Asian Banks Are Adopting Cloud Computing, But Best Practices Are Scarce

Ahead of the publication of my full report in mid-April, I wanted to follow on from my recent blog post and expand on the topic of cloud adoption in the Asia Pacific (AP) banking sector. Despite some views to the contrary, all AP banks will ultimately leverage cloud-based services and capabilities; most already do. The real challenge is mapping workloads, processes, and data to the various flavors of cloud approaches — in other words, it’s still a portfolio management exercise.

Legacy application architectures and inflexible software licensing practices will certainly influence, and potentially hinder, cloud adoption. But while banking regulations will continue to heavily influence cloud strategies, they don’t forbid them. Senior technology and business decision-makers in the AP banking sector should therefore consider the following:

  • Don’t wait for detailed guidelines from banking regulators before acting. The AP banking industry is moving far too fast for local, regional, and global banks not to explore opportunities to increase agility and responsiveness, improve customer engagement and quality of service, and lower ongoing IT operational costs. Regulators are naturally conservative — as they should be — but are also lagging behind in cloud understanding and/or the outbound communication of cloud-related policies and guidelines. We therefore expect cloud regulations to evolve significantly as regulators are influenced by project proposals, pilots, and even existing implementations that clearly demonstrate the value of cloud-based approaches. More importantly, regulators will need these projects to better understand that the clear, technology-related risks of the various flavors of cloud computing are no different than the technology-related risks of all IT projects. Ultimately these risks boil down to technology governance, risk management, and contingency planning.
  • Extend existing best practices to identify logical starting points. Embrace cloud-based services and capabilities by prioritizing the relative importance of data, based in large part on data residency and privacy regulatory requirements, and start with less important data. The use of public and virtual private cloud-based services and resources is now critical to continued growth, even if the initial focus is only on “nonmaterial” systems.
  • Leverage vendors to help ensure project compliance and clarify regulations. Cloud service providers certainly have a role to play in educating regulators from a technology standpoint: In particular, to minimize concerns and confusion and increase the overall awareness of cloud capabilities and services relative to data residency, security, and privacy concerns. For banks in Asia Pacific evaluating cloud-based options, the primary value of cloud service providers is ensuring that the cloud solutions they offer comply with existing regulations and helping customers and prospects ensure that their planned cloud initiatives are also in compliance. This typically means that cloud service providers must work with banks’ security, risk, and legal teams and assist in constructing agreements that comply with existing regulations. In fact, we believe that cloud service providers’ ability to effectively map and adapt their solutions to customers’ risk frameworks is rapidly becoming a critical success factor.

As you continue to steer more of your technology spending towards systems of engagement, the appeal of cloud-based approaches will grow. Consider the above best practices to minimize risk while ensuring that you’re able to meet the ever-expanding demands of empowered customers.