Building Resilience in the Cloud
In 2019, AFME published its first paper on the adoption of public cloud in capital markets. Since then, the adoption of cloud has continued to progress, along with focus from policymakers and regulators.
Though the use of cloud and Cloud Service Providers (CSPs) offers a significant uplift in resilience and security compared to banks' on-premise environments, the regulatory focus continues to expand from concerns over the security of CSP platforms to the implications for resilience.
This focus has been part of a broader regulatory narrative covering outsourcing/third-party risk management, concentration risk, and operational resilience over the last three years. However, banks continue to use a wide range of criteria to assess their cloud resilience needs and identify solutions to mitigate these risks.
This paper, developed with members of the AFME Cloud Computing Working Group (Members) and in collaboration with Protiviti, explores two main solutions that often emerge in discussions between regulators and policymakers for cloud resilience. These are the portability of data/applications/workloads amongst different CSPs and multi-cloud strategies.