Combatting Cloud Concentration Risk with a Multi-Cloud Approach

For global financial services organizations, cloud services present tremendously beneficial solutions for improving business processes, streamlining software development and enhancing productivity. As our previous blogs have underscored, cloud-native SaaS-based applications are designed, developed and deployed with cybersecurity and business continuity in mind, and they are quickly, easily and automatically patched and updated to stay ahead of threats. 

Yet as organizations increase their dependency on public cloud services, global regulators are flagging concerns over single-cloud concentration risks. Informed by Insights from FundGuard CTO, Yaniv Zecharya, and our VP of Cloud Operations, Elad Dotan, this blog looks at some of the so-called risks and discusses how a multi-cloud approach can help to mitigate current concerns. 

What is Cloud Concentration Risk?

Cloud concentration risk is a broad term we use to describe the risks associated with relying too heavily on a single cloud service. This is an issue that can be seen across most industries but is of particular importance in the very nuanced and heavily regulated financial services sector. 

There are many aspects to cloud concentration risk that can make it a complex challenge to deal with. 

For instance, imagine an asset management firm that deals with clients on both coasts of the U.S. If this firm leverages only one cloud service from one provider to support its entire digital infrastructure — think digital reporting dashboards, mobile apps, etc. — then the entire value chain is at risk of major downtime should any issue occur on the cloud service provider’s end. 

This problem only becomes more complicated when we consider that this business is dealing with outages on either coast, meaning it is likely also encountering communication challenges due to differences in time zones between the two coasts.

Now, consider how the complexity of this problem increases if the single cloud service also supports international business. In this scenario, the organization is dealing not only with an outage but also with separate jurisdictions that may dictate differing requirements for instances of downtime. 

All-in-all, it’s safe to say that cloud concentration risk is not an obstacle to ignore until it’s too late. 

What is Multi-Cloud & How Can It Mitigate Cloud Concentration Risk?

Solving the problem of cloud concentration risk can be a very complex discussion. To truly dissect this topic, it is important that we have a clear understanding of where, exactly, the risks reside.

As stated, cloud concentration risk is born out of over-reliance on a single cloud service, which brings with it an increased risk to business continuity should that cloud provider experience a failure. 

Rather than relying on a single cloud service, best practice in business continuity planning calls for a multi-cloud approach that utilizes multiple cloud services to maintain a digital infrastructure.

These diversified services can come from one or multiple cloud service providers. While working with one provider can certainly be advantageous for keeping each cloud environment well-connected, it can also be beneficial to have a secondary backup provider in the event of a major outage.  

How Does a Multi-Cloud Strategy Work? 

The multi-cloud strategy can actually be carried out in a few different ways.

In terms of the most common multi-cloud approach we see today, it is undoubtedly the use of one or more cloud services and providers to support a different application in each cloud environment.

A rarer use case for multi-cloud is the establishment of parallel cloud environments that use the same data and resources but are ultimately separate systems. These cloud environments mirror each other but are only available to certain users, such as clients within a specific region.

Enabling parallel cloud systems enables you to keep a cloud environment up and running at all times, meaning that if one should fail, the others are on standby to pick up the slack.  A multi-cloud approach that uses parallel cloud environments enables you to set up cloud services that draw from the same data and resources while still remaining separate entities. These parallel environments are often deployed to help overcome the challenge of various regulatory requirements found in different jurisdictions around the world. 

How Can a Multi-Cloud Increase Business Resiliency? 

In traditional business infrastructures that have relied on physical on-premises hardware, like servers and data storage facilities, businesses would work to achieve geographic redundancy — an approach to maintaining a computer network that replicates data across multiple datacenters that mirror one another.

By maintaining multiple datacenters, a business could ensure its data remains relatively safe and accessible in the event of one datacenter becoming compromised by a natural disaster or another physical event. 

From a cloud perspective, the risk of physical threats like natural disasters is not as prevalent of an issue. However, downtime and outages are very real problems in cloud computing that can cause major disruptions in not just your business but in the lives and businesses of your clients as well. 

Through a multi-cloud approach, your business can establish the necessary redundancy needed to avoid such outages altogether — especially if you leverage more than one cloud service provider. 

What Should Firms Consider in their Efforts to Reduce Cloud Concentration Risk? 

As stated in our introduction, as dependency on public cloud services continues to increase, global  regulators and industry organizations are releasing proposals for guidelines that would address single-cloud concentration risks:

• In a recent report from the U.S. Department of Treasury, it was stated that the small number of service providers that currently dominate the cloud market poses a risk of increasing concentration. 

• European regulators such as ESMA have also raised concerns, and the European Cloud User Coalition has recently released position papers outlining what they feel are the key solutions enabling more effective public cloud adoption in the EU. 

From FundGuard’s perspective, the approach to combatting cloud concentration risk is two-fold: 

• First and foremost, not only CTOs and IT teams, but also those with oversight responsibilities, e.g., fund managers, board directors and regulators alike, should become educated on the risks of single cloud concentration. For the financial sector as a whole to fully embrace the cloud, the industy must take a closer look at how cloud concentration risk varies from segment to segment.
• Secondly, vendors and other providers need to be asked more directly about how they address and account for cloud concentration risk in their own products and services. 

FundGuard’s Multi-Cloud Approach  

At FundGuard, our cloud-native solutions are designed with a multi-cloud approach in mind. 

Along with our primary cloud service provider, FundGuard also leverages parallel cloud services to ensure easy access from multiple regions, as well as maintaining a secondary provider as a failsafe mechanism if a serious instance of downtime or an outage were to occur.

Get in touch with FundGuard today to learn more about our cloud-native, AI-powered investment accounting platform for asset managers and their service providers.