What is Cloud Concentration? Why are banks worried about it? Is Cloud Portability the Answer?

By Dan Holt, Cockroach Labs.

  • 1 year ago Posted in

In the Bank of England’s semi-annual Financial Stability Report, the central bank expressed its concern about risks associated with cloud computing data centres, and how that could affect financial stability in the UK. The report identified three reasons for this issue: concentration of data centres; concentration of financial services firms that operate data centres; and concentration of cloud service providers themselves. According to the Bank of England, addressing these issues will be necessary to prevent systemic risk in the banking system.

What is Cloud Concentration?

Cloud concentration risk refers to the probability of having all of your assets in one specific cloud provider. For example, if you only use Amazon Web Services (AWS), then your risk is 100%. For Critical national infrastructure and major financial services applications, this is an inherent risk that could have widespread ramifications including financial impact due to breaches in SLAs, brand deformation due to poor customer experience and overall poor experiences for businesses and end users.  

What is Cloud Portability?

Cloud data portability is the ability to easily transfer data and applications from one cloud service provider to another cloud service provider. This helps keep the market in balance by ensuring no single cloud provider becomes “the only” cloud provider a service can run in and in turn, reduces the risk of concentration.

The Bank of England's concern

Cloud Concentration has become a major concern for central banks. As more and more companies decide to shift their workloads to the cloud, there is a growing risk that a single instance of downtime or a cloud provider going out of business could lead to catastrophic consequences. Not only would this be detrimental to businesses and end users, but it would also affect the wider economy with knock-on effects on jobs and confidence in the economy if these applications were part of the national infrastructure such as core banking platforms. If just one company goes under due to lost data, it could have ripple effects for years to come. 

In an attempt to avoid such scenarios happening in the future, Bank of England Governor Mark Carney is calling for regulation that ensures adequate diversity in cloud providers. He points out that there are currently no hard and fast rules about diversifying your workload among different providers, meaning too much power can rest with any one provider which increases concentration risk even further.

What does this mean for you?

The Bank of England is worried that there will be a significant concentration of risk if one company provides cloud computing to all institutions. This is due to the fact that if this company were to fail, it could take an entire economy with it. It's important for consumers and businesses alike to make sure they're not putting all their eggs into one basket when dealing with cloud-based services. 

A recommendation is to use providers who offer on-site backups as well as offsite ones so that your data is more secure. You should also consider using a hosting provider that offers redundancies in its infrastructure so that even if one region goes down, your service isn't affected. 

Another way to mitigate risk is to use a multi-cloud strategy which means having access to multiple providers. Remember: by using more than one provider you can significantly reduce any single point of failure in your organization's operations.

Action points to avoid Cloud Concentration risk

There are a lot of companies that store all their data with a single provider, which may pose a problem if anything goes wrong with the system. The Bank of England fears concentration risk related to cloud services. By using multiple providers and storing their data across them, companies can avoid this problem. 

Also, they should diversify both their supplier base as well as the location where they store their information. However, it is important to consider the risks when implementing these solutions and ensure that they are taken into account appropriately. 

For example, one risk is that the company might not be able to access some information because of jurisdictional restrictions or because there were errors made during the migration process. To address this issue, companies must first identify what country-specific laws apply to their data and then make sure they have an appropriate strategy for migrating data from one jurisdiction to another.

Using a Cloud Agnostic Database like CockroachDB can help ensure from a data persistence layer your data is protected from Concentration risks by allowing you to run your database across multiple clouds, in a hybrid manner or simply having the ability to deploy in any cloud giving you the assurance around cloud portability.

By Terry Storrar, Managing Director at Leaseweb UK.
By Dave Errington, Cloud Specialist, CSI Ltd.
By Rupert Colbourne, Chief Technology Officer, Orbus Software.
By Jake Madders, Co-founder and Director of Hyve Managed Hosting.
By David Gammie, CTO, iomart.
By Brian Sibley, Solutions Architect, Espria.