Why the Bank of England is leading the cloud when it comes to data security | bank of england
TThe Bank of England risks moving too slowly, experts say, who say it needs to get a handle on the financial sector’s plans to outsource customer data storage to a handful of unregulated US tech giants.
Last week, the central bank raised new concerns about the use of cloud services, where data is kept on remote servers managed by another company. He said that the fact that services are dominated by only a few companies – such as Google, Amazon and Microsoft – posed a potential threat to financial stability.
“Cloud service providers are increasingly becoming an integral part of the infrastructure of the financial system,” said Bank Governor Andrew Bailey. “And there are a lot of good reasons for that: it’s a model that works.
But the fact that a growing list of financial firms depend on just three tech companies to run their day-to-day services has increased the risk of multiple banks being affected by cybersecurity, hacking, and single-vendor outages risks. Their dominance also means they can dictate the prices and terms of their services, and potentially withhold key risk information from clients and regulators.
“We don’t want people to publish how this thing works in great detail so that hackers have a guide, so we have to balance that,” the governor explained. “But as regulators… we need to be more confident that they are achieving the levels of resilience that we need.”
The regulator is now trying to secure those assurances before having to deal with its own cloud-based data breach. “The big problem here is that technology is moving faster than regulators,” said Sarah Kocianski, head of research at fintech consultancy 11: FS.
Like most businesses, banks have been using cloud services for their day-to-day operations for years, such as email, administration, and human resources. Their use has since expanded to run chat bots and fraud detection programs that can automatically report irregular spending.
But the rapid digitization of banking, which has pushed more people into banking apps and services online and away from their local branches, has meant that big banks such as Lloyds, NatWest, HSBC and Barclays plan to move the data. basic client to cloud services. by the world’s biggest tech giants – if they haven’t already.
HSBC, which already had agreements with Google and Microsoft, announced last June that it has entered into a multi-year agreement with Amazon Web Services to help it run new services for its private and wealth banking businesses – a division that serves millions. customers worldwide – as part of its “digital transformation plan”. Meanwhile, Lloyds has launched a dedicated “Cloud Center of Excellence” tasked with ensuring the secure adoption of cloud services, provided by Microsoft and Google, across the organization.
These projects were accelerated by the pandemic, which pushed banks to deliver new services online much faster than expected. “The banks suddenly realized, ‘Oh, we don’t have five years to do it, we have five months’ and I think that necessarily prompted them to look for third parties who can help them along the way,” he said. said Kocianski. mentionned.
“Most banks are not able to build this kind of thing on their own. They don’t have the talent, they don’t have the time, they don’t have the expertise. And frankly, why would you make it if you could buy it? ”
Brexit also played a role, forcing banks to use the cloud to store EU customer information that they did not have the ability or security to keep properly in the UK due to strict rules in data privacy.
The Bank of England, which would talk to cloud providers monthly, said last week that it was working with the Financial Conduct Authority and the Treasury to try to address potential risks, but couldn’t go that far without international cooperation. since most of these cloud service providers were headquartered abroad.
This puts additional pressure on cross-border regulators such as the Financial Stability Board and the Bank for International Settlements to quickly set global standards.
But David Richards, CEO and co-founder of WANdisco, a company that transfers company information to cloud platforms, has warned that financial regulators could be left behind if they don’t act quickly enough.
“We have to regulate now,” he said. Trying to implement rules in five years, when the amount of cloud-based data was potentially 100 times larger, “will be too difficult.”
Amazon and Microsoft declined to comment. Google did not respond to requests for comment.