A number of years ago, I had the opportunity to lead IT and Deposit Operations at a community financial institution. Software-as-a-Service (SaaS) had become the preferred delivery model for many applications, and cloud adoption was gaining steam. We were comfortable hosting our website with a third-party provider. However, putting accountholder data in the cloud was another story. Faced with aging infrastructure, I did my due diligence by looking at full and partial hosting solutions. Ultimately, we chose to refresh our in-house server infrastructure. However, I remember telling the Board that you could see where the world was going, and the next time we needed to replace our servers, we would take a hard look at moving to the cloud.
Fast forward and now nearly every week I hear institutions talk about their cloud transformation strategy. What has changed and what has brought us to the point that cloud adoption has moved to the forefront of many executive and board discussions?
1. Cloud Ecosystem Maturity
Traditionally, organizations have developed a business strategy and then determined solutions to help achieve specific outcomes associated with business objectives. For example, consumers have been moving away from brick-and-mortar channels for years with a preference for being able to bank from anywhere at any time. To address this business challenge, you may have implemented a digital banking platform. Your digital banking platform functions as the technology solution expected to enable you to reach your desired business objective (serve accountholders where they want to be served). Other pieces of the puzzle, which we will refer to as the “ecosystem,” need to be in place to attain the full value of the solution. The ecosystem includes cost-effective bandwidth, IT infrastructure, routers, switches, and ubiquitous internet-enabled devices.
Similarly, low-cost bandwidth and storage, coupled with the continued increase in computing power (see Moore’s Law) offered by leveraging large computing environments, has enabled cloud adoption to come into its own. Cloud computing has been around since the 1960s when time-sharing was common. Even then, you could see where we were headed.
2. Resilience
As the need to serve clients 24/7/365 has become commonplace, many organizations realize that a traditional in-house model will no longer suffice. The FFIEC captured this new norm in describing Return Time Objectives (RTOs) when they updated the Information Technology Handbook on Business Continuity Management in November 2019. RTO refers to how long it takes to get a system back up and running after experiencing a disruption in service.
Whether driven by customer expectations or technological advancement, previously established RTOs that were a few hours in duration may now require near real-time recovery. Therefore, it may be appropriate for management to reevaluate currently acceptable RTOs.[1]
Moreover, a growing number of examiners have been using this as justification that what was good enough a few years ago may not be good enough today.
3. Security
The rate of cyberattacks continues to accelerate. According to the Cyberthreat Predictions for 2023 – An Annual Perspective by FortiGuard Labs, the number of new ransomware variants FortiGuard Labs identified increased by nearly 100% last year. Furthermore, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) reported that in 2021 organizations paid out more in a single year than they had the previous decade, with the majority associated with Russian threat actors.
As the threat landscape has evolved, institutions increasingly realize that they must also evolve their strategy for mitigating cyber risks. One way many organizations have improved their cybersecurity posture is by taking advantage of improved security offered through cloud platforms. Moving to a private cloud environment enables institutions to keep pace with technological advancements, better manage compliance and costs, improve their cybersecurity posture, and strengthen disaster recovery models.
4. Data and Analytics
Although protecting accountholder data has been an area of concern for years, the increased focus on using data and analytics to drive business decisions has illuminated the need for an effective data strategy. This includes both a scalability perspective as well as an understanding of how data flows throughout the organization. Cloud platforms are well-designed to handle the heavy computing loads needed to perform advanced analytics. Additionally, cloud solutions provide significantly more flexibility to scale up and down than traditional in-house environments.
In the past few years we have seen auditors and examiners place greater emphasis on data integration. Understanding where your data resides can help you develop an effective strategy for mitigating risks associated with your data. Taking a system-level instead of an application-level view enables you to design an optimal architecture.
5. Get Off the IT Hamster Wheel
With Microsoft Windows Server 2012/R2 scheduled to reach the end of life in October 2023, many clients have been working through upgrading their servers to ensure that their systems continue to receive patches and security updates. Given the need to upgrade, a growing number of institutions have chosen to migrate their servers to Jack Henry’s private cloud. This helps them step off the “IT hamster wheel” of having to upgrade their server operating system and underlying hardware every few years.
When you consider the prevalence of sophisticated threats, limited resources, and increasingly complex environments, many institutions have come to the realization that the old way of doing things is no longer good enough. This has become even more evident as supply chain dependencies have become commonplace.
As you’re navigating your cloud adoption journey, feel free to reach out to the experts at Jack Henry™ to gain valuable feedback. We’re happy to share best practices and potential pitfalls to avoid based on helping hundreds of clients move to Jack Henry’s private cloud environment.
Learn more about reducing risk and fraud at Jack Henry.
[1] FFIEC Information Technology Examination Handbook: Business Continuity Management, November 2019
.svg)
