Banks Look Up To The Cloud

Banks are growing more comfortable using other companies’ servers instead of their own closely guarded data centers -- and that longstanding security concerns are fading.

Imagine closing your eyes and asking the voice-activated Amazon Echo on a nearby shelf when your next car payment is due. Just a few years ago, banks would have needed a houseful of their own computers to provide such service.

Instead, new capabilities announced by Capital One Financial Corp. run on Amazon.com Inc.’s cloud. 

For years, banks have been outliers, shunning web-based data centers run by Amazon, Microsoft Corp. and International Business Machines Corp. Pressures to reduce costs and innovate are changing that. Of the world’s 38 largest financial institutions and insurance companies, 25 have signed up with Microsoft and are beginning to put applications in the cloud. Capital One, the eighth-largest U.S. commercial bank, started deploying applications in cloud services in early 2015.

“The momentum has been tremendous, especially in the last six months,” said Karen Cone, general manager of worldwide financial services at Microsoft.

Banks are trying to speed up internal development to keep up with innovative startups that are reinventing everything from cross-border payments to bill pay and doing it faster by using the cloud. The lenders look to the cloud as a way to lower costs and improve profits in a climate of stiffer capital rules and low interest rates.

Capital One added to the services it first started offering through the Amazon Echo in March. The bank became the first company to give customers access to auto, mortgage and home-equity information using Alexa, the Echo’s voice-activated assistant, providing answers to questions such as “How much is my next mortgage payment?” and “How much more until my motorcycle is paid off?”

“The primary motivation for the banks to do this is because they want to create agility and flexibility in their middle and back office that would let them digitize their business on an end-to-end basis,” said Likhit Wagle, general manager of banking and financial services at IBM, based in Armonk, New York. “They want to be able to automate all of their processes.”

Two developments have contributed to the bankers’ growing embrace of cloud computing. Regulators have welcomed the shift and cloud companies have revamped their practices to accommodate lenders. “We see no fundamental reason why cloud services (including public cloud services) cannot be implemented, with appropriate consideration, in a manner that complies with our rules,” the UK’s Financial Conduct Authority said this month when it published new guidance for the industry.

Financial Services

Microsoft, based in Redmond, Washington, created a special financial-services compliance program that gives banks full access to all audit reports, notification of any security incidents and provides them with a road map on upcoming security and privacy features.

“I know from our own checks that both Amazon and Microsoft are all over the global banks,” said Karl Keirstead, a software analyst for Deutsche Bank AG. “This is a massive opportunity and prize that the public cloud vendors are well aware could move the needle for them.”

The transition to the public cloud began in Europe and Asia. Commonwealth Bank in Australia has begun using web-based computing for development and testing new software, and running its website, for example.

Major Savings

“Through this hybrid approach of combining the use of public cloud with our internal cloud, we have realized major savings in infrastructure costs and reduced project delivery times,” Nick Giles, executive general manager of IT Delivery Services at the bank, said in an e-mail. “As a result, we have been able to channel that capital toward innovation and customer-facing technologies.

Singapore’s DBS Bank said it will use Amazon Web Services and expects to move as much as 50 percent of its computing needs to the cloud by 2018

Capital One, based in McLean, Virginia, is so happy with cloud services it’s closing data centers and expects to be down to three from eight by 2018.

“There’s nothing we aren’t willing to put in the public cloud,” said Rob Alexander, Capital One’s chief information officer. “We are now doing the vast majority of all our new development in the public cloud, and we are systematically moving our legacy applications.”

Larger banks are expected to follow in coming months, though they are expected to do so cautiously. Many are starting by putting marketing, human resources and other non-core applications onto the cloud -- usually, no more than 10 percent of their total applications, according to IBM’s Wagle. Other parts of the businesses will take longer.

“Banks move slowly, especially regarding IT decisions with regulatory implications,” said Keirstead of Deutsche Bank Securities. “Hence one should expect any move to be gradual.”

Information-Management:  

 

« ISIS Is Tooling Up For Cyber Jihad
Hacking May Prompt Heightened US Election Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

ThreatSpike Labs

ThreatSpike Labs

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes.

Steganos

Steganos

Steganos offers highly secure and easy to use software tools that protect and secure on and offline data.

Emsisoft

Emsisoft

Emsisoft protects your devices against all types of malware, ransomware and other threats with no-bloat anti-malware & antivirus solutions.

Cybercrime Investigation & Coordinating Center (CICC)

Cybercrime Investigation & Coordinating Center (CICC)

The Cybercrime Investigation and Coordinating Center (CICC) is an attached agency of the Philippines Department of Information and Communications Technology (DICT).

UPX Technologies

UPX Technologies

UPX Technologies is one of the largest digital security centers in Brazil providing full protection for data, networks and content.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

High Security Center (HSC)

High Security Center (HSC)

High Security Center provide real-time threat protection. We protect your company from targeted and persistent attacks using technologies such as Machine Learning and Behavioral Analysis.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

LetsData

LetsData

LetsData uses AI to provide governments, intergovernmental organizations, civil society, and businesses with data-empowered decisions on communication in the age of online disinformation.

BJSS

BJSS

BJSS is an award-winning technology and engineering consultancy for business.

Chaos Computer Club (CCC)

Chaos Computer Club (CCC)

The Chaos Computer Club is Europe's largest association of hackers.