Large banks and public cloud services aren't two things you typically hear paired hand in hand, but as CIO reports, more and more significant financial institutions are dipping into the public cloud waters:

The financial services industry has avoided entrusting its data to public cloud vendors, even as Amazon Web Services quietly acquired thousands of business users. Banks and insurance firms feared rigorous regulatory scrutiny should their data become compromised in a breach at one of their cloud vendors.

As an analyst quoted in the CIO report notes, a significant tipping point came at last year's AWS Re:Invent conference, where Bank of America CIO Rob Alexander described how the company was making a nearly wholesale move to the cloud platform. (Read our coverage from the time here.)

CIO also found and interviewed another prominent bank that's moving onto the cloud, following a shift in mindset:

When Stephanie von Friedeburg became the CIO of World Bank in 2012, the nonprofit bank was profoundly averse to risk. She recalls explaining the potential benefits of cloud computing to her legal team, only to have a lawyer tell her, “That’s like taking every important piece of information the bank has, putting it in a cardboard box, writing ‘free’ on it and setting it on the curb.” Though a gross exaggeration, this stance underscored the paranoia accompanying public cloud.

But Von Friedeburg wouldn’t be denied; she made her case that the business agility of public cloud outweighed the risks. World Bank soon began migrating several functions to public cloud software, and stated an ambitious goal to reduce the bank’s data center footprint from five to one.

The full CIO report, which goes into how World Bank negotiated a satisfactory contract with AWS—it took 10 months—and developed a security framework for deciding which applications could be moved into the public cloud, is well worth a read.

Analysis: Banks' Bet on Public Cloud Is Telling

Other influencing factors have helped banks become more comfortable with the public cloud, says Constellation Research VP and principal analyst Holger Mueller. For one thing, entities such as NASDAQ and the U.S. Securities and Exchange Commission are already on board with and using AWS. Of the latter, "the banks are saying if the regulators are in the public cloud, then we can be too," Mueller notes. Moreover, modern trading platforms demand the kind of scalability and elasticity public clouds provide, he adds.

Another key driver was Google's "pay less compute Moore" pricing strategy, which undercut AWS and other public clouds significantly, prompting a pricing war that has simply made many private cloud plans cost-ineffective, Mueller adds.

"The time for cloud has come," says Constellation Research VP and principal analyst Steve Wilson. "This statement might tempt fate but the only data operations not being hacked or breached now—as far as we can tell—are the cloud superpowers. The safest place for your data does appear to be the public cloud superpowers."

"I caution that businesses still need their own security experts," Wilson adds. "You will never ever outsource accountability to service providers. Companies using cloud services remain legally responsible for what happens in the cloud."

Reprints
Reprints can be purchased through Constellation Research, Inc. To request official reprints in PDF format, please contact Sales.