South African financial services embrace hybrid cloud

In recent years, cloud computing has moved up the agenda for IT leaders and C-level executives in South Africa because it serves as a major catalyst for digital transformation. Along the way, hybrid cloud technology has become the preferred computing infrastructure for many companies — particularly those in the financial-services sector.

Businesses across the continent are quickly starting to realise the strategic business benefits offered by cloud computing and, as a result, are moving more and more of their business applications into the cloud, according to a cross-section of business leaders and analysts.

Many industries are embracing cloud, but some are more invested than others, notes Dobek Pater, director and analyst at Africa Analysis. Typically, sectors that have to comply with strict governance and compliance regulations in order to ensure that confidential information isn’t compromised are more cautious about public cloud. These include the heavily regulated financial services sector.

Banks and other financial institutions are very cautious and risk-averse, according to Pater. They rarely like to be on the bleeding edge of new technology and tend to introduce new technologies very gradually.

The evolution of cloud use among local financial institutions started out with private cloud services, often customised to suit their specific needs and to drive efficiencies across a particular department, Pater says.

Private clouds spurred initial cloud usage

“This is where the first growth in cloud took place. Services delivered by the private cloud (or clouds) became increasingly impactful and more organisations (both large and small) began to make use of them,” Pater says. And then public cloud took the spotlight, offering cost savings and lower friction because it is run by professional cloud service providers who manage, maintain and secure cloud environments for many different customers, so that users can focus their attention on other things.

Currently, the trend among larger companies is hybrid — a combination of some services in a private cloud and other applications based in public clouds, Pater says.

In the case of financial services, customer data may not leave the jurisdiction in which the bank operates. “Therefore, apps or processes handling customer personal data often have to be hosted in the private cloud in the country of operations because In the public cloud, this data could be stored anywhere in the world,” Pater says.

Beyond legislation, Pater explains, trust is one of the big reasons why applications that are considered mission-critical tend to be run from the private cloud, which uses a single-tenant architecture — meaning the computing infrastructure such as servers and storage devices are devoted to one business.

Even today, many businesses are sceptical about fully investing in public cloud, which uses multitenant architecture, because of security and redundancy concerns. This makes hybrid an even more attractive proposition.

Digital transformation pushes cloud migration

Migration to cloud is an inevitable digital transformation trend across all modern businesses, said Christine Wu, managing executive for customer value management at Absa Retail and Business Bank, in a recent CIO Q&A. She clarified, however, that while Absa has moved some things to AWS, the bank does not envisage that they will deploy 100% to public cloud within the foreseeable future. Acknowledging that their journey in the cloud has developed and shifted as regulations have evolved and as local cloud service provider options have expanded, she maintains that the bank still hosts part of its core computing on premises.

AVBOB Group CIO Helen Constantinides holds a similar view. AVBOB, a mutual assurance company, deals with a lot of financial information and while they are using the public cloud for some of their applications, one can’t just put core insurance and financial products in the cloud, she says.

“I think that there is a lot of cloud hype. But one needs to ask exactly what people are migrating to the cloud,” Constantinides says. “Moving a small application to the cloud is a relatively easy decision to make but it’s more complicated to move and integrate your core business applications. I do not think that any of the major, core applications in any financial institution, insurance or banking environment are in the cloud.” Some companies may be taking front-end services and applications into the cloud or they might be using Office 365, she notes. “But have they taken their entire data centre into the cloud? Absolutely not.”

The big banks, financial institutions and insurances houses all have many, huge data centres across the country, according to Constantinides. “To take all of this and put it into the cloud, simply isn’t feasible because you would have to modernise and adapt all of these applications in order for them to be cloud ready.”

Legacy systems work on-premises

Leaders must recognise that not all clouds work for all of their needs and some of the legacy systems and applications work better on their existing on-premises infrastructure, Constantinides explains. There is a growing need for both flexibility and reliable security, hence the shift in the past year to hybrid and multi-cloud strategies.

“A hybrid strategy presents the best path to engage with a rapidly changing infrastructure landscape as it enables [companies] to better manage legacy and data-intensive processes, while simultaneously embracing new born-in-the-cloud applications, ” Constantinides says.

Sanlam Indie, the digital brand of insurance company Sanlam, uses cloud for everything they possibly can without compromising on governance or compliance requirements. According to Giulio di Giannatale, technology lead at Sanlam Indie, the brand makes use of public cloud because it allows them to keep their team small, even as the business grows. “We don’t have to be experts in networks, hardware, storage and virtualisation solutions before we start deploying workloads. We would rather spend our time improving our own platform than building infrastructure,” he says.

Defining infrastructure avoids vendor lock-in

The company currently host on AWS exclusively, but they have made sure that the infrastructure is defined in code — using Terraform and AWS CloudFormation software  infrastructure tools— so that it is consistent and repeatable and can be deployed like an application. This also means that they can host in multiple clouds in the future and avoid vendor lock-in.

“We run our entire platform in the cloud (our web stack, code repo, deployment tools); we use a cloud hosted productivity suite (Google Workspaces and Slack) and our agile tools (Miro, Asana) are cloud-based,” says di Giannatale. “We are even currently moving to a cloud-based product (JamF) to roll out endpoints for our staff when they require new laptops. And even products that are considered non-cloud based, so any applications that we are not allowed to consume the cloud version of due to policy from Sanlam, like our anti-virus solution and DLP [data loss prevention] tool, are still hosted on EC2 instances within AWS.”

While for security purposes, Sanlam Indie do isolate some services to provide them with the ability to limit blast radius if anything is compromised, di Giannatale believes that cloud providers like AWS hire teams of security related staff that are experts at what they do and are compliant with governance standards.

“Personally I think that the sheer scale of the top three cloud providers allows them to be more experienced and better equipped to deal with security or privacy related events than the scale my own business can afford,” di Natale says.

The industry’s hesitation about cloud is about two things, he says — trust and ego. “You need to trust someone else’s architecture, hardware, staff and commitment to service you, with integrity, at the same levels that you would service yourself.”