Bank calls for crackdown on cloud computing risks and ‘secrecy’
The Bank of England has called for measures to protect against financial stability risks from banks moving services to the cloud and relying on a small number of secretive providers.
The Bank said it has seen an increasing trend in banks and financial firms outsourcing key services to cloud computing companies – such as the likes of Amazon, Google and Microsoft – over the past 18 months.
It warned this could pose a threat to financial stability, given the small number of providers and the vast amount of data and services being outsourced.
The alert comes just a month after a mass global outage caused by US-based cloud computing service provider Fastly, which caused a swathe of websites to go down – such as Twitter, Spotify, Reddit and a raft of media sites.
The Fastly problem and a number of smaller web outages since have underscored how vital a small number of behind-the-scenes companies have become to running the internet.
Bank Governor Andrew Bailey said this “increasing reliance on a small number of CSPs (cloud service providers) and other critical third parties could increase financial stability risks without greater direct regulatory oversight of the resilience of the services they provide”.
He added that “additional policy measures to mitigate financial stability risks in this area are needed”.
A major concern for the Bank is the level of secrecy and lack of transparency within the cloud computing providers, with the firms keen not to leave themselves open to cyber attacks.
He said that while “we don’t want hackers to get the guide book”, “we have got to strike a balance”.
“In terms of the standards of resilience and the testing of those standards of resilience, frankly we will have to roll some of that back, that secrecy that goes with it. It’s not consistent with our objectives,” he said.
Mr Bailey also pointed to concerns that the lack of competition in the market and the reliance on cloud computing for core banking services could see major providers dictate terms and prices.
He said: “That concentrated power on terms can manifest itself in the form of secrecy and not providing customers with the information they need to monitor the risk in the service.”
The Bank said the Treasury and the Financial Conduct Authority are looking at the issue of risks from cloud computing, but stressed that international standards are likely to be needed to tackle the rising threat.