Business Payments Barometer rankings indicate urgency for cloud-based service migration
Fraud and Financial Crime
The following was written by Dalit Amitai with contributions from Gareth Priest and Keith Ludwig.
The 2022 Bottomline Business Payments Barometer hits all the high notes for business payment processing issues such as: cashflow, cybersecurity, regulatory compliance, new payments architecture and real-time payment fulfillment. One of the more compelling data points enumerated within the report is the “drivers of change” section. The 1,600 UK and US-based finance leaders we surveyed described “easier access to the cloud” as one of their highest priorities in driving business growth and operational change for this year, ahead of more headline-grabbing issues like blockchain revenue opportunities.
Before the Covid-19 pandemic impacted business leaders from around the world, the lower administration costs, flexibility, scalability, and other advantages were already leading many financial institutions to move their data and applications to the cloud. The fact that “easier access to cloud” is ranked so high as a change driver, is a significant finding as cloud migration is the foundation of digital transformation, yet it is fraught with misunderstandings. Let’s clear that up.
As with any strategic business growth opportunity, one must first understand that not all cloud-based solutions and providers are equal (e.g., the difference between PaaS and SaaS). Some customers may think of ‘the cloud’ as one generic platform where their data is stored with minimal differentiation among providers, type, and scope of ‘cloud solution’. Others may believe that cloud platforms are not inherently secure enough to store and process financial data. This misunderstanding has led some to continue to store all their applications in a legacy data center while impeding their ability to adapt to changing markets. Both lines of thinking can be clarified with the right attention to detail and an understating of different flavors of cloud services.
As Bottomline’s Chief Product Officer, Gareth Priest, shared: “The biggest misunderstanding about the cloud is in the language used to define it. I’ve talked to financial institutions who are willing to use SaaS but won’t ‘utilize the Cloud.’ Most of those SaaS providers are using a public cloud to provide those services, therefore, we need to better define the service. If, as an industry, we build, educate, and explain systems that leverage cloud not just for the efficiencies and speed, but also for the more granular control it can provide, we’ll likely assuage concerns.”
When moving services to the cloud, banks remain responsible for securing the solutions they provide to clients, ensuring compliance with the banking industry standards. Many of our Bottomline private cloud customers who have questions on our security standards (e.g., encryption at rest and encryption in transit) are pleased to learn that Bottomline offers a certified cloud solution (e.g., with PCI, SOC2, GDPR), which is audited by the FFIEC.
I also discussed this perception issue with Paymode-X VP of Development Keith Ludwig. He reported, “The biggest misunderstanding I see is in security. Your data is not automatically secure in the cloud, regardless of the vendor. However, working with a trusted vendor that monitors its system 24 x 7 for any attempted fraud and includes extensive security controls in place, is much safer. It’s far more secure than a self-hosted software solution. It’s always a good idea to research your vendor to ensure they have not been a victim of a successful attack.”
Banks should look to work with a hosting partner with proven experience in hosting and cloud migration, and in particular, a partner that has experience and a specific track record of hosting applications for financial institutions.
In this 'Cloud-Age,’ financial institutions are moving from buying software to subscribing to a service. If a company moves from an on-premises application to the cloud, the service to deliver that migration must include code progression, it cannot be left stagnant. Very much like Netflix and Spotify for example, if a competitor introduces better capabilities, they build a better alternative of their own. Similarly, if a financial institution is subscribing to a service from a vendor, they will need assurance the vendor is constantly keeping pace with both the new business requirements and with cutting-edge technology.
Ranking the new drivers
So how important is ‘Journey to the cloud’ going forward? I would rank this at the top of the list. In my experience, I’ve witnessed many banks decide to delay the migration to the cloud in favor of the bank's perceived higher priorities. For example, a bank may decide to focus on adjusting fraud detection solutions to ISO 20022 or deploying fraud solutions for RTP on-premises before moving fraud detection applications to the cloud. When in fact, if they’ve already migrated to the cloud, complying with ISO 20022, and supporting RTP could have been seamless and smooth and, most importantly, the responsibility of the cloud vendor.
“I don’t know many corporates that are not in the midst of migrating or intend to migrate. Many of their systems are scheduled to move to cloud-based providers or take advantage of the cloud in hybrid mode,” Priest says. “The flexibility and speed make it very compelling. Banks are also recognizing the benefits, but they’re on a more considered trajectory given their regulatory needs and the state of their legacy technology environment.”
As companies embrace payments automation and the efficiency that goes along with it, moving to cloud-based solutions is one of the most exciting opportunities companies have. The adoption of payments modernization initiatives like RTP and ISO 20022 will accelerate moving enterprise applications to the cloud. The combination of those two will benefit your company, but more importantly, it will make you invaluable to your customers.
- White paper: 3 ways fraudsters compromise AP security and controls - Bottomline looks into payment vulnerabilities and how to mitigate risk
- Article: The dynamic cloud helps your website work when customers need it most - Lee Atchison, a well-known and respected influencer on cloud computing, points out the advantages of the dynamic cloud
And don’t forget to subscribe to Bottomline's blog to receive our monthly newsletter, full of the latest thought leadership on payments, banking, fraud prevention and more, delivered right to your inbox.