Business Cloud News
Glenn Murphy, chief information officer, London & Capital

Glenn Murphy, chief information officer, London & Capital

Wealth management firm London & Capital recently completed a migration of its general ledger system to the cloud, shortly after replacing the company’s tape-based backup with a cloud-based solution. But the firm’s chief information officer Glenn Murphy told Business Cloud News that despite taking a ‘cloud first’ approach to IT, most providers are still unwilling to cater to the more rigorous security controls required in the financial services sector.

As far as financial services firms are concerned, opting for cloud-based solutions over tried and true on-premise products is quite a departure from what is traditionally seen in this vertical – not the least of which because of security and data sovereignty concerns.

“Being able to ensure that the security of the data, client data, often related to how much a person has within their portfolio, is a financial services’ company’s crown jewels,” Murphy said. “You have to be very careful with it, both in terms of how you select who holds that data, and ensure there’s a high and strong level of security in place.”

Murphy shared some details of London & Capital’s latest foray into cloud: moving its general ledger system, Microsoft Dynamics GP, over to a cloud-based platform. The platform provides payroll and human resources management capabilities, as well as business intelligence and reporting for the firm.

But rather than deploying it on the Windows Azure platform, the firm opted for a private cloud solution.

“We decided in favour of a private cloud solution as it offered more control over both the location of our data, and also the retention policies that we wanted to be put in place to meet regulatory needed,” he said.

Murphy explained that there isn’t anything particular to the Azure platform that made it too risky to place all of that data in the public cloud; the problem is much broader than that.

“Every software as a service provider will seek to put the industry standard controls in place, for example they may be looking to implement ISO 27001 for physical access, software and such,” he said. “But the challenge I’ve found for a lot of providers is their willingness, or perhaps their strategic interest in meeting financial services controls.”

He continued: “What that can mean is, for example, regular audits of their environments. That’s good in practice, but carries with it such an overhead for many third parties that addressing and verifying those extra security needs can be a very expensive. So their ability to offer services in that market become somewhat constrained and less profitable, which is why there are so few providers in this space. It can really be very onerous.”

Murphy pointed out that financial services isn’t alone here – healthcare, security and defence all look for higher levels of compliance from service providers, which are only now starting to live up to expectations.

He said service providers have a real commercial opportunity in this vertical among other highly regulated sectors, but it will take more time and investment.

“A lot of service providers recognise now that, when initially their solutions weren’t up to the expectations of financial services organisations, they had to develop additional requirements and additional solutions,” he said. “By taking those steps to increase their level of security and their general feature set to ensure compliance, they can offer their services to more industries that previously would have been outside their natural requirements.”

  • Alex Hobbs March 5, 2014 at 10:35 am

    in my opinion, there are so many cloud providers who have jumped into this market that it si no wodner there are so few that actually walk the talk and uphold security and compliance best pratcice, as they are all learning on the job and re-inventing the wheel. The likes of have been successfully servicing the FS indsutry for years

  • Post a comment

    Threaded commenting powered by interconnect/it code.