Regulatory and licensing issues are delaying adoption of cloud computing and online, on-demand computing, known as Software as a Service (SaaS), by securities firms.
Nevertheless, as rules are worked out, these technologies should take hold over time.
So says Jeff Goldberg, senior analyst at Boston-based research firm Celent, in a February 3 report on “Cloud Computing, SaaS, and Technology Outsourcing.” The report grew out of a Celent webinar on the topic, and addresses issues raised by webinar attendees.
Several concerns center on regulation, Celent says. Specifically, if local regulations require that customer data be stored on servers within that region, what can a firm do about the unknown location of cloud servers?
In an interview, Goldberg – who also moderated the webinar -- said that to deal with this issue some cloud computing vendors are trying to place servers regionally, to meet the need. He couldn’t speak for them, but this would be logical for IBM, Microsoft or other suppliers of cloud services, he indicated.
Still, many vendors see the anonymous location as a net positive, he adds, since it improves security.
Another frequently-voiced concern: If cloud providers don’t make their auditing processes known to customers, won’t those customers be prevented from meeting government standards?
Goldberg concedes that this issue may prevent many financial services firms from working with those vendors. “Vendors who want to capture large financial services firms as clients need transparency into the auditing process,” he says. Some vendors, such as IBM and Microsoft, may have a model data center that allows a user to “really view what the auditing standards are,” he says.
The fact that cloud computing providers can have server networks that go across multiple jurisdictions can create further unknowns about how data will be handled in the event that another government changes regulations, Celent says.
“Regulators haven’t caught up with the notion of IT [information technology] outsourcing in this manner,” he adds. “At some point, perhaps in several years, cloud computing and SaaS vendors will be able to get certified by a regulatory body.”
In addition to regulatory issues, there are licensing questions. For example, financial services firms don’t yet know all the issues that might come with cloud computing or SaaS agreements. How do service level agreements need to change? “A vendor going out of business is very different when all the code is hosted externally rather than installed at the customer site, and the terms of the contract need to reflect this,” Goldberg said.
One major question about SaaS is whether it is more appropriate for products that can be used in “vanilla” form without having to worry about customizations. If a company has complex, unique needs, the ready-to-go nature of SaaS services can clearly be a poor fit, Celent said. Systems which require little customization can truly be provided “on demand,” with a company providing a credit card over the web and turning on access.
One example: Salesforce.com, which started as a service for keeping customer records online, available from anywhere at any time. Salesforce.com requires low levels of customization, and can be used without integration to the rest of the infrastructure.
A key to a good on demand model, Goldberg said, is allowing all necessary customization to be managed by a customer, online.
In compliance, Goldberg said he does not know of any vendor who is licensing software for firms to run in the cloud that allows them to maintain information needed to fulfill regulatory requirements. However, “many vendors are selling services that allow you to do better reporting and manage data better,” he says, which can help with compliance issues.
“It took many years to work out the rules governing web-based commerce and transactions – some still to be defined,” Goldberg said. “But this did not prevent a valuable technology from taking hold over time.”
This article can also be found at SecuritiesIndustry.com.
Carol E. Curtis is special reports editor at SourceMedia. She can be reached at carol.curtis@sourcemedia.com.
Be the first to comment on this post using the section below.