To date there has been some reluctance amongst asset managers with respect to managing their security and product master data in the cloud, yet the same organizations are actively pushing their CRM data into the cloud. Why is this? Why does the sales side of the organization readily embrace such change when the investment operations teams are more cautious?
Security concerns cannot be the reason, even if they are the reason most often cited by investment operations teams who are not willing to embrace the cloud. For a financial services organization, there is nothing more sensitive than their clients’ personal details – so if you consider the number of firms actively using cloud-based CRM systems like Salesforce.com – this negates the security argument.
But positioning of security and product master data in the cloud is just as sensitive. Of course, the security and product masters contain commercially sensitive data, but no more sensitive than client data found in many CRM cloud implementations. So we should agree that security concerns, while valid, are not the core reason we do not see the same level of enthusiasm.
Some would argue that the sales side of the organization are by their very nature risk takers, but the technology side of the business might argue that it is the quality of the offerings that is the only impediment to such decisions.
Cloud service providers, whether they are CRM or data management vendors, are all massively aware of the security risks posed by hosting sensitive third-party data – the fact is your data is probably more secure in a cloud provider’s environment than in your own, such is the focus on security.
Some believe that it is the complex relationship that often exists between IT and the sales and marketing units that is the root cause for so many sales units engaging the cloud. In the asset management world, the sales and marketing teams are often at the end of a long line of business units looking for strategic IT initiatives to be acted upon. To this end, sales and marketing teams have learned to become self-sufficient, which as an aside is probably also the root cause for the creation of the myriad of manual processes and Excel / Access-based data management initiatives found in the marketing and sales departments.
Since the investment operations units in asset management organizations have traditionally had a much closer relationship with the IT department, they have never felt the same need to explore alternative solutions. This is not to say that investment managers are not exploring data management in the cloud, just that they require a greater level of understanding of the advantages and disadvantages of such a venture. The providers of cloud-based technology and services themselves have also had to up their game to sell the benefits.
So what merits does the cloud bring to an investment operations team? First of all, let’s debunk a myth – putting your data management solution in the cloud is not outsourcing, nor is it off-shoring. Cloud data management service providers generally engage in partnership-led operating models where they work hand-in-hand with the client towards a common goal, or they simply use the cloud provider as a technology platform in the same way they would engage with their own internal IT department.
Working in the cloud means:
1. Not having to worry about where you currently fit into your IT department’s strategic roadmap
2.Your environment is managed by a team of professionals whose only goal is to ensure that your environment is working and secure
3. You are always on your vendor’s latest released platform version
4. You have one less system to worry about in your BCP plans
So what about the disadvantages? And how do you mitigate against any risks? What should you be worried about?
1. What happens if you want to disengage from your cloud provider and take your process and data back in-house, or indeed have it managed by a different provider?
- This is something that needs to be considered carefully before engaging with any solution in the cloud. Before you engage, ensure that your contract and your SLA are watertight and replicate data back to your own data center so you always have a local copy at arms reach.
2. How do you integrate the solution into your organization’s broader BCP plans?
- Ensure the vendor you choose to partner with has a fully documented and regularly tested business continuity plan that ensures your data is available according to your own stated ‘Recovery Time Objective’ and ‘Recovery Point Objective’ – then ensure your vendor runs the BCP tests with your involvement.
3. How do you know your data is secure?
- You absolutely must do your full security due diligence – including externally-commissioned penetration testing.
4. What about latency between your site and the cloud?
- Run full latency checks before the engagement and ensure latency is captured as a KPI for SLA measurement. Cloud providers are generally located at key Internet hub data centers to reduce latency concerns
5. How do you know the vendor will provide a good service?
- If you go down the partnership route, ensure you have an SLA that is considered an evolving document which is regularly reviewed and enhanced as your relationship develops. The SLA should set out the expected minimum service levels and the target service levels – with appropriate KPI measures identified for regular reporting.
6. What if your vendor goes bust?
- Before any engagement, ensure your due diligence process includes a full financial review. In addition, insist on an escrow agreement to ensure you have access to the technology software in the event that the vendor is no longer financially viable.