Last week Royal Bank of Scotland was fined £56m by the Financial Conduct Authority for its 2012 software challenges that deprived millions of customers of banking services[1].  In a quote, FCA director Tracey McDermott said[2]: “The problems arose due to failures at many levels within the RBS Group to identify and manage the risks which can flow from disruptive IT incidents and the result was that RBS customers were left exposed to these risks”. What lessons might we draw from this for cloud computing? Within banking many of the core legacy systems are old mainframe applications developed decades ago. As the architecture of financial services IT changed, so these systems remained but the detailed skills and knowledge to manage and upgrade them was often lost. Today many companies are contemplating another change in the fundamental architecture of IT in their move to the cloud. Within this debate there is wide discussion about moving innovative new services to the cloud, but keep core services on-premises on existing hardware. This hybrid-cloud model has huge appeal since it capitalise on the benefits of cloud but apparently limits the exposure to risk for those core applications of business (for example where customer data is exposed). The challenges faced in financial services provide a stark warning for this strategy though. Quickly the on-premises services can become legacy, lacking the innovation and appeal of innovative cloud-based services. How are companies going to keep the skills and innovation then to manage this core long term – expensive skills now only targeted at a limited set of applications? How are they going to keep transitioning those applications and keeping them current? How will they attract new staff to manage this core resource? Facing this risk will require an analysis of the cloud-hybrid decision which divorces the simplistic “Its safer to keep this bit on premises because it has customer data” to consider hybrid cloud as a long term architectural decision involving reorganising core IT capabilities. Or more succinctly – “be careful you don’t throw out the IT baby with the cloud-bathwater”! [1] [2]

Written by Dr Will Venters