Bank calls for crackdown on cloud computing risks and ‘secrecy’

The Bank of England said the increasing reliance on cloud services could pose a threat to financial stability.
A person using a laptop
PA Wire
Holly Williams13 July 2021

The Bank of England has called for measures to protect against financial stability risks from banks moving services to the cloud and relying on a small number of secretive providers.

The Bank said it has seen an increasing trend in banks and financial firms outsourcing key services to cloud computing companies – such as the likes of Amazon Google and Microsoft – over the past 18 months.

It warned this could pose a threat to financial stability, given the small number of providers and the vast amount of data and services being outsourced.

The alert comes just a month after a mass global outage caused by US-based cloud computing service provider Fastly, which caused a swathe of websites to go down – such as Twitter, Spotify, Reddit and a raft of media sites.

The Fastly problem and a number of smaller web outages since have underscored how vital a small number of behind-the-scenes companies have become to running the internet.

In terms of the standards of resilience and the testing of those standards of resilience, frankly we will have to roll some of that back, that secrecy that goes with it. It's not consistent with our objectives

Bank of England Governor Andrew Bailey

Bank Governor Andrew Bailey said this “increasing reliance on a small number of CSPs (cloud service providers) and other critical third parties could increase financial stability risks without greater direct regulatory oversight of the resilience of the services they provide”.

He added that “additional policy measures to mitigate financial stability risks in this area are needed”.

A major concern for the Bank is the level of secrecy and lack of transparency within the cloud computing providers, with the firms keen not to leave themselves open to cyber attacks.

He said that while “we don’t want hackers to get the guide book”, “we have got to strike a balance”.

“In terms of the standards of resilience and the testing of those standards of resilience, frankly we will have to roll some of that back, that secrecy that goes with it. It’s not consistent with our objectives,” he said.

Mr Bailey also pointed to concerns that the lack of competition in the market and the reliance on cloud computing for core banking services could see major providers dictate terms and prices.

He said: “That concentrated power on terms can manifest itself in the form of secrecy and not providing customers with the information they need to monitor the risk in the service.”

The Bank said the Treasury and the Financial Conduct Authority are looking at the issue of risks from cloud computing, but stressed that international standards are likely to be needed to tackle the rising threat.

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in