Most industries have migrated applications and data to cloud to stay competitive in the market, revamp current IT landscape, create innovative products & services, increase revenue generation, reduce infrastructure capital, consolidate, and monetize enterprise data through advanced analytics capabilities. Financial services industry is relatively slow and most BFS organizations are still having their critical systems running on legacy technologies that require significant effort and cost to migrate to cloud. Moreover, regulatory bodies impose policies that restrict certain data migrating across borders.  Drawing an enterprise cloud strategy and roadmap is therefore essential to initiate cloud adoption. Private cloud model is a great option for BFS organizations as they have full control over infrastructure, data and services unlike the public cloud and can take advantage of the benefits that cloud computing offers. Private cloud typically are either Hosted, Managed or Virtual depending on role of cloud provider chosen by enterprise.

Why BFS organizations opt for Private Cloud

• Banks typically setup a private cloud within their data-center or hosted by a third-party service provider for usage by that organization and is not shared with any other organizations. Some of major Financial Service Groups have established exclusive cloud infrastructure to be leveraged by their regional business to capitalize on cloud benefits. However, in a public cloud setup infrastructure is shared across multiple organizations.
• In general, banks prefer private cloud as it has control when it comes to data-privacy, compliance, security and service availability compared to public cloud
• Better performance when all applications are available within the same network
• Increase in costs associated with movement of data to and from the public cloud compared to private cloud.
• Chances of vendor lock-in higher in public cloud PaaS services thus preventing migration to other providers
• Impact to business when public cloud services face a downtime

In addition, banking regulators are concerned over potential impact to critical business functions and impose penalties on FIs causing interruptions to services impacting customers. Security, Data-privacy, Operational resilience, Concentration risk are key factors governing migration of application workloads to cloud. While most providers are compliant towards these broad factors, application owner have an onus to ensure implementing various checkpoints to  compliance. Prudential Regulatory Authority emphasizes on cloud providers operation resiliency based on concerns of impacts to UK customers due to outage. European Banking Authority has laid out guidelines for banks to have exit strategy in place to mitigate business impact due to high dependency on any service-provider. General Data Protection Regulation calls for data storage and processing by cloud providers with higher degrees of control. After 4 years of GDPR in effect, still many organizations are not fully compliant. PCI-DSS does not restrict storing card data in the cloud and has laid out guidelines to secure data when stored outside the organization that is a shared responsibility between the cloud-provider and the bank that needs to be clearly understood by the latter.

Suitability & patterns of migration in BFS

 While many of the Fintechs, small and new-age digital banks have built their platforms directly on the cloud, many of the mid and large banks are still running on-premise infrastructure and are trying to move their workloads to cloud. Core banking functions are critical systems having huge financial impact in case of security breaches and are most suited for private cloud.

Channels and enterprise content management systems, Enterprise Integration, IT Development are suitable for private cloud while Enterprise tools such as email and office, human resource management, ITMS capabilities are more suitable for SaaS-based models.

When it comes to addition of new-age capabilities, there are readily available cloud solutions catering to credit risk analysis and scoring, financial portfolio planning, cards payments processing, regulatory reporting, insurance claims, settlement, and advanced analytics.

 Some of the common migration patterns seen in private cloud migrations are

1. OS replatforming due to end of service support
2. Moving out of licensed software and technology standardization
3. rearchitecting into cloud-native applications currently running on unsupported technologies
4. rehosting due to Data-center exit
5. containerization and building cloud-ready applications
6. database replatforming
7. batch and ETL processing, scheduling, and file-transfers
8. file-shares and storage migration
9. migrating COTS products to cloud

Prominent providers in Private Cloud space are

• VMWare
• HPE
• IBM / RHOS
• OpenStack
• Oracle
• Dell EMC
• Cisco
• Pivotal

Considerations for migrating applications to Private Cloud 

1. Cloud migration requires functional and technical understanding of applications and migration architects need to analyze their characteristics well  

• Low CIA-rated (Confidentiality, Integrity & Availability) applications can be migrated first
• Internal and non-critical applications can be good a start before migrating Internet facing applications
• Applications having minimal number of interfaces can be targeted in initial waves. Applications having many interfaces to on-premise applications/systems on-premise will have different inbound/outbound data exchange formats and need significant testing
• application using shared database, DBLinks, RPC calls, high-performance infrastructure, large-sized database, complex stored-procedures with embedded business functions and non-standard protocols needs detailed analysis to assess compatibility in target platform

      2. Application selection for migration can be made based on business functions that are related. In large scale or enterprise-wide migrations, identify application inventory along with their dependency map across the business-line or portfolio. In every migration wave, grouping applications and application components that are part of a user-journey can help minimize disruption to business and help focusing on stabilizing migrated functions on the cloud by timing the cutover activities during periodsof minimal business impacts.

    3. Identify repeatable technology migration patterns, develop migration procedure handbooks, and                    create tools to accelerate migration.

    4. Assess cloud foundation readiness to support needs of application migration and remediate any gaps          prior to starting application migration

    5. Cutover strategies to be drawn differently based on type of applications. Channels based applications          having high user-base could adopt canary-deployments whereby cloud performance can be                          monitored and fine-tuned to optimal performance before peak traffic is serviced from the cloud

   6. Decommissioning on-premise infrastructure resources is key towards successful migration and hence           the period of co-existence between legacy and cloud systems needs to be minimized to achieve                   intended financial benefits of migration

   7. Plan and estimate effort towards creation or adapting existing CI/CD setup and non-functional testing           considering changes to infrastructure even when there is no code-refactoring required

BFS organizations need to develop a clear strategy and roadmap for cloud migration considering business value delivered, future-proofing applications, controlling cost and ensure regulatory compliance in order to stay relevant in the market. Until such time these are achievable in the public cloud with proven advantages, banks need to continue enhancing their capabilities in the private cloud and enable their workloads to be cloud-ready so they can be portable anytime with minimal disruption.