Why the Bank of England has it head in the cloud over data security

Guardian Technology 21 Jul 2021 05:00

The Bank of England is at risk of moving too slow, according to experts, who say it needs to get a grip on the financial sector’s plans to outsource customer data storage to a handful of unregulated US tech giants.

Last week, the central bank raised fresh concerns about the use of cloud services, where data is held on remote servers run by another company. It said the fact the services were dominated by just a few companies – such as Google, Amazon and Microsoft – posed a potential threat to financial stability.

“Cloud service providers are an increasingly integral part of the infrastructure of the financial system,” the Bank governor, Andrew Bailey, said. “And there are many good reasons for that: it’s a model that works.”

But the fact that a growing list of financial firms rely on just three tech companies to run their day-to-day services has increased the risk that multiple banks could be affected by cybersecurity risks, hacking and outages aimed at a single provider. Their dominance also means they can dictate the prices and terms of their services, and potentially withhold key information about risks from clients and regulators.

The regulator is now trying to secure those assurances before it has its own cloud-based data breach to deal with. “The big problem here is technology is moving faster than regulators,” said Sarah Kocianski, the head of research at the fintech consultancy 11:FS.

HSBC, which already had agreements with Google and Microsoft, announced last June it had struck a multi-year deal with Amazon Web Services to help run new services for its wealth and personal banking business – a division that serves millions of customers worldwide – as part of its “digital transformation plan”. Meanwhile, Lloyds has launched a dedicated “Cloud Centre of Excellence” tasked with ensuring the safe adoption of cloud services, provided by Microsoft and Google, across the entire organisation.

“Most banks are not capable of building this stuff themselves. They don’t have the talent, they don’t have the time, they don’t have the expertise. And quite frankly, why would you build it if you could buy it?”

The Bank of England, which is understood to be speaking to cloud providers on a monthly basis, said last week it was working with the Financial Conduct Authority and the Treasury to try to address the potential risks, but could only go so far without international cooperation given that most of those cloud service providers were headquartered overseas.

It puts further pressure on cross-border regulators such as the Financial Stability Board and the Bank for International Settlements to set global standards, and fast.

“You have to regulate now,” he said. Trying to implement rules in five years, when the amount of cloud-based data was potentially 100 times bigger, “will be too hard”.

Continue reading original article...


US tech giantsSarah KocianskiBank of EnglandAndrew Bailey
You may also like