back to article UK regulators to scrutinise cloud resilience in response to financial services sector's reliance on the fluffy stuff

Banking regulators in the UK are considering closer scrutiny of cloud providers in light of recent outages and the financial services sector's increasing dependence on the computing model. The Bank of England's Prudential Regulation Authority (PRA) is currently looking into how it can get more access to data and systems used …

  1. Doctor Syntax Silver badge

    Banks and other financial services are among the stampede of businesses betting the farm on the cloud computing in the hope it can offer "modernisation", flexibility, and reduced cost.

    It's always a concern to see modernisation as an end in itself rather than a means to some other, more practical ends.

    While they're looking at this perhaps BofE could also consider data sovereignty.

    1. devin3782 Silver badge

      Data sovereignty that's a good term, I despise the fact that my bank uses a CDN for statement data and uses Adobe pervert-ware screen scraping/analytics stuff which they claim is for "my security". My banking data should never be given to a 3rd party without my explicit permission.

      1. Abominator

        Don't worry all the data Adobe collect will probably get lost when their cloud goes down, a bit like all their users photos as well.

        1. Anonymous Coward
          Anonymous Coward

          ...and it will go down, because no doubt they use their own bloaty PDF format for storing it.

  2. Abominator

    It's all in the cloud so its fine right?

    Oh, my oven has got stuck turned on and my cloud enabled app cannot turn it off because of an EC2 outage.

    1. Clausewitz 4.0

      There is no cloud: It's just someone else's computer.

      Never dies

      1. amanfromMars 1 Silver badge

        Out of this World Research Opens Up a Pandoran Box of Almighty Tricks .....

        .... for Earthly Employment and Surreal Enjoyment.

        There is no cloud: It's just someone else's computer. .... Clausewitz 4.0

        Clouds are just someone/something else in command with controls to other computers and able to enable A.N.Others to create and spread more than just mischief and madness and mayhem and conflict with a LOVEly CHAOS on Heavenly AIMissions with Experimental IT Experiencing Diabolical Root Routes to Otherworldly Alien Tasks ...... a Live Operational Virtual Environment for Clouds Hosting Advanced Operating Systems on Heavenly Advanced IntelAIgent Missions Experimenting with Immaculate Temptations.

        Walk the walk in a pair of those custom made boots, Clausewitz 4.0, and further cheap talking will be much more than just extremely expensive whenever it is able to generate unlimited untold interest for money to supply. The masterful trick then to engage and deploy, is to ensure that expenses are both unattractive and crushing to opponents and that principals accept all monies paid and that they are realised as forever invested to the greater benefit of all so interested to do with as be proven fitting ..... although as may be imagined and understood, such a choice may not be a supernatural collective decision ...... and there is not much, which may very well be absolutely nothing, that one can do about any and all of that, such be the nature of the future so rapidly unfolding before everything and everyone nowadays in a whole host of Novel 0days.

  3. Anonymous Coward

    How high the mighty have fallen

    The cloud has become the be all and end all for far too many organizations. Combined with outsourced IT (often to cloud providers) the suits are left looking at reports they don't understand with recommendations they can't evaluate. When there's an outage, they are as clueless as their customers as to why things are not working.

    This action by the UK regulators might be a feeble ray of hope.

    Assuming that banks in the UK are similar to banks in the US then the bank depositors are guaranteed their money by the government via the regulator. That guarantee is a big stick if the regulator is willing to use it. But that's a big if.

    The one idea that is floated in the article is that a cloud provider should be able to fail over to a different cloud provider. This is a good idea on many levels and bank regulators are one of the few regulatory agencies that could make it happen.

    If they have the will.

    They probably won't.

  4. Anonymous Coward
    Anonymous Coward

    Some financial services. Not trading platforms etc as the latency is FAR too high on virtual platforms.

    Five years from now when the 'cloud network engineers' can't fix everything with a right click and create a new virtual router instance the people like myself who work with real network devices and security appliances and understand actual networking will be raking in healthy daily rates upgrading the platforms that the virtual layer of abstraction runs on.

    1. Clausewitz 4.0

      Those 'cloud engineers', when presented with a command line, BGP route error, kernel panic, faulty daemon, usually call us.

      1. amanfromMars 1 Silver badge

        Of Needs and Feeds and Seeds Dangerous and Destructive to Know.

        Those 'cloud engineers', when presented with a command line, BGP route error, kernel panic, faulty daemon, usually call us. ...... Clausewitz 4.0

        With ‘us', Clausewitz 4.0, being exactly whom and/or what, .... although if one has to ask for further guidance and information on some such matters as critically matter immediately identifies one as not ready to know whenever to know can be so instructive and remotely engaging of others likeminded and one is not suitably prepared for series of disruptive answers?

        1. Clausewitz 4.0

          Re: Of Needs and Feeds and Seeds Dangerous and Destructive to Know.

          Talk is cheap. Come with money in a face-to-face meeting.

  5. amanfromMars 1 Silver badge

    In Praise of the Ancient Art of Quantum Being .... a PostModern AI Phenomenon.

    For example, providers could be forced to create a network of second tier cloud companies which can pick up workloads should they fail. “That's a really interesting conversation,” he said.

    The banking system has a singular monumental experience of such networking whenever it left the tied to the value and remittance of gold standard in favour of an internal incestuous committee led pricing policy for the marketing of the exchange of pretty fiat paper in lieu of anything of value and expensive.

    And seeing as how fundamentally and catastrophically badly that monetary experiment and experience has failed the wider general population because it be in the command and control of a similarly few and how easily it now be to flash crash with the minimum of effort, one can certainly understand their grave concern.

    However, as be the case with their own banking system, quite what it would be wise to do to save it and cloud providers from guaranteed future failure is something that more than just a heavily inwardly invested few are not even prepared to contemplate let alone attempt to activate and implement themselves, thus one can fully expect all manner of novel and major SWIFT Troubles ahead as A.N.Others, ..... which may or may not be virtually untouchable and relatively unknown, as in practically invisible and generally anonymous and autonomous party animals ...... take fully advantage of the myriad expanding and unfolding opportunities ahead which would both exploit and monetise the titanic vulnerabilities which are presented ...... and which some who be more than just a few might wish to protest creates conflict and chaos to add to the madness and mayhem produced and directed by failed and failing systems in such a rapid terminal decline.

  6. F0ulRaven

    A well set up Terraform script should fix this at a basic level, but the main problem is every cloud provider has a slightly different way of doing the same thing, so multi-cloud compatibly is always a work in progress!

    Even when they get rules in place to 'make it so', the reality is always going to be playing catch up!

  7. Potemkine! Silver badge

    This scrutinity is a good idea, but one has to wonder if the cloud customers asked themselves those questions before signing the contracts.

    "In many instances, public cloud has proven to be more resilient and more secure than on-premise solutions"

    It many instances the opposite has been proven too.

  8. Missing Semicolon Silver badge

    Built-in excuse, no more responsibility

    Now, when the bank's cloudy infrastructure becomes unavailable it's fundamentally not their fault, so they can just shrug. No more fail-over to the emergency DC, just "shrug".

    We will tolerate this because everything else is the same, and we just suck it up.

  9. LDS Silver badge

    "public cloud has proven to be more resilient and more secure"

    But the problem is that they are not 100% resilient and secure, and any outage or other issue means a far broader impact. With on-premises system, if bank X goes down, all the others are still up. With large clouds, there are far more chances most of them goes down at once. Even if your business has more than one bank account to cope with such situation, one may find that its redundancy is useless because all comes down to the same cloud.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like