CXOToday has engaged in an exclusive interview with Sanjay Gupta, Partner, Consulting, Deloitte India.
- How do RBI’s guidelines emphasize governance, security controls, and risk assessment for BFSI cloud adoption?
The RBI’s emphasis on the above is based on guidelines to establish organization specific policies, procedures and frameworks.
The development of a cloud adoption strategy which includes shared responsibility matric, clear Service Level Agreements (SLAs) and most importantly the exit strategy. This includes due diligence and independent review of Cloud service provider (CSP). With respect to data security, it emphasizes to assess data classification and protection control with a review of data lifecycle and encryption controls for data at rest, in motion and in use.
Similarly, the Application security guidelines include continuous security testing, DevSecOps and vulnerability management.
In addition, the RBI’s guidelines emphasize incorporating risk management in the overall Governance framework – managing risk and promoting accountability for outsourcing including cross-border and group outsourcing.
2. How can cloud technologies address the evolving demands of digital transformation in the BFSI sector?
Cloud technologies present an opportunity to shift beyond capacity play into transformation, innovation and data agility mechanisms. According to a survey, BFSI sector is now investing more on cloud to transform systems.
Cloud technologies lay the foundation for digital transformation among BFSI customers. With an on-demand, resilient and scalable service consumption model, cloud technologies help organizations improve their productivity, adaptability to today’s changing business landscape, ability to innovate and provide better services to their customers.
3. In a multi-cloud environment, what benefits and efficiencies can be gained through effective governance and standardized approaches?
Today organizations are adopting multi-cloud for numerous reasons. However, securing a multi-cloud environment becomes challenging due to the increased surface area of attack and lack of visibility across cloud hosts and services. In addition to security, managing operations and ensuring cloud spend visibility across clouds can become challenging in a multi-cloud environment. An effective operating model can address these challenges and ensure streamlined operation between the various clouds within an organization. Appropriate cloud governance can benefit from the following considering:
- Clearly defined roles and responsibilities
- Providing an updated inventory of all cloud services and enterprise assets in a multi-cloud environment
- Ensuring compliance across all applicable standards and regulations
- Appropriate IAM controls for all users across the multi-cloud landscape
- Proper data management guidelines including encryption policies for data-at-rest and data-in-motion
- Capacity and capability map across the multi-cloud environment
4. In what ways does cloud adoption impact cost management and resource optimization for financial institutions?
With the adoption of cloud, organizations have the option to move to a “pay-as-you-go” model. This is different from the traditional CAPEX & MAINTENACE model of IT procurement.
The “pay-as-you-go” model provides significant benefits for organizations; however, a proper governance mechanism needs to be in place to ensure financial control and management. Based on our experience of working with clients in this space, cost transparency appears a big challenge in cloud adoption. This is primarily due to a lack of financial governance. Deloitte recommends setting up a cloud operating model right at the start of an enterprise cloud journey.
The cloud operating model incorporates various critical capabilities required to be successful in the enterprise cloud journey viz. cloud strategy & planning, cloud architecture, cloud financial management, overall program governance and control, compliance and regulatory reporting, cloud platform build, application migration and operations.
As highlighted above, cloud financial management (or, FinOps) is a critical capability of the cloud operating model which is required to bring visibility into an organisation’s cloud spend (including multi-cloud spend), identify areas of optimization, create a roadmap to implement these optimizations and support the organization in implementing the same over a period of time and also ensuring continuous improvement as the overall cloud journey matures.
5. In what ways can cloud-based solutions benefit banks, and how can Deloitte’s Cloud Operating Model service help banks leverage those benefits effectively?
Cloud is meant to enable organizational agility – not simply replace on-premises infrastructure. When we embrace change and adopt new ways of working, we can get the full benefits of cloud, from cost transparency to quicker speed of delivery and innovation. Cloud serves as a key link to realign IT setup with the business and ignite innovation by providing cloud native and self-service capabilities.
To realize these benefits and leverage them effectively, Cloud demands a material change to technology operating models. Deloitte’s Cloud Operating Model reimagines how enterprises can leverage cloud to drive transformation by addressing following: –
- Delivery models which are meant to evolve when operating in the cloud – legacy on-premise management processes & security approaches do not work in a cloud-first organization and will only slow teams down.
- Structure to safely give more power to application and product teams and provides an opportunity to remove the disconnect between business and IT teams.
- Manages a level of complexity that can be hard from figuring out workload disposition to long term operations. Especially for organizations with a diverse range of Line of Business (LOBs) and products, requirements differ which leads to working in hybrid and multi-cloud models.
- Strategies to manage cloud related niche skills and Talent to enable organizations to drive changes – including misalignment across senior leaders and budget challenges.
6. How does Deloitte’s Cloud Operating Model align with business strategy, leveraging assets, and comprehensive capabilities?
The Deloitte’s Cloud Operating Model Framework is aligned with industry-leading best practices and has a comprehensive set of capabilities viz. Cloud Strategy & Governance (includes Cloud BizOps and Architecture & Standards), Security Risk and Compliance (includes Cloud Security and Risk Management), Platform and Data Engineering (includes Cloud Migration, Consumer Enablement, Cloud Platform and Cloud Data Platform) and Platform Operations and Management (Cloud Foundation and Cloud Operations). The framework is very comprehensive and detailed, with details around L1, L2 and L3 capabilities and their interaction with overall Product Management and Service Delivery teams and other Business Units (BUs) within the Bank.
Deloitte’s Cloud Operating Model helps organizations to meet new expectations:
- Need for Customer-Centricity – KPIs and Roles focused on customer engagement and success
- Speed to Value – Accountability to deliver value in frequent increments.
- Rapid Innovation – Reinvent offerings to evolve fast with technological advancements.
- Revenue Generation – Enable products that grow top line and Time to market for new products
- Cost-Effectiveness / Value Creation – Transparent cost structures and focus on reuse, quality and reduction in technical debt