In recent years, cloud computing has moved up the agenda of IT executives and C-level executives in South Africa as it serves as a key catalyst for digital transformation. Over time, hybrid cloud technology has become the computing infrastructure of choice for many businesses—particularly those in the financial services sector.
Companies across the continent are quickly beginning to recognize the strategic business benefits that cloud computing offers and are therefore moving more and more of their business applications to the cloud, according to a cross-section of business leaders and analysts.
Many industries are using the cloud, but some are investing more than others, notes Dobek Pater, director and analyst at Africa Analysis. Industries that must adhere to strict governance and compliance regulations to ensure sensitive information is not compromised tend to be more wary of the public cloud. This includes the heavily regulated financial services sector.
According to Pater, banks and other financial institutions are very cautious and risk-averse. They are rarely on the cutting edge of technology and tend to adopt new technologies incrementally.
The evolution of cloud use at on-premises financial institutions started with private cloud services, often customized to their specific needs, increasing efficiencies in a particular department, says Pater.
Private clouds drove initial cloud adoption
“This is where the first cloud growth took place. Services provided by the private cloud (or clouds) became more powerful and more and more companies (both large and small) started using them,” says Pater. And then the spotlight came on the public cloud, which offers cost savings and less friction because it’s operated by professional cloud service providers who manage, maintain, and secure cloud environments for many different customers, freeing users to focus on other things be able.
Currently, the trend among larger companies is hybrid — a combination of some services in a private cloud and other applications based in public clouds, says Pater.
In the case of financial services, customer data must not leave the jurisdiction in which the bank operates. “As a result, apps or processes that handle customer personal data often need to be hosted in the private cloud in the country of operation because that data could be stored in the public cloud anywhere in the world,” says Pater.
Legislation aside, Pater explains, one of the main reasons why applications considered mission-critical typically run on the private cloud, which uses a single-tenant architecture — meaning that computing infrastructure like servers and Storage devices are dedicated to a store.
Even today, many organizations are reluctant to invest fully in the public cloud that uses a multi-tenant architecture due to security and redundancy concerns. This makes hybrid even more attractive.
Digital transformation is driving cloud migration
Migration to the cloud is an inevitable digital transformation trend in all modern businesses, said Christine Wu, general manager of customer value management at Absa Retail and Business Bank, in a recent CIO Q&A. However, she clarified that while Absa has moved some things to AWS, the bank has no plans to deploy them 100% in the public cloud any time soon. It acknowledges that its journey to the cloud has evolved and shifted as regulations evolved and local cloud service provider options expanded, and claims that the bank still hosts some of its core computing on-premises .
Helen Constantinides, CIO of the AVBOB Group, takes a similar view. AVBOB, a mutual insurance company, deals with a lot of financial information, and while they use the public cloud for some of their applications, you can’t just put core insurance and financial products on the cloud, she says.
“I think there is a lot of cloud hype. But you have to ask exactly which people are migrating to the cloud,” says Constantinides. “Moving a small application to the cloud is a relatively easy decision, but moving and integrating your core business applications is more complicated. I don’t think any of the most important core applications in financial institutions, insurance companies or banks reside in the cloud.” Some companies may be taking front-end services and applications to the cloud or using Office 365, she notes. “But have they moved their entire data center to the cloud? Absolutely not.”
According to Constantinides, the big banks, financial institutions and insurance companies all have many huge data centers across the country. “To take all of this and bring it to the cloud is just not feasible because you would have to modernize and adapt all of these applications to be cloud-ready.”
Legacy systems work locally
Executives need to recognize that not all clouds are right for all of their needs, and some of the legacy systems and applications work better on their existing on-premises infrastructure, Constantinides explains. There is a growing need for flexibility and reliable security, hence the shift to hybrid and multi-cloud strategies over the past year.
“A hybrid strategy represents the best way to engage with a rapidly changing infrastructure landscape as it is possible [companies] to better manage legacy and data-intensive processes while integrating new cloud-born applications,” says Constantinides.
Sanlam Indie, the digital brand of insurance company Sanlam, uses the cloud for everything without compromising on governance or compliance requirements. According to Giulio di Giannatale, head of technology at Sanlam Indie, the brand uses the public cloud because it allows them to keep their team small even as the company grows. “We don’t need to be experts in networking, hardware, storage, and virtualization solutions before we start deploying workloads. We’d rather spend our time improving our own platform than building infrastructure,” he says.
The definition of the infrastructure avoids vendor dependency
The company currently hosts exclusively on AWS, but has ensured that the infrastructure is defined in code—using Terraform and AWS CloudFormation software infrastructure tools—so it’s consistent, repeatable, and ready to be deployed like an application. It also means they can host in multiple clouds in the future and avoid vendor lock-in.
“We run our entire platform in the cloud (our web stack, code repo, deployment tools); We use a cloud-hosted productivity suite (Google Workspaces and Slack) and our agile tools (Miro, Asana) are cloud-based,” says di Giannatale. “We’re even transitioning to a cloud-based product (JamF) to provide endpoints for our employees when they need new laptops. And even products that are considered non-cloud based, that is, all applications that we are not allowed to use the cloud version of due to Sanlam’s policy, such as our antivirus solution and DLP [data loss prevention] Tool, are still hosted on EC2 instances within AWS.”
While Sanlam Indie isolates some services for security reasons, to give them the ability to limit the blast radius if anything is compromised, di Giannatale believes cloud providers like AWS are hiring teams of security-related staff who are experts in what they do Do regulations and comply with governance standards.
“Personally, I think the sheer size of the top three cloud providers allows them to be more experienced and better equipped to deal with security or privacy-related events than the size my own company can afford,” says di Natale.
The industry’s hesitation about the cloud has two reasons, he says – trust and ego. “You must trust someone else’s architecture, hardware, staff and commitment to serve you with integrity and at the same level as you would serve yourself.”