Breakdown at cloud providers: what options do banks have left?

The phrase “too big to fail” used to apply only to banks and financial institutions. Now, regulators around the world are expressing concern about another type of business that is causing systemic risks to the international financial system. As more and more banks migrate their mission-critical processes to the cloud, relying on a very small number of ubiquitous cloud service providers in the market poses risks to operational resilience.

Regulators are preparing to take steps to ensure that these risks are mitigated and that banks are able to operate “stressed exits” by quickly separating from their cloud provider if necessary. In order to prepare for inevitable tests of their ability to handle these breaks and possible real cloud outages, it is essential that banks turn to hybrid, connected and multi-cloud platforms.

The question is not “if”, but “when”.

Cloud service providers pride themselves on their very high uptime rates and, fortunately, large-scale outages are rare. Nevertheless, they do happen. In October 2021, a Facebook configuration error prevented some 3.5 billion users from accessing all services that depend on Facebook for more than 5 hours.

What was only a minor setback for users has had potentially devastating consequences for the thousands of businesses that rely on Facebook’s services to maintain their presence in the digital world. The outage caused a loss of value of around $6 billion for Facebook. Earlier that year, similar service shutdowns involving cloud platforms rendered large swaths of the internet inaccessible. As unpleasant as these outages may have been, it is frightening to imagine the impact they would have had had one or more banks suddenly had access to all of their critical systems cut off for one or more several hours or even a whole day.

Concentration of risk

Only a handful of cloud providers have the size and sophistication to support today’s banks’ needs for critical data processing and computing power. However, reliance on a single global cloud provider could create systemic risk that challenges regulators.

If one of these giants of the sector were to experience a service interruption, it could instantly freeze the activity of a large number of banks. To address this problem, regulators are working to model and test the speed at which banks would be able to migrate their data and processes from one cloud to another under a “forced exit scenario”. .

In other words, they want to know how banks will react if their primary cloud provider suddenly becomes inaccessible, like Facebook.

Resilient clouds

Multi-cloud provides a partial answer to this problem. No migration should be to a single cloud – however, multi-cloud strategies alone do not solve the problem of operational resiliency. Keeping individual systems running within different clouds does not provide the necessary redundancy.

Business Continuity Plans (BCPs) should also include the ability to migrate data quickly and securely from cloud to cloud.

Retaining capacity on-premises or in a private cloud by using a hybrid cloud solution also helps mitigate some of these risks, but only if a vendor’s cloud-based work can be brought back quickly.

Furthermore, if these hybrid platforms depend on a single cloud provider, they can still be impacted by downtime. In the case of Facebook, the company’s servers themselves were also taken offline by the technical failure (the engineers couldn’t even enter the building where these were located, because the authentication servers controlling the physical access to facilities were also down).

Banks must therefore invest in both approaches simultaneously. Hybrid, connected, multi-cloud data platforms provide a solution to maintain operational resilience in the event of potential outages by cloud service providers.

In order to pass the inevitable stress exits tests put in place by regulators and to prepare for possible service interruptions, banks must therefore demonstrate that their cloud infrastructure is not based on a single point of failure.

However, connecting multiple clouds together and providing a hybrid solution is only the first step. In order to successfully manage its forced exit from a cloud, one must be able to quickly and securely migrate large volumes of data and get operations back on a new infrastructure as quickly as possible.

It is therefore essential that banks turn to platforms that offer these capabilities and are compatible with multiple clouds. After all, as the Facebook outage demonstrated, even the largest cloud providers aren’t too big to fail.

About the author


Leave a Comment