Banks and insurance companies are going through a lot of changes. Read on to see my thinking on how to facilitate that change if you are working in financial services.
There are two major pathways to innovation in financial services, and they are not exclusive.
One is by employing cloud infrastructure (either public or private), so that the speed of software development can increase. The other is by using, incorporating, integrating, or even buying FinTech companies. More often than not, these FinTech companies have all the characteristics of SaaS providers.
Both pathways involve external IT providers. And as the financial services sector is heavily regulated, proper risk management is not an option but mandatory. This impacts both of these innovation pathways. Governance and risk assessment is therefore on the critical path of innovation. By the way, banks cannot avoid taking risks.
Research tells us that the average company has hundreds, if not thousands, of cloud applications. Let’s have a look at how that impacts the risk assessment volume.
Suppose, just for the sake of argument, that there are 730 cloud applications in the company. Imagine that you have to review each of these every 2 years. That means that you have to review one cloud application every single calendar day of the year. And what is more, you want a lot of people to review each of them: legal, procurement, IT, audit, compliance, and so on. That is significant work.
How are you going to do that? And do all cloud contracts need the same level of scrutiny? And who is going to decide on that?
You need an effective and efficient process to review cloud usage. But there is no single process that works for all projects across all companies. One project works on sensitive data. Another project does not. One project understands security very well. Another less so. One organisation has a culture of central policies, another hasn’t. It all impacts how the adoption process is best done.
I believe that any process improvement needs to be driven by the people who are running that process. They probably need some assistance, and they definitely need an understanding of what is changing.
When it comes to cloud adoption, I find that there are a number of specific skills that are required of almost every person in the cloud adoption and evaluation process. These include: figuring out what exactly is the (cloud)service, how it depends on other services, who is responsible for which part of which service, articulating cloud business cases, and a few more things.
When a team has these skills, they will be in a much better position to understand what the contribution of each team member is. And that will lead to swifter and more efficient secure cloud adoption. In the end, that drives innovation.
By Peter HJ van Eijk
