Although the security requirements for cloud computing are particularly high in the financial industry, more and more financial institutions are relying on cloud solutions.
Greater flexibility, leaner processes, better scalability: these and other reasons are massively driving cloud use in companies. Only the financial sector has so far reacted cautiously in the face of uncertainties. But the new study “Cloud Monitor 2023: Financial Services” from KPMG shows that the industry cannot ignore cloud computing if it wants to help shape technological change. For Daniel Wagenknecht and Gerrit Bojen, both partners in the Financial Services department at KPMG, it is clear: in the next few years, financial service providers in Germany will catch up with the overall economy in terms of the maturity and level of use of cloud solutions.
62 percent use a hybrid approach
High demands on the security of financial processes as well as extensive compliance and legal regulations are key reasons why companies in the financial industry often avoided public cloud computing in the past. However, they have now realized that the cloud can be designed to be secure. The vast majority of financial service providers surveyed with more than 50 employees now rely on cloud solutions. Six out of ten institutions (62 percent) follow a hybrid approach, meaning they use public and private cloud services in parallel. 21 percent use pure public cloud services, 17 percent use pure private cloud services. A total of 518 companies with more than 50 employees from the German economy were surveyed for the Cloud Monitor, including 100 financial service providers.
The mixed form model is particularly pronounced in financial institutions that have 250 to 4.999 employees. Here, 75 respondents stated that they use both private and public cloud solutions. If you compare the results of the financial institutions with those for all 518 companies surveyed, it is clear that financial service providers are ahead here. Across all industries, the proportion of companies with a combination of both approaches is only 58 percent. The financial industry, with a historically grown IT infrastructure, sees a particular advantage in developing applications directly in the cloud in the future. The mix of public and private cloud services allows you to choose the appropriate deployment model depending on your needs and the sensitivity of the data. That explains why they are among the pioneers here.
“Cloud first” is becoming the rule in finance
“Cloud First” is now the dominant strategy in the financial industry: 63 percent of the banks and insurance companies surveyed that already use clouds implement new developments or IT projects preferably – but not necessarily – in the cloud (2021: 44 percent). Only eleven percent of the companies surveyed pursue a cloud-only approach with the aim of migrating all new and existing systems to the cloud. This strategy is particularly common among institutions that only use public clouds. A comparison of the financial industry with the market as a whole makes it clear: the cloud strategies of financial service providers are more ambitious than those of companies in other industries.
Clouds don’t just bring benefits to IT
When asked about the added value that cloud computing brings to the individual areas in the house, IT is clearly ahead: 63 percent see a lot of added value here. This is hardly surprising. What is noteworthy, however, is that those surveyed also see a high added value in cloud computing for other areas of the company. Whether organization, compliance, payment transactions, risk management or loan processing: in each unit at least three out of four companies benefit. This makes it clear: The advantages of clouds usually extend across the entire value chain. Computer-intensive areas of the company benefit the most. The size of the company also plays a role: While start-ups and young FinTechs often rely on cloud-based outsourcing of IT and business processes right from the start, large banks and insurers with more than 5.000 employees have not yet completed their cloud transformation and can therefore not yet benefiting from significant added value.
Public clouds more resilient than on-premise IT
Many stakeholders in the industry have long been convinced that cloud solutions are less secure than on-premise IT. However, this assumption is incorrect. Cloud providers today offer a high level of “Security of the Cloud”: This refers to security systems that detect and ward off external cyber attacks at an early stage. In fact, public clouds prove to be more resilient compared to on-premise IT. The study results support this: 71 percent of those surveyed stated that they had been affected by a ransomware attack within the last year. Only six percent report attacks that only affected cloud infrastructure. 16 percent report attacks impacting cloud and on-premise infrastructure. And more than one in four (26 percent) recorded attacks that only affected their own systems.
However, the companies themselves are responsible for protecting data and applications in the cloud (“Security in the Cloud”). That's why the issue of security should be taken into account when cloud transformation by banks and insurance companies. The majority have already recognized this: 90 percent of the institutes surveyed with public clouds use a DevOps or DevSecOps approach. With these methods, development and IT operations are consistently combined and the topic of security is increasingly integrated. 61 percent of institutes that use DevOps or DevSecOps methods improved security. 58 percent benefit from improved quality and 53 percent report greater agility.
Majority thinks positively about EU-US data protection agreement
Transatlantic data exchange will increase with increasing (public) cloud usage. After all, many cloud providers are based in the USA. The particularly high demands on data security pose enormous challenges for the financial industry. With the Trans-Atlantic Data Privacy Framework, which the EU Commission adopted in July 2023, there is now a new legal situation for the secure transfer of personal data from the EU to the USA. When asked how the new EU-US data protection agreement will affect further cloud use, 54 percent of cloud-using institutions answered “positively” and 26 percent answered “very positively”. Differences in weighting naturally arise due to the cloud approach taken. Of the institutions with a public cloud model, 57 percent expect the agreement to have a very positive impact on their own cloud usage. When it comes to houses with a hybrid model, however, only 13 percent expect very positive effects.
In summary, it can be said: After years of hesitation, cloud computing is now standard in the financial industry. Numerous areas of the company usually benefit from its advantages. However, the study also reveals that the type and extent of cloud use varies greatly within the industry and can be expanded. One of the most important reasons for using the cloud is currently IT security, as cloud providers today often offer better protection than on-premise alternatives. DevSecOps methods that make security an integral part of the entire development cycle make a decisive contribution to resilient IT systems.
About the Study
The Cloud Monitor has been examining cloud use in the German economy since 2012. A total of 518 companies with at least 50 employees from various industries were surveyed for this year's study. This includes 100 companies from the financial sector. The “Cloud Monitor 2023: Financial Services” is an extract from the overall study “Cloud Monitor 2023” and offers current insights into the use of cloud computing in the financial industry.
In Germany, too, KPMG is one of the leading auditing and consulting companies and has around 12.200 employees at 27 locations. Our services are divided into the business areas Audit, Tax and Advisory. Audit focuses on the examination of consolidated and annual financial statements. Tax stands for the tax advisory work of KPMG. The Consulting and Deal Advisory areas combine our high level of specialist know-how on business, regulatory and transaction-oriented topics.
Matching articles on the topic