What Drives Banks to the Cloud, What Discourages Them and What are The Solutions

Since the COVID Pandemic, banks have accelerated their migration to the public cloud – this even includes their core banking business. However, this approach is still being restricted by significant problems including security, compliance, and concentration risks.

In our first article “What Drives Banks to Cloud Adoption and Where Are We Now – Overview”, we set the stage, introducing the topic of cloud adoption in the financial world and summarize the main drivers for change. In this article, we want to shed light on these factors before we look at the restricting issues.

BCG highlighted in their 2020’s global risk report that a continuous decline in profit margins since 2014 has been fueling the migration to the cloud. However, although costs are a major driver of change, they are by far not the dominating driver anymore.

What are the key drivers for cloud adoption?

Reducing costs

In a report by the Economist Intelligence Unit (EIU) from Temenos, 43% of global bank respondents cited that cost was their main driver for cloud adoption. Given the evident advantages of the dynamically adaptable pay-per-use concept and the short time to market, this was a low risk move.

Although using the cloud for business purposes necessitates spending money on developing capabilities and moving apps, it is ultimately more effective in the long-term.

Improving customer service

21% of EIU’s respondents stated that improving customer service was their reason for moving to the cloud. The cloud allows banks to leave the golden cage of their own walls. Moving to the cloud means opening up to third party services and to dynamically mesh them into customer oriented modern solutions.

The two scientists Stepahn Liozu and Wolfgang Ulaga worked out in their research how beneficial it becomes to companies to embrace existing services instead of spending precious time and budget in new developments.

Embracing Artificial Intelligence

In addition, the EIU report highlights that 34% of respondents want to adopt AI. Big or wide data benefit from big data pools. Banks can learn in real-time with the market thanks to the availability of big data pools of high quality as well the required machine learning tools. Cloud providers, like Google, provide or integrate the required data and tools on their platform and pave a safe way for banks to harness market intelligence.

Improving business agility and scalability

40% of the banks are driven by the search for business agility and scalability. The Pandemic made a strong case for this agility. Within weeks, even the employees from incumbent banks found themselves working from home, covering multitudes of government assistance applications in a short time. Applications had to be meshed up quickly, access to be given to staff remotely, and the infrastructure had to be able to scale up.

In 2022, the drive for business agility has continued and in many instances, has even accelerated due to market volatility, driven by the invasion of Ukraine, inflation, increasing interest rates, disrupted supply chains and reduced liquidity of crisis-ridden industries.

Obstacles to Cloud Adoption and their Solutions

Current cloud conversion rates of banks are still in the low single digits. An Accenture Survey reported that 7/10 banks have moved the bigger parts of their enterprise software to the cloud, including CRM, HR or office software. Outsourcing this to popular off-the-shelf services is easy. However core banking applications are subject to strict regulation and may encounter regulatory hurdles.
These core banking operations include payment applications, capital markets and banking applications.

Security, Regulation and Audits

Banks cannot outsource responsibility. However, they are liable for compliance within this heavily regulated banking industry. In the past, Cloud Service Providers (CSPs) lacked credibility to motivate banks to move over to them with their core business applications.
However Cloud providers have become more transparent and document this through certifications. Banks can now be sure that data is not leaving a specific area of jurisdiction.

Data security has made continuous progress with CSPs, ramping up their defense mechanisms in response to orchestrated attacks powered from the dark web or driven by governments. Physically, the CSP’s data center and infrastructure provide a high level of physical and procedural security as well as a 24/7 surveillance which would be difficult to provide for smaller banks or banking units.

However, they need to remain in control of their data and of data privacy. Establishing what Gartner calls a Cloud Center of Excellence – implementing central cloud governance empowers banks to delegate data processing whilst remaining in control of security and privacy. Features like “Bring Your Own key” and central audit and analytics features are prerequisites for financial institutions to utilize the cloud and stay compliant with regulations.


Cloud service providers have become more professional and specialized. Banks had to learn this the hard way, as mono-partnership relationships with one CSP are insufficient to meet the diverse requirements of the finance industry.

Today’s CSP market is more varied, with providers like Microsoft offering core banking applications like Mortgages, Commercial Loans, KYC in their Dynamics Suite or Diebold Nixdorf offering specific ATM services. Such a diversified hybrid cloud arrangement builds on versatile central cloud governance.

Concentration risks

In recent years, reliance on one of the big 3 cloud service providers caused a problem of concentration. If any one of the three providers – Amazon (34%), Microsoft Azure (22%) and the Google Cloud Platform (9.5%), had performance issues, whether accidentally or caused by an attack, the global finance system might come under intense pressure.

On the one hand the current multi-cloud trend reduces this risk. However, Amazon and Microsoft are still in a dominant position when it comes to straightforward or standardized data processing activities. Using a special CSP also entitles the user to benefit from the provider’s unique selling proposition like Microsoft’s Office 365.

In emergency cases, it needs to be possible to rapidly port data from one CSP to another. Two major prerequisites for this are the Bring Your Own Key approach, to make sure that the bank is really in control of their own data, and second, crypto-agility. If a bank deploys greenfield applications in one of the clouds, it needs to be able to rapidly port them over to an alternative CSP and to easily adapt the cybersecurity configuration. Central cloud governance is again a key feature of a successful mitigation of concentration risks.

Good Enough

A major roadblock in the banks’ self-disruption is old, fully amortized legacy software. Technically speaking, infrastructure does not cost anything. In an inert market, this might even work, ignoring a plethora of different systems and databases accumulated throughout years of mergers and structural change. However, as Alan McIntyre puts it, in the post-2020 period with an unseen speed of change and new market entrants operating more like a software as a service company than as a bank, legacy infrastructure is unable to cope with the new requirements.

MYHSM – the all-in-one security provider to pave the way for successful cloud migrations of financial institutions

Banks need to keep many dimensions in mind when implementing their multicloud strategy.
They need to interweave services from various CSPs in order to create scalable, AI-powered modern customer solutions. They need to be agile, and keep costs under control.
The challenge is the strict regulation of the banking market.

MYHSM is a flagship in securing banking services in a compliant and agile way. Banks are not bound to any CSP. Changing from one provider to the other, or generating hybrid-cloud solutions is not a problem. With MYHSM security and compliance are managed centrally. Performance across the heterogeneous cloud architecture is traceable – audit documents are generated centrally in a convenient and automated manner.


Blog post by Dawn Turner and Dr. Ulrich Scholten

Share this entry: