The Depository Trust & Clearing Corporation (DTCC), the premier market infrastructure for the global financial services industry, today issued its latest white paper, “Cloud Technology: Powerful and Evolving”, which outlines key issues and best practices for firms considering cloud adoption.
Today, a growing number of financial service organizations are using the cloud to deliver tangible business benefits including risk reduction, capital efficiencies, improving time to market, and to take advantage of new capabilities. As industry wide adoption of cloud services expands, regulated entities are working closely with regulators and policymakers globally.
While the competitive advantages for firms to embrace cloud technology are significant, the white paper highlights a number of business and regulatory issues which must be considered before embarking on a cloud adoption journey, including the:
- State and cost of the existing solution.
- Appropriateness of cloud technology for business purposes.
- On-going support for data security and privacy, in accordance with laws.
- Ability of cloud technology to meet clients’ resiliency and performance demands.
BEST PRACTICES
As the financial industry continues to move to the cloud, financial services firms, industry advisory boards, associations and cloud service providers (CSPs) have worked in coordination to ensure that the core values underpinning financial markets – including resiliency, security and privacy – are maintained.
These collaborative efforts have led to the establishment of a number of best practices that are critical to maximizing the value of cloud technology, while ensuring the requisite controls and management capabilities are in place to mitigate risks. These best practices can be categorized as follows:
- Regulated Entity Obligations: Cloud strategy, cloud governance, proactive security controls oversight, and exit strategy.
- Foundational Technology Capabilities: Architecture, automation, on-premises cloud options, lift and shift vs. design for cloud.
- Resilience and Resilience Verification Capabilities: Failover and disaster recovery, resilience, and chaos engineering.
- Cloud Vendor Obligations: Contractual agreement considerations, security considerations, evidence of available capacity, and data localization and privacy.
FUTURE CONSIDERATIONS
DTCC’s cloud journey continues, and key considerations that have helped inform the development of the firm’s cloud capabilities and are recommended for further consideration, include:
- Applications should be developed using “cloud-ready” technologies and approaches.
- Firms should focus on automation and layering of technologies to best leverage cloud-hosted applications.
- Alerting and monitoring are core elements of resilient and secure operations.
- The establishment of a principles-based, harmonized regulatory framework could better support further adoption of cloud services.
- A common lexicon of cloud terminology would foster effective, cross-sector communication and increased understanding of regulatory requirements.
“Over the past three years, DTCC has made significant advances in shifting a number of workloads to cloud hosting,” said Robert Palatnick, Managing Director and Global Head of Technology Research and Innovation at DTCC. “Along the way, DTCC, like other institutions, has learned that cloud hosting can bring significant benefits to many classes of applications including cost efficiencies and risk mitigation. By sharing our experiences and best practices with cloud technology in this white paper, we aim to help the financial services industry to build even more robust cloud implementations while embracing standards and best practices.”