In Accenture’s recent perspective on the new cloud imperative in capital markets, we said leveraging cloud is vital for good performance in a digitized capital markets world. But we also pointed out that we estimate that today only between 5% and 10% of technology solutions across the industry are public cloud based.
Why the gap – and how to close it? An interesting light has been shed on these questions by recent research we’ve conducted among 750 organizations already engaging with cloud across various industries.
Barriers to cloud according to a recent Accenture survey …
In this research, we asked executives to identify the hurdles to achieving the expected value from their cloud initiatives. Across all industries, those most frequently cited in the top three were:
- Security and compliance concerns (46%)
- Legacy infrastructure and application sprawl (40%)
- Misalignment between IT and the business (40%)
- Complexity of business and operational change (39%)
- Data sovereignty concerns / regulations (39%)
Now contrast that list with the responses we received from the 66 capital markets firms who participated in the survey. For them, the barriers most frequently cited in their top three were:
- Legacy infrastructure and application sprawl (52%)
- Misalignment between IT and the business (50%)
- Security and compliance concerns (48%)
- Lack of cloud skills within the organization (39%)
- Data sovereignty concerns / regulations (36%)
… and some thoughts on why those are different for capital markets
Clearly there are overlaps, but I find the differences – both in the ranking and in the percentages – much more interesting.
Looking at the barriers called out in the top three by capital markets firms, it’s hardly a surprise that the biggest is legacy infrastructure and application sprawl. Anyone old enough to have worked in the industry in the early 2000s would remember the boom in application development that went hand-in-hand with headlong innovation in financial products. There was also a rush to sign up for third-party solutions at the time.
Twenty years on, many of these systems are still in place – and updating them is often hard to justify, especially now they’ve been largely optimized. Given the investments in many large systems over this period of time, there is now often a lot of complexity in the applications themselves and the number of up and down stream dependencies can be huge. It is no small undertaking to break that apart during a cloud transformation effort, especially for those transactional systems that sit in the middle of business processes and workflows and would require a multi-year investment to replace.
The second barrier to realizing the benefits of cloud in capital markets – misalignment between IT and the business – is in my view a reflection of the differing priorities and pressures on each side. The business wants to be agile and move fast. IT would like to oblige – but it’s usually constrained by legacy systems, regulatory obligations and, in some cases, globally streamlined operations for specific functions.
For both sides, cloud’s ability to dial resources, capacity and costs up and down would be ideal. The problem is how to get there.
Third, but not least, are security and compliance concerns – which I’m slightly surprised weren’t ranked first. On compliance, many financial regulators have not yet been really clear about their position on public cloud migrations so far, an issue compounded by the differences between various jurisdictions if a firm is active across the globe. In response, we observe firms are moving more towards an approach based on ‘deemed acceptance’, but that’s hardly ideal and has had a material impact on the pace of public cloud adoption.
And with security, protecting customer data remains at the top of the industry’s priorities, given the twin risks of regulatory action and losing customer trust. Hence many firms still harbor concerns over putting customer data in the public cloud. What we observe as a result are high investments into preventative, detective and responsive controls across network, data, applications and user access when building and running on public cloud—both from the capital markets institutions and the cloud providers themselves who continue to constantly build out security features on their products.
What came to me as a surprise – on a side note – is the data point around ‘lack of cloud skills’. It ranked 4th in capital markets and drops across all industries into the 7th place (albeit not with a huge difference in the percentages). I believe that capital markets firms have arguably one of the deepest pools of IT talent of any industry. My take on this one is that within capital markets the lack of cloud skills probably isn’t so much related to the architectural or engineering skills to implement cloud, but more likely to missing hands-on experience. Put simply, I believe that capital markets IT teams could probably implement cloud more easily than in other industries, but they struggle to do so at scale and while keeping pace with fast moving environments that put out many requests at the same time for cloud support.
Things to do today
That’s my high level take on the biggest barriers to realizing the benefits of public cloud in capital markets. But what steps should you take to overcome them? Here is my list of the top three things to do today:
- On legacy infrastructure and application sprawl, start by working out which elements you want to take to the cloud and which ones you want to build fresh. This also involves understanding application and data interdependencies.
- On IT and business misalignment, adopt a value-driven approach to cloud migration. This means seeking out opportunities that add short-term value to unlock funds and business buy-in for the journey. It is critical to ensure the cloud strategy is understood across all of leadership – both within IT and the business. And the strategy execution should include both the resources and operating model changes that might be needed to maximize the benefits from cloud initiatives.
- And on security, put security at the front of everything you do. The key is to make sure that security is embedded and incentivized to support your cloud journey and that proportional controls are in place to manage any kind of risk.
The message? In capital markets – as in other industries – cloud transformation is something whose time has come. So, the barriers to capitalizing on it can and should be addressed, and the players that move first would likely have the edge. Which means, in return, the time to start is now.
I’m happy to hear your feedback and comments to my thoughts, and feel free to reach out to me directly for a discussion at [email protected].