Hybrid Cloud Application Delivery in Financial Services - Photo by Kelly Sikkema on UnsplashChanging customer needs and preferences are driving the evolution of a new financial services industry. Established incumbents are competing head-to-head with digital-native competitors to deliver differentiated digital experiences. Speed, agility, and quality of service delivery are key measures of success. To support rapid innovation and digital transformation, financial services organisations are turning to public cloud, private cloud, and hybrid cloud environments. It is a move that can bring both powerful benefits and considerable challenges.

A recent survey by A10 Networks and Gatepoint Research explored this trend in depth. It asked senior decision-makers at leading financial institutions about their current plans, concerns, and priorities for their hybrid cloud and public cloud environments. Participants offered their views on topics from cloud form factors, to regulatory compliance and governance, to securing web applications against threats including ransomware, data theft, and DDoS attacks. The results show that decision-makers are seeking to balance the agility and scalability of the cloud with requirements for cybersecurity, compliance, and operational consistency.

Making the Switch to—and from—Hybrid Cloud and Multi-Cloud

Under half of the respondents reported hosting applications primarily in the cloud. However, the financial services industry has not abandoned its legacy roots just yet. The majority of survey participants still rely primarily on their private on-premises data centre for application delivery. Yet just over a third also described their environment as a hybrid cloud. It is a model in which public cloud services complement private cloud resources—as distinct from a multi-cloud strategy, in which organisations use multiple cloud services within the same enterprise architecture, with or without integration to on-premises resources.

There is a willingness from financial services IT leaders to pick the right environment for their applications. 5% of respondents plan to repatriate applications from private cloud environments to their on-premises data centre. It indicates that not every financial application may be suited for certain clouds. While some verticals show a full-speed-ahead attitude toward the cloud, financial services organisations are paying close attention to form factors, architectures, and deployment methods to make sure their cloud strategy truly fits their business needs.

Ransomware, Data Theft, and DDoS Attacks Raise Security Concerns

Storing and processing vast amounts of sensitive personal and financial data, financial services firms are a rich target for cybercriminals. Top concerns cited in the survey included ransomware, the theft of personally identifiable information (PII), and phishing or fake sites. The impact of such incidents on a company’s reputation can be severe—especially in an industry built on trust. Indeed, more than a third of respondents expressed worries about the kind of incidents that can erode a company’s public image. It includes hacking, cyber defacement, and brand damage or loss of confidence. DDoS attacks, which can degrade service and customer experience, represent a significant risk as well in the highly competitive financial services space.

Public cloud, private cloud, hybrid cloud, and multi-cloud are reshaping IT architectures. They are also eroding the effectiveness of traditional network cybersecurity strategies. It means financial services IT leaders are taking new approaches to protection. More than two-fifths of respondents had already established a timeline to introduce a Zero Trust cybersecurity model. It extends access controls throughout the environment rather than being limited to a hardened network perimeter. Users both inside and outside the organisation must be authenticated and authorised before connection.

Technical countermeasures are proceeding as well. As cybercrime groups continue to target financial firms with DDoS attacks, nearly a third of respondents plan to deploy or replace an existing web application firewall or DDoS protection solution. But progress is not always swift. 29% of organisations are working on upgrading their TLS capabilities to support modern PFS/ECC encryption standards to meet consumer and organisational expectations around privacy and security while meeting the performance impact of the more advanced standards.

Investing in Hybrid Cloud Cyber Security and Management

As financial IT decision-makers set their budget priorities, cybersecurity comes first—by a large margin. Nearly three-quarters of respondents said that security was the most likely driver for new technology investments. Nearly two-thirds of participants named operational improvements and cost savings. Additionally, regulatory compliance rated nearly as high.

Perhaps surprisingly, innovations keyed to business considerations received much less emphasis than operational benefits. Roughly one-third of respondents named such factors as revenue generation, customer satisfaction, and business advantage from new technology. Even fewer were motivated by the ability to accelerate development speed.

The changing perimeter has spurred interest in Zero Trust security. Equally, the rise of public cloud, private cloud, and hybrid cloud has brought a new focus on polynimbus management for unified cross-cloud and on-premises control. Asked about the most important capabilities for financial platforms running in hybrid cloud environments, top responses included regulatory compliance, redundancy and disaster recovery, comprehensive application security, and centralised management and analytics.

To learn more about the shifting technology landscape of today’s financial services industry, read the latest ebook, Hybrid Cloud Application Delivery in Financial Services.

A10 LogoA10 Networks (NYSE: ATEN) provides Reliable Security Always™, with a range of high-performance application networking solutions that help organisations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers globally with offices worldwide.


Please enter your comment!
Please enter your name here