!css

The promise of the cloud and API and the security obstacles that stand in its way

04/10/2018

Although it has been well proven that cloud and application programming interfaces (API) can create cost effective, scaleable and innovative platforms, data security and operational transparency remain major hurdles to widespread adoption in the financial services community. To move forward, institutions must not only embrace a cloud focused culture from a technical perspective but also on an organisational and management level.

As Marc Samama, Digital Officer, Société Générale Securities Services, notes, there are large expectations related to the creation of API standards in the banking industry. “Therefore, the question of a common platform remains quite open, from a commercial or a technical point of view,” he adds. “Beyond the Open Banking principles, the answer should be the easy access to value-added services, and cloud technology is mainly a technical background for that purpose.”

Samama also believes that “some actors have been lulled by a false impression that security and privacy implied processing everything internally.  They will have to fight a cultural bias when moving towards externally hosted infrastructure, applications or processes (i.e. the public cloud). But paradoxically, their security may well be improved when it relies more on the security capacity of more expert providers.” In order to deliver the most benefits, cloud environments need open, service-based architectures, according to Samama.

“Developers must integrate new technical expertise in their daily practices,” he adds. “Hence investing in human capital and change management is essential for a sustainable cloud-first approach.”

Samana believes that a shared infrastructure, consistent APIs and on-demand scaling could help facilitate and accelerate global acceptance across the financial services spectrum. In addition, he notes that cloud service providers increasingly provide high level open API to run cognitive tasks such as image recognition, translation, or text analysis as well as to develop machine learning models. Both large and smaller participants of the financial ecosystem can leverage the technology without a significant upfront investment to automate their processes or improve predictions.

At Societe Generale, the ambition is to run 80% of its infrastructure on internal and external clouds by 2020. “We have set the benchmark for large EU financial firms as we started moving internal core services to the public cloud,” says Samama.  He adds that this involves  a multidisciplinary team of risk, security, legal and compliance experts to  draft and negotiate proper contractual terms as well as to  ensure  the appropriate localisation of data and its processing, testing security features, be in capacity to audit the provider and receive regular and receive transparent reporting. 

 “One of the biggest benefits of public and private cloud we experience daily is the speed at which project teams, can bring to life complete technical environments,” he says. “This is a tremendous asset when experimenting and innovating, especially when it involves pairs, or clients. And when the experiment is successful and becomes industrialised, on-demand scaling allows rapid and massive adoption.”

While Microsoft Google and Amazon are often mentioned as the industry standard bearers Samama thinks that the financial services universe can take a leaf from their prodigious books. It is critical though, for economic and resilience reasons, that a balanced competition be maintained.” The question is not only related to the size of the infrastructure, but more to the mastering of its management, as a strategic pillar of an economy,” he adds. “Also, large providers will need to stay tuned to the needs of financial community members, notably obeying all their legal and regulatory obligations.”

The task will be easier as open API facilitate secure access to data and processes by third parties which will allow certain financial services providers to aggregate seamlessly services of fintech and other partners in their own offer, according to Samama. “Consequently, their clients will increasingly benefit from larger, integrated ecosystems, by leveraging external innovation,” he adds. The future also holds the continued development of quantum computing. “This is likely to radically change the way we secure information, and may vastly accelerate artificial intelligence applications,” says Samama.

“However, scaling the early experiments, and building a general purpose quantum computer is still a medium to long term prospect with costly and uncertain results. As such, it is best deployed on a time-sharing base for most users.”