Cloud

How Small Banks and Credit Unions Can Responsibly Transition to the Cloud

Cloud computing can be a challenge for smaller financial institutions to grasp, despite its clear benefits. A strong handle on regulations and management can help.

Ernie Smith

Ernie Smith is a former contributor to BizTech, an old-school blogger who specializes in side projects, and a tech history nut who researches vintage operating systems for fun.

The banking industry was notably early to many technological trends — for example, the blocky magnetic numbers used on many standard checks reflect banking’s first-mover status on computerized automation. But the cloud has been harder for some to warm up to.

One main reason is security. The financial industry faces more direct compliance challenges than other industries that have migrated to the cloud in a more widespread way. One study found that even large Wall Street banks were challenged to pull off cloud transitions, with issues of data privacy, cost and compliance among the biggest factors.

These challenges are equally true for small banks and credit unions, which work on a smaller scale but often face similar compliance hurdles. Additionally, as a recent Gallup study notes, credit unions have a reputation for doing the right thing for their members, which is a reputation that is critical for them to keep. But when done the right way, those organizations can reap the benefits of the cloud without sacrificing security or customer relationships.

Why Cloud Computing Matters to Small Banks

The pandemic has highlighted how critical the cloud can be amid disruption, given its ability to adapt to a workforce that is no longer guaranteed to be working out of the same building.

The benefits of the cloud come down to flexibility and scalability for many organizations. Public cloud tools driven by external hosting and management can empower organizations to remain agile as their needs change.

For banks, of course, things are a little more complicated with the enhanced need for security and regulatory compliance. But there are more security tools than ever at their disposal, such as hardware tokens and multifactor authentication. These solutions can help fortify the walls around sensitive data.

Security can also play a role in which cloud option banks and credit unions explore. Organizations wary of the public cloud for compliance and security reasons might prefer a hybrid cloud approach, in which some of the resources remain privately managed onsite but others are handled publicly, offering a stable balance of security and scale.

A study from IBM’s Institute for Business Value found that half of surveyed banking executives thought they could lower their cost of IT ownership with the hybrid cloud. The study also found that the most successful banks were both more likely to implement hybrid cloud strategies and more likely to benefit from their implementation.

Knowing Where Small Banks and Big Banks Differ on the Cloud

Small banks have traditionally struggled to modernize their tech, and the complication of vendor relationships has traditionally left them reliant on a handful of large vendors to manage many of their operations. While that dynamic is changing as technology evolves, it remains the legacy of IT in small banking.

For this reason, a recent trend in cloud computing, multicloud, may not necessarily be for them. Multicloud environments, considered an alternative to hybrid cloud offerings, may offer more vendor flexibility. But given the nature of smaller banks, having multiple vendors could be a deterrent from a management standpoint. It’s important to understand your business and what it can support.

But there remains a lot of upside for small banks and credit unions if they can find the right infrastructure partner. Even tentative steps toward the cloud, such as moving to accessible productivity suites like Office 365, can prove huge boons at this time.

Strategic and Regulatory Considerations for Cloud Transitions

With the regulatory landscape, moving to the cloud with sensitive information carries extra considerations.

Cloud environments are a major focus for regulators. This spring, the Federal Financial Institutions Examination Council (FFIEC), which represents all of the major banking regulatory bodies in the U.S. government, released a series of cloud computing guidelines for the financial services sector. Among other things, the document recommends that banks emphasize a strong governance strategy when managing a cloud computing setup.

The guide noted that creating and enforcing strong contracts was imperative for ensuring their proper management.

“Management’s failure to understand the division of responsibilities for assessing and implementing appropriate controls over operations may result in increased risk of operational failures or security breaches,” the guidelines state. “Processes should be in place to identify, measure, monitor, and control the risks associated with cloud computing.”

Other recommendations from the FFIEC guide include the implementation of strong inventory and access control systems, the implementation of virtual machines, a robust incident response capability and frequent testing of controls for critical systems.

These approaches will require much research and consideration on specific needs, but with the right partner helping to shape your infrastructure, these hurdles might be a lot lower than they seem.

DISCOVER: Learn more about how banks can use technology to get future-ready.

Illustration by Traci Daberko