Presentation by Kemp Little to the Financial Services Club, 28th November 2013

1. Are Banks ready for
the Cloud?
Paul Hinton
PAUL.HINTON@KEMPLITTLE.COM
+44 (0)20 7710 1623

2. Prediction is very difficult, especially about the future…”
services
Mid ‘60s to early ‘80s:
IBM heyday
‘80s:
rise of the PC
‘90s to mid-00’s:
Wintel heyday
Mid ‘00s onwards:
Google heyday
Utility Computing
The rise of service based computing
Cloud Computing
SaaS
ASP adoption
internet
Outsourcing ITO
LPO, etc
2000s onwards: broadband
replaces dial up internet
1995: Netscape
IPO ; Bill Gates’
‘Internet tidal
wave’ memo
software
hardware
BPO
1969: the
software
industry is born
as IBM
unbundles
hardware &
software
1940s:
Adoption of
programmable
computer
1940s
1957: IBM
introduces
FORTRAN
programming
language
1950s
2001: .com bust
1981:
Microsoft
develops
MS-DOS
1970: UNIX
released
by AT&T
1964: IBM
introduces
System 360
computer family
1960s
2004: Google, salesforce.com IPOs;
‘web 2.0’ coined
1971: Intel 4004
– the first microprocessor
developed
1970s
1990:
1985:
Microsoft
open
1993:
launches
source
Linux
Windows 3.0
FSF set
up
1981: IBM
‘90s: rise of
launches PC
laptops
1980s
mid ‘00s
onwards: open
source (OSS) in
the mainstream
‘00s: rise of
PDAs
1984: Apple
Mac launched
1990s
2000s
2008:
Google Chrome, Microsoft
Windows ‘in the Cloud’
(Azure) launched
2007: IPO of
hypervisor
developer
VMware
‘anytime
anywhere’
devices
2010s
Smartphones
iPad, etc

3. Types of Cloud
Custom
Private Cloud
Private Cloud
Community
Private Cloud
User Z
Virtual
Private Cloud
Provider X
Managed
Company B
Company A
Company A
Company A
Company A
Company B
Open Public
Company A
Closed Private
Public
Cloud
Owner
Company
Provider
Provider
Provider
Operator
Company
Provider
Provider
Provider
Provider
Service Access
Closed
Closed
Closed
Limited group
Open
Level of Control
Full
High
High
Low
None
Security/Location
As selected by
Company
As selected by
Company
As selected by
Company
As described by
Provider
As described by
Provider
Legal Terms
_3
Company
Bespoke
Bespoke
Negotiable but clear
impact on price
changes
Limited outside of
standard agreed
terms
Standard terms only
– non-negotiable

4. Cost savings of Public v Private Cloud
_4

5. Company A
Custom
Private Cloud
_5
Managed
Private Cloud
Provider X
Provider X
Trading , Customer,
sensitive , regulated,
valuable time- critical data
Lower value,
unregulated,
not time
critical data
Company A
Virtual
Private Cloud
Community
Private Cloud
User Z
User Z
What are you using the cloud for?
Public Cloud

6. SYSC Rule 8 Material Outsourcing PRA/FCA Control
 (2) establish methods for assessing the standard of performance of the service provider;
 (3) supervise and adequately manage the risks associated with the outsourcing;
 (5) the firm must retain the expertise to supervise the outsourced functions and to manage the risks associated with
the outsourcing ,and must supervise those functions and manage those risks;
 (7) the firm must be able to terminate the arrangement for the outsourcing where necessary without detriment to the
continuity and quality of its provision of services to clients;
 (8) the service provider must co-operate with the relevant competent authority in connection with the outsourced
activities;
 (9) the firm, its auditors, the relevant competent authority must have effective access to data related to the
outsourced activities, as well as to the business premises of the service provider; and must be able to exercise those
rights of access;
 (10) the service provider must protect any confidential information relating to the firm and its clients;
 (11) the firm and the service provider must establish, implement and maintain a contingency plan for disaster
recovery and periodic testing of backup facilities where that is necessary having regard to the function, service or
activity that has been outsourced.
_6

7. Cloud Risks
 Potential loss of control –retain sufficient control over critical data and services
 Availability and access to Data – what if the internet is down? Normally a customer risk
 Data Security - Adequate security measures in place and can you monitor them?
 Data location
– Data Protection – tougher regulation 2015
– Keeping track of exact location of Data
– Customer consent?
 Global law, tax and regulation
 Auditing
– Both rights for customer and Regulator
– Distinction between effective access to data and premises?
 Exit - Can you and if so how quickly/safely to ensure certainty of service and data transfer
_7

8. FS Enabled Cloud: Cloud management standards
vApp
vCloud
Nimbus
_8
Open Cloud
Standards
Incubator
OVF

9. FS Enabled Cloud
 Increasing awareness and sophistication of banks in utilising
cloud
 Software tools to increase control over data and security of data
in cloud
 Cloud providers offering:
–Services
–higher levels of control: security, audit, geographic control and
availability designed to meet bank requirements
_9

10. Transitioning to the
Cloud
JIM ODELL
JIM.ODELL@KEMPLITTLE.COM
+44 (0)20 7710 1607

11. Mastering a hybrid IT environment
High performance companies are
adopting mixed cloud and traditional
IT systems much more quickly than
their lower performing competitors
Accenture survey “High Performance
IT Research November 2013”
_11

12. Transitioning to and from the cloud
Just another form of outsourcing?
Outsourcing procurement rule number one : Never outsource unresolved
problems
Cloud is just another outsourced managed service:
- In a private cloud or managed service,
- the infrastructure may be shared, and the resources can live anywhere, but
process and storage resources are dedicated to your needs.
- In a public cloud structure
- you don't really know where your services are, or who is managing it. You buy
access to resource or an application, normally on a pay as you use basis..
_12

13. Transitioning to and from the cloud
 Standards
- Make sure that you understand the data protection, ETSI, TOSCA and other
standards that you need to consider.
 Intellectual Property
- Cloud services also have unique third party IP, audit and data usage issues which
may well require re-evaluation of existing software agreements
_13

14. Transitioning to and from the cloud
Rule number two: Retain the ability to manage your supplier and your resources
Supplier Management Issues:
 Make sure your IT team have a strong grasp of the supplier and his support
organisation
 Ensure the users and their leadership enjoy the same service levels delivered by in
house applications or resources
 Ensure your supplier understands the security, data access and portability, IP, risk and
regulatory issues that are specific to you
14

15. Transitioning to and from the cloud
Rule number three: Review and manage your data before transitioning to
cloud
 Big Data –keep what’s needed, delete the rest
 Big Data Storage is low cost, but big data can mean big storage bills.
 Retain control over data in cloud to ensure not storing unnecessary things for
ever (Cost + DP compliance + risk!)
– Data Categories
- Some data can go in public cloud
- Some can only go into private cloud
- Some can never leave the building
_15

16. Transitioning to and from the cloud
Rule Number four: For good or bad, plan for exit:
Post negotiation, make sure that you have a detailed transition support plan.
Identify and address key risks around porting of services to your supplier
And
 Monitor your suppliers’ ability to meet clear exit arrangements should this be
needed and make sure that you exercise that plan on a regular basis.
Make sure that your IT and user departments (and their leadership) understand
the implications of change
_16

17. Mastering a hybrid IT environment
High performance companies are
adopting mixed cloud and traditional IT
systems much more quickly than their
lower performing competitors
Accenture survey “High Performance IT
Research November 2013”
_17