Abide Financial in the Cloud

Cloud computing has been at the forefront of technological developments for some time now, however the financial services industry has been hesitant in its adoption, until now.

Industry support for cloud computing

Cloud computing has now matured into the mainstream, as evidenced in the financial services sector by increasing rates of cloud implementation. We see growing numbers of organisations, across varying sectors, incorporating cloud infrastructure and services into their businesses, underlining the fact that the common concerns can be controlled, and the benefits of cloud computing realised.

Financial services regulators are working hard to help firms adopt cloud computing, while helping them improve their overall cyber-resilience and ensuring they remain compliant with their regulatory obligations. The FCA recently demonstrated their confidence in cloud computing by selecting a cloud based solution to deliver a new digital market data processing platform.

Since Abide Financial launched its first regulatory reporting service back in 2012, we have been a strong advocate of cloud computing, making use of a range of cloud computing services provided by Amazon Web Services (AWS).  As cloud computing moves from ‘next generation’ to ‘here to stay’ and more firms look to understand and harness the benefits of the cloud, we explain some of the benefits which led to our becoming an early adopter and address some of the concerns which are often cited.

Benefits

From the very outset, we have been impressed by the benefits which cloud computing offers to firms, regardless of their size, technical complexity and growth rate.  The growth rate consideration has been very important for Abide Financial given the expansion in the business since we launched.

Scalability

AWS cloud services flexibly scale to our usage requirements.  This means that we don’t suffer from drop-offs in performance during peak processing times, and we don’t need to buy expensive hardware infrastructure to keep pace with the demands of a growing business, or increasing numbers of regulatory report submissions by our clients.

Cost-effectiveness

Since we don’t use a traditional datacentre, we haven’t had to purchase expensive hardware up-front, using an estimation of how much computing power and disk-space we think we’ll need.  With a fully scalable cloud solution, we only pay for what we use, which means that we keep our overheads low, both for ourselves and for our clients.

Resilience

Business Continuity and Disaster Recovery is much more straightforward in the cloud, since AWS offers continuous, automated backups of data to geographically-diverse EU datacentres as standard functionality, as well as automated detection of issues, and automatic recovery of lost or corrupted data.

Innovation

As well as providing innovative solutions themselves, AWS tools also support Abide Financial as we innovate.  The ability to quickly build new environments, to test and deploy new software means we can bring continuous improvements to our clients.  High quality systems can be assured, since we can easily scale up our test data to multi-million row datasets.  We can say ‘yes’ to bespoke client requests more often, since we aren’t constrained by static hardware and mainframe systems.

Concerns

Some firms, whilst recognising the benefits of cloud computing, have concerns about moving their data and processes to the cloud.

Cyber security

High-profile security breaches raise concerns about data privacy and information security, especially for firms in financial markets.  We recognise that any datacentre, whether proprietary or cloud-hosted, is at risk of a security breach.  We also recognise that AWS security policies and infrastructure to prevent, detect and recover from any cyber security attack are generally more robust than might be the case at some proprietary datacentres.  AWS uses a variety of automated monitoring systems to provide a high level of service performance and availability. Firewalls and Access Control Lists restrict access to our data, whilst monitoring tools help detect unusual or unauthorised activities and provide significant protection against traditional network security issues such as Distributed Denial of Service (DDoS) Attacks, Man in the Middle (MITM) Attacks and IP Spoofing.

Cyber-resilience is also more than just an ‘IT issue’, which is why we supplement AWS security protocols with our own policies and procedures, to ensure that information and data security remain high-profile within the firm, in line with CPMI-IOSCO’s guidance on cyber resilience for financial market infrastructures.

Modern cloud-based solutions and regulatory requirements set high expectations from tech companies with regard to security. Data encryption enables the safety of deployed solutions. In terms of encryption, Abide Financial encrypts all data, both ‘in flight’ and ‘at rest’.  We maintain control of all aspects of encryption, choosing the specific cryptographic algorithm we use to encrypt the data, and using tools provided by AWS to define, and control access to, our encryption keys.

Data ownership and control

Our clients remain owners of their data, irrespective of where it is stored – they are the ‘Data Controllers’.  Abide Financial and AWS, who manage and process the data on behalf of the clients, are the ‘Data Processors’, a designation which confers no rights of ownership over the data.

Location of the data

Recent news items regarding the Safe Harbour agreement have led to increasing questions regarding the location of firms’ data, and an increasing requirement for EU firms, and their audit departments, to know exactly where cloud data is being stored and, therefore, which agencies have legal access to it.  At Abide Financial, we particularly chose AWS as our cloud partner because they offer multiple datacentres within the EU (in Dublin, Ireland and Frankfurt, Germany), and because their policy is that they will not replicate data outside the EU unless they have our express written permission to do so.

More Information

Regulatory support for cloud computing

• FCA's consultation on outsourcing to the cloud
• European Union's recommendations to increase cloud adoption in the financial sector
• Bank of England's CBEST initiative
• CPMI-IOSCO's Guidance on cyber resilience

Global standards 

The existing ISO 27000 series of information security standards is in the process of being supplemented by new standards specific to cloud computing:

• ISO/IEC 27017:2015 — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
• ISO/IEC 27018:2014 — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors