Stuart Turnham, Director Enterprise Field Development, EMEA at Equinix
With Basel III high on the agenda of the European banking sector right now, along with all its associated technology implications, it is perhaps not surprising that the wider community of institutional investors is looking beyond traditional technology models to ensure compliance. And while the increased reserve requirements of Basel III will drive higher costs of capital across the board, it is the new regulatory standards involving the holding of structured products, requiring more rigorous valuation processes and portfolio analysis, that will be particularly onerous for the buy-side.
Although investment firms are adapting to these market conditions, many of their existing IT models – in particular those relying on batch jobs and excel spreadsheets – are proving insufficient for the task post-Basel III, as firms will require more compute power and data storage than their legacy equipment can provision. So how can this be achieved on existing, or in some cases reduced, IT budgets?
Enter the cloud
From a technology standpoint, many capital markets firms are now starting to realize that the cloud provides the additional compute and storage capacity required for their ever-evolving IT workloads. And by introducing an efficient cost model for delivering computing utilities as services, the cloud is enabling users to completely change their technology architecture strategies to take advantage of this paradigm. In fact, according to a recent Aite Group survey* over 52% of capital markets firms already have cloud initiatives in place. For those that do not, a further 80% are expecting to implement cloud-based technologies over the next 24 months.
However, the research also indicates that cloud adoption is slower on the buy-side than it is on the sell-side. Why is this? With cloud initiatives gradually gaining momentum across the wider capital markets industry, with better technological offerings readily available, and with the obvious compute cost savings that can be applied to processes such as portfolio analysis, why do today’s buy-side organizations continue to under-utilize cloud computing when compared to their other capital markets counterparts?
Barriers to adoption
Barriers to cloud adoption on the buy-side seem to fall around three areas: compliance; security; and access to public and private cloud services.
Compliance: Investment firms have always needed to stay on the right side of regulators and avoid anything that could be deemed a compliance risk, so the issue of regulation and compliance is not new; it has always been high on the buy-side’s agenda. And from a compliance perspective, many firms are nervous about the issue of data storage – particularly customer data – in the cloud, especially where jurisdictional concerns or sensitive market data come into play. But how valid are these concerns?
The reality is that most cloud offerings do provide users with control over what is and is not acceptable regarding data storage, such as which data needs to be kept onshore for example. So although users might not know the exact location of where the information is stored, or where specific servers are running applications and models, from a regulatory standpoint compliance issues around data can be addressed.
In fact, on a wider level, regulatory bodies and cloud service providers are working more and more closely to address issues surrounding cloud usage in financial services, particularly in the US and Europe.
In the US, the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) are leading the way amongst regulators using cloud computing, encouraged by the US Federal Risk and Authorization Management Program (FedRAMP), which provides standards for – and ultimately authorizes specific cloud offerings as appropriate for use by – federal agencies.
Another US regulator, the Commodity Futures Trading Commission (CFTC), recently issued cyber security guidelines that, while not addressing cloud computing directly, set forth standards and put cloud squarely within the acceptable category.
In Europe, the EU has also worked to help cloud adoption, recently releasing proposed changes to the existing Data Protection Directive that would considerably simplify the process of moving data across borders.
Such initiatives, viewed by cloud providers as positive developments and a signal that regulators are open to the technology, should help to address many of the buy-sides’ concerns regarding compliance.
Security: With many investment firms using proprietary financial models to generate alpha and hence profits, it is perhaps not surprising that they focus on the security and secrecy of their intellectual property (IP) and how to keep it to themselves. As a result, many are wary of holding their models and associated applications and data in the cloud.
Their fears however stem from perceived, rather than actual, risks. And perceptions change. Over the last twelve years or so for example, there has been a major shift in perception around the relative security of in-house versus third-party data centers, with many firms now realizing that with better physical security and disaster recovery facilities, third-party data centers are generally more secure than their in-house equivalents.
Will the next ten years see a similar shift in perception towards the security of cloud computing? Maybe undoubtedly so. The major cloud providers already operate in data centers in unknown locations, leading to greater physical security. And the flexibility offered around multiple levels of security options, ranging from complex passwords to enterprise-level encryption, means that customers are not simply reliant on the broader security features of the cloud, they can also add on additional layers of security over which they have complete control.
With the right procedures in place, firms will no doubt come to realize over time that their concerns around cloud security are unfounded.
Access: One of the major operational barriers preventing financial organizations from adopting a cloud strategy remains in how to securely access and consume these services. More often than not there has only been one way for financial services firms to access cloud services, by connecting over the public Internet. Current models rely heavily on the Internet as the sole means of connecting to the cloud for compute, storage and software services, introducing risks around data security, performance and customer experience. There are of course tools and technologies that mitigate the risks of transiting via untrusted third-party networks but – as we were reminded by the Heartbleed vulnerability – these are not infallible. They also carry a non-trivial performance and efficiency cost.
The only way to be 100% confident that your data remains safe while in transit is to connect directly to your chosen cloud providers. However, there is no “one size fits all” cloud solution. Savvy customers therefore deploy a combination of public and private cloud (hosted or on-premises), and legacy infrastructure (“hybrid-cloud”). They also leverage multiple public cloud service providers (“multi-cloud”), choosing the right tool for the job on a case-by-case basis. Even the cloud providers themselves are increasingly building others’ cloud services into their architectures (“inter-cloud”), in order to cost-effectively deliver a reliable service globally.
Clearly, a simple and direct access method of connecting to cloud services, both public and private, is required if operational risk and the associated costs are to be kept at bay, allowing the true business benefits of cloud technology to flow through to buy-side firms. This is why an increasing number of financial services firms are accessing the cloud through multi-tenant data centers, which offer a range of flexible interconnection offerings to allow these hybrid-, multi-, and inter-cloud architectures to be built seamlessly and easily.
Realizing the Benefits of Cloud
With the cost of replacing legacy infrastructure often being prohibitive, hedge funds in particular may benefit from adopting cloud on an as-needed basis, despite their concerns around compliance, security and access. Adopting cloud can lower the cost of trading by reducing infrastructure spend and reducing costs outside of the bid/ask spread, as well as lowering overall portfolio compute costs by up to 50%, according to industry estimates.
As investors and regulators decide which IT workloads are suitable for migration to the cloud and they begin to see beyond hosted email servers and execution management systems to unlock the true scale cloud can provide, it is important that they understand how to cost-effectively and securely connect to their chosen cloud services.
To meet the challenges surrounding cloud adoption within the industry Equinix is working hard to enable our customers to directly access multiple cloud service providers inside our global data centers, providing faster, safer and smarter interconnection options to cloud service providers, bypassing the public internet and leveraging cross-connect and Ethernet technology to improve performance and security, while reducing costs. Essentially we assist customers in their design of cloud connectivity architectures, taking the risk of Internet connectivity out of the equation, so our customers can experience all the benefits offered by cloud technology within a secure and safe data center environment, near to where their business offices and end users are. In fact, over 800+ financial services firms are currently located inside Equinix data centers, directly interconnecting to 450+ cloud service providers, including leading players such as Amazon and Microsoft.
We believe cloud computing’s software-, platform- and infrastructure-as-a-service (SaaS, PaaS and IaaS) solutions can be used in a secure fashion if they are implemented correctly, as part of a balanced IT infrastructure model and with securely controlled connectivity and access. By utilizing these services on the cloud, buy-side firms can gain direct and secure access to the originating sources of market data, as well as SaaS risk management applications and IaaS compute power and storage technologies, all of which serve to increase performance and reduce costs, whether that is applied to overnight batch window Value at Risk (VAR) calculations, real-time pre-trade risk analytics, application development, or other processes.
In conclusion, cloud computing is a hugely promising paradigm for delivering computing utilities as services for the financial services industry. Just as personal computers and servers shook up the world of mainframes and mini-computers, or as smartphones and tablets revolutionized the mobile commerce industry, cloud computing is bringing similar far-reaching changes to the financial services industry. And with the right data center strategy in place, investment firms can break through any remaining barriers to adoption.