Although UK banks’ use of cloud computing is covered by the PRA’s operational resilience framework, concerns are mounting over the scale of disruption that could be unleashed if one or more of the services were to fail or be subject to a cyber attack at the same time.
According to people familiar with the PRA’s plans, the regulator is also considering the introduction of more robust outage and disaster recovery tests. The security of customer data remains regulators’ chief worry, but UK banks’ reliance on a handful of providers is also emerging as a concern, the people said.
Common-sensical observations intrigued me from regulators for fintech in the UK. Increasing reliance on cloud represents a golden honey pot and sum total of consumer aggregated data for the consumers. It would mean a single point of failure for critical infrastructure.
Whenever billing systems go down in a hospital (sometimes quite often), the issues can boil down to poor backend and server support (even for on site infrastructure). IT systems remain the backbone for successful operations and require more investment in robust hardware and pipes, including fault resilient software like Linux. Cloud computing for service provisioning remains a major disadvantage – you are entrusting your entire business to third party entities, and legal contracts are worded to shield executives from any pilferage of data. No one can “agree” on the best practices, and I doubt anyone would rely on 2 factor authentication as a routine.
Nevertheless, this is a good reminder to keep local back-ups, and cloud computing doesn’t save money – it builds in more costs. Besides, data egress costs are more and you can’t shift your cloud providers on a whim.