The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

DTCC Details Lessons Learnt and Best Practice Approaches Resulting from its Cloud Adoption Journey

DTCC has highlighted the challenges and opportunities of its cloud adoption journey in a white paper published today and designed to help financial institutions take best practice approaches to cloud implementation.

The paper, Cloud Technology: Powerful and Evolving, is authored by the company and recognises financial firms’ ongoing move to the cloud in search of efficiencies and business benefits. Its timing reflects an acceleration to cloud computing as a result of the coronavirus pandemic, although it also notes a change in the cloud proposition stating: “Initial enthusiasm for large scale transitions of entire application portfolios to the public cloud has subsided to a more practical pace amid deeper consideration of the specific requirements for individual business solutions.”

Business and regulatory issues to consider before embarking on a cloud adoption journey include:

  • State and cost of an existing solution
  • Appropriateness of cloud technology for business purposes
  • Ongoing support for data security and privacy
  • Ability of cloud technology to meet clients’ resiliency and performance demands

From a data and data management perspective, governance is key. Robert Palatnick, managing director and global head of technology research and innovation at DTCC, says: “At DTCC, any move to the cloud starts with governance processes. These are a key enabler to the cloud journey.” He notes that governance is not usually an IT responsibility, and is more likely to be the remit of control roles in areas such as risk, audit, compliance and legal.

Talking about the DTCC’s cloud adoption, Palatnick says: “We evaluated every app and associated data for cloud worthiness and whether cloud technology could support our data ratings and tier ratings for apps.”

The company’s data rating puts personal data and immediate trading data in the top tier of ‘red data’, above other ratings such as internal memos and, finally, public data. Palatnick says: “There are shades of red depending on how old data is, whether it is used in an app or archived, and how it is encrypted. This is all part of data governance.”

Classification of apps is made on the basis of how critical they are, recovery time and recovery objectives, issues that are often both business and regulatory requirements. The top tier of apps are those requiring the shortest time to recovery with as little data loss as possible. In lower tiers are processes and development environments with a longer time to recovery, but no impact on customers.

“We assess data and apps very carefully, and have moved app by app,” says Palatnick. “We have not yet moved our most critical processing, real-time clearing and settlement, to the cloud, but we are making progress.” Lessons learnt from DTCC’s cloud journey include the importance of governance and the need to engineer security as cloud vendors offer security capabilities but they must be customised to meet specific requirements.

Summing up elements of best practice, the DTCC report lists:

  • Regulated entity obligations: cloud strategy, cloud governance, proactive security controls oversight, exit strategy
  • Foundational technology capabilities: architecture, automation, on-premises cloud options, lift and shift vs. design for cloud
  • Resilience and resilience verification capabilities: failover and disaster recovery, resilience, and chaos engineering
  • Cloud vendor obligations: contractual agreement considerations, security considerations, evidence of available capacity, data localisation and privacy

As DTCC continues its cloud journey, further consideration will be given to developing applications using only cloud-ready technologies and approaches, and automation and layering of technologies to leverage cloud-hosted applications. Alerting and monitoring will continue to be core elements of resilient and secure operations, while the establishment of a principles-based, harmonised regulatory framework should better support further adoption of cloud services. Finally, the report parallels industry interest in a common lexicon of cloud terminology that could foster effective, cross-sector communication and increased understanding of regulatory requirements.

Related content

WEBINAR

Recorded Webinar: Evolution of data management for the buy-side 2021

The buy-side faced a barrage of regulation in 2020 and is now under pressure to make post-Brexit adjustments and complete LIBOR transition by the end of 2021. To ensure compliance and ease the burden of in-house data management, many firms turned to outsourcing and managed services. But there is more to come, as buy-side firms...

BLOG

Opensee Platform Provides Self-Service Big Data Analytics for Business Users

Paris-based ICA, a provider of big data analytics, has rebranded as Opensee, marking its evolution from an innovative capital markets data analytics platform to a market challenger. The company’s offer is to make hundreds of terabytes of structured data accessible to business users easily and quickly through self-service data analytics tools. The company was initially...

EVENT

Data Management Summit Virtual

The Data Management Summit Virtual brings together the global data management community to share lessons learned, best practice guidance and latest innovations to emerge from the recent crisis. Hear from leading data practitioners and innovators from the UK, US and Europe who will share insights into how they are pushing the boundaries with data to deliver value with flexible but resilient data driven strategies.

GUIDE

ESG Handbook 2021

A-Team Group’s ESG Handbook 2021 is a ‘must read’ for all capital markets participants, data vendors and solutions providers involved in Environmental, Social and Governance (ESG) investing and product development. It includes extensive coverage of all elements of ESG, from an initial definition and why ESG is important, to existing and emerging regulations, data challenges...