Most banks and insurance companies have been slow to exploit the potential of cloud technology, overestimating the risks and failing to recognise the opportunities. In this article we look at how visionary companies are seizing the potential to develop a cloud strategy encompassing new trends in multi-cloud approaches, containerisation, serverless computing, and cloud security.
From hybrid cloud to multi-cloud management
In pursuit of their digital transformation strategy, companies are increasingly turning to hybrid cloud solutions, such as a mix of private cloud, public cloud, and on-premises solutions.
Since it’s no longer possible to source all cloud services from a single provider and prevent vendor lock-in, multi-cloud solutions are getting more and more popular. The benefits are that you have separate cloud service providers for your different infrastructure (IaaS), platform (PaaS), and software (SaaS) needs. A multi-cloud solution also helps maximise the capabilities of each cloud and reduce the costs as much as possible.
The challenges of a multi-cloud setup are the increasing complexity of processes like security, governance, and compliance. There is, however, a solution in the form of cloud management platforms like Anthos from Google, which supports Google Cloud Platform (GCP), Amazon Web Services (AWS), Microsoft Azure, and on-premises solutions. Anthos is based on interfaces and Google Kubernetes Engine (GKE). The chances are high that other providers like AWS will come up with similar solutions.
One of the biggest challenges is the process of migrating from hybrid cloud to multi-cloud. Anthos Migrate is designed to automatically migrate virtual machines from local or cloud environments to containers on GKE.
The goal of a modern IT infrastructure is to ensure maximum flexibility, security, and availability at the lowest cost. The roadmap to reach this target starts with an appropriate multi-cloud strategy. The components of this strategy may include containerisation, serverless computing, and cloud security.
Containerisation
Containerisation describes the process of bundling an application together with its related configuration files and dependencies so that the application can run efficiently across different computing environments. Containerisation enhances modern micro-service and distributed architectures because containers can operate autonomously and only need interfaces to communicate. It’s a key driver when it comes to enabling multi-cloud management by using orchestration platforms like Kubernetes.
While containerisation has been around for many years, it is developing and changing. The major trends for 2020 are the evolution of the Continuous Integration and Continuous Delivery (CI/CD) process to use an even more integrative approach with containerisation. This will increase the reliability of using cross-platform orchestration tools to support platform-agnostic clustering, while reducing the potential lock-in of cloud providers.
Amazon Web Services (AWS) has just released Fargate, a new service that allows resource allocation for container services dynamically, and offers the management of clusters as a service to reduce complexity and increase scalability.
Serverless computing
Since 2014, when it was introduced by Amazon Web Services (AWS) with their Lambda service, serverless computing has become an integral part of cloud computing. It’s referred to as the next iteration of cloud computing, with Gartner predicting that more than 20% of all global enterprises will adopt serverless cloud computing technologies in 2020.
The serverless paradigm allows developers to focus on their core competencies by abstracting the management and operation of server infrastructure while at the same time scaling rapidly, reducing costs, and increasing resilience.
As serverless is still a young cloud technology, a particular focus of trends in this area is increasing the degree of standardisation between different services and making them available for hybrid clouds. Additionally, leading public cloud providers will focus on improving testability and monitoring of serverless applications.
Companies will inevitably need to add serverless computing technology to their business applications mix. Currently most commonly used for tasks like periodic data processing, the use cases can easily be extended for more critical applications, especially in fields such as IoT, media, and entertainment applications.
Cloud security
Since the introduction of the first cloud services to the market in 2006, a vast number of companies from almost every industry have started to host and deploy critical workloads in the clouds of public providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
This increased adoption comes with growing cyber security risks: The absence of a physical network boundary to the internet, the risk of accidental exposure by users with limited security expertise, decentralised visibility, and the dynamic nature of the cloud all increase a company’s attack surface significantly.
Depending on the cloud services used by a customer, the responsibility entailed in addressing these risks varies significantly. Some of the most prevalent security risks that companies are currently facing when using the public cloud include account compromise, insecure configuration of cloud services, unfettered access to cloud resources leading to cryptojacking attacks, and insufficient vulnerability management.
To address these risks and threats accordingly, you have to assign clear responsibilities for the different aspects of cloud security. Under the “shared responsibility” model of cloud security, cloud service providers are responsible for the security of the cloud (i.e. protecting the infrastructure that runs all the services offered in the cloud), while the cloud customer is responsible for security in the cloud.
Wrap-up
Modern cloud solutions are a great opportunity to reduce costs and increase stability, scalability, and security. This means it’s crucial for financial institutions to make conscious and smart decisions to adopt a future-oriented cloud strategy. To do so, they have to be aware of and respond to a number of key changes that are set to emerge in the cloud this year: Trends such as containerisation, multi-cloud approaches, and serverless architectures.
If financial institutions are looking to capitalise on the opportunities offered by the cloud, a good place to start is a cloud maturity check (as-is analysis) as a basis for developing their own cloud strategy and building a cloud roadmap.