Seeing through the Cloud
Cloud services need education, articulation to take root in Asian trading
Uncertainties over cloud-based services persist in financial services, and particularly in the trading world. Migrating trading architecture to the cloud has been hindered by regulatory limitations and the lack of a compelling business case.
However, best practice is emerging. As the industry gathers around best practices and establishes uniformity in cloud technology applications, regulatory approval should become easier.
A Cloud by Any Other Name
30 senior leaders from trading and technology backgrounds attended the roundtable discussion in Hong Kong at the China Club, hosted by GlobalTrading. The discussion began with charting the industry’s current usage of cloud services.
“Cloud is a dirty word,” mused Patrick Shum, Head of APAC Trading Systems for Fidelity Worldwide Investment. “Many banks and asset managers are going through a market exercise to understand what applications and cloud technologies we are already using”, Shum added.
“We have always used clouds in the electronic trading world when we used private networks. The question of using the cloud comes up when we discuss public networks,” explained Jim Timmins, COO of FIXFlyer. In years past, financial technology firms built proprietary data centers and maintained all of their data locally, however, many firms now comfortably use secure third-party data centers with managed infrastructure and software for corporate business operations and it is now ripe for FIX and electronic trading Timmins noted.
The understanding of what the cloud is and what it can do is increasingly mature, according to Gareth Bridges Senior Manager of Enterprise for Equinix. “People are starting to consider the implications of data sovereignty, regulatory compliance and leveraging other cloud applications.”
One firm actively considering such applications is Macquarie. “We have been looking to drive usage of the cloud across a spectrum of businesses, but every business’ appetite for cloud applications is different depending on the need they are trying to solve,” commented Ashok Kalyanswamy, Global Head of Equities and Futures Technology at Macquarie. “The number one differentiator of a cloud offering is utility billing and using Infrastructure-as-a-Service, because traditionally technology costs locked in capital expenditure,” observed Kalyanswamy.
It is easier to make the business case to regulators for using the cloud for storage and compute in testing environments, but a production environment in a public cloud faces too many security hurdles at this time, Kalyanswamy said.
Regulation and Security
The reality is cloud computing is saddled with it’s initial positioning. Described as an amorphous, ‘puffy white cloud’ where data was held without individuals and companies needing to worry about how and where that was done; but this worried regulated business, suggested Stacy Baird, Chairman of the Asia Cloud Computing Association (ACCA) Data Governance Committee.
An ACCA report examining 14 Asian countries found the cloud services provider needs to work with the client to get through the regulatory process. “There has to be a better understanding of the regulatory environment by the cloud-services provider as well as the kinds of services will fit that regulatory compliance framework,” Baird said.
The report, Asia’s Financial Services: Ready for the Cloud – A Report on FSI Regulations Impacting Cloud in Asia-Pacific Markets, scored jurisdictions specifically on their approach to cloud for financial and insurance applications.
From a security perspective, internal technology systems may also have greater risks than third-party systems, Timmins said. “Cloud-services providers such as AWS and Lucera have setup their infrastructure from the ground-up to meet information security and regulatory requirements and more importantly systematically update that infrastructure. These cloud-providers can do a lot to help their clients with maintenance and reporting of security updates to improve regulatory and compliance auditing.”
In the past two years, regulators have become more interested to learn how cloud computing can work for their regulated community because they heard of the business benefits, but did not understand how it could fit into their compliance and security regimes, Baird said.
Identifying Best Practice
FIX connectivity which is today a commodity in the capital markets industry becomes a successful case study for trading architecture in the cloud. Whereas trading desks used to own the physical connections to their various brokers and counterparties to achieve an advantage, reliable FIX connectivity via a managed cloud service allows traders to focus resources without dedicating time and personnel to managing a wired FIX infrastructure, Timmins explained.
Latency-sensitive systems, however, do not fit that model. “If it’s latency-sensitive, for example market-making, activity will still be on a traditional compute platform until the performance in virtual environments is suitable” Kalyanswamy said.
Understanding not only which business processes can be moved to the cloud, but which parts of the business process can be moved, is critical for ensuring data compliance. “Moving to the cloud will not be about picking up what we have today and dropping it into another facility. We should look for ways to solve customers’ bigger problems by improving application capabilities through direct access to multiple clouds, data sources and network providers,” Bridges suggested.
A better understand the location of customer data should enable more informed decisions about what to keep on the cloud as security improves. “As a customer, I’m pleased to see the providers investing in cloud-computing,” Shum opined. “When we have business problems, cloud-services should provide additional tools we can deploy to solve them.”
We’d love to hear your feedback on this article. Please click here