud Platform, or on GKE On-Prem within a customer’s data centre. In addition, support for GKE on both Microsoft Azure and Amazon Web Services
is also planned, thus providing the ability for firms to be able to do deploy the same application, using the same tool set across multiple public cloud providers. Six months later, Microsoft have also announced Microsoft
Azure Arc. Similar to Anthos, Arc also focuses on services at edge use cases too.
Whilst both Google Anthos and Microsoft Azure Arc helps support the application mobility, applications are only as powerful as the data they access. It is critical to understand the underlying data mobility services, in particular to enable consistent data
services and to manage the implications of data gravity. Data gravity – a term first coined back in 2010 – is the idea that data and applications are attracted to each other similar to the attraction between objects that are explained by the law of gravity. As
enterprise datasets grow larger, they become harder to move; thus applications and processing power will need to be nearer the data that it is consuming.
Whether a firm is looking to adopt multi-cloud to leverage best of breed IP on different public cloud providers, or they are looking to adopt multi-cloud to meet regulatory requirements, what is key is both ensuring that they have the right operating model
and skills to support multiple cloud providers, as well as understanding what services to deploy where.
To conclude, over the last twelve months, more and more banks are talking publicly about what they are doing in the hybrid cloud space; they are getting confidence both to look to change, but also to talk about their experiences. I think over the next twelve
months we will see more of a shift in conversation around how they are successfully adopting multi-cloud strategies. However it is important that we do not forget that moving to any cloud model is not the ultimate outcome – it is about enabling what the business
is overall trying to achieve.