Not every cloud has a silver lining
It’s a multibillion dollar industry dominated by Amazon, Google and Microsoft. But the public cloud market is not fit for purpose in the financial sector, where specialist private cloud providers such as Global Relay offer tailored, more secure services and better value
This article was featured in Issue 6 of Orbit TRC Magazine, Global Relay’s exclusive publication focusing on Technology, Risk, and Compliance.
There is a narrative about the cloud that has become a widely-accepted part of the way we do business in the modern world. We should congratulate the Big Three cloud vendors on successfully embedding this message into the corporate psyche. That message is simply this: “Public cloud is the only way to go, the only practical solution any business should consider.”
Amazon, Google and Microsoft comprise the Big Three and their stranglehold on the cloud provision market resembles a classic study of oligopolies that economics students are first exposed to. Its impact has been a state of affairs in which executives rarely challenge the proposition put forward.
But in the last 24 months, more executives have started to do just that. Is there, they ask, a greater role for private cloud? Is public cloud actually too expensive? Does it really offer the security that businesses, particularly in the financial sector, need? And are the resource implications quite what we have been led to believe?
For Warren Roy, Global Relay’s founder and CEO, there is a basic question with which to start the debate. “How do you define success in a business and does going to the cloud give you the assurance that you will be more successful?” he says. “You can’t just decide to go to the cloud because everybody’s doing it. That isn’t a decision.”
In its Global Cloud Ecosystem Index 2002, the MIT Technology Review said that “cloud is enabling us to democratize leverage from technology by breaking the shackles of capital-intensive foundations… in a world where every business is a tech business”. Accenture estimates that “92% of organizations are at least somewhat in the cloud” and that “50% of all corporate data is stored in the cloud, as of 2020”.
A large and growing market
According to the consultancy’s own conservative estimate, the cloud expenditure of an average company was $10,000 a month, and 33% of all organizations had an annual budget of between $2.4m and $12m. A recent survey of 500 senior executives in Europe and the Asia-Pacific region, reported in Computer Weekly, found 50% planned to step up the amount they invest in cloud over the next two years, with 73% intending to spend the largest tranche of their IT budget on cloud projects over the same period.
There is no doubt the scale of the opportunity is immense and it highlights the dedication and resolve of the three biggest corporations to succeed in the landgrab. But perhaps all is not so rosy as we hurtle blindly into this new environment. A study of 753 respondents by Saas provider Flexera for its 2022 State of the Cloud Report revealed those respondents thought their organizations wasted up to 32% of their cloud spend. And research by data analysts Datapine found 93% of leading companies across all sectors were “highly concerned about experiencing a significant data breach within their cloudcentric eco-systems”.
Is it possible that a multibillion dollar industry that is a fixture in most businesses is providing neither value for money nor a secure service for its customers? And in the financial sector, the absence of detailed knowledge cloud vendors have about the vertical is a concern that is often raised. Maybe it is time to reframe the narrative. And that objective is at the heart of Warren Roy’s business approach.
Time for a new cloud narrative
“We’re a state-of-the-art private cloud business and have been for 23 years. Every aspect of our compliance technology is optimized for performance at scale” he says. “The big three public cloud providers need to address an enormous market that is wider and deeper. They have to be everything to everybody, and with that there is compromise from top to bottom. The main problem with the public providers is that they don’t understand the requirements of any given market vertical, let alone the financial vertical.”
Financial services is a deeply regulated, highly specialized, demanding sector and, says Roy: “It’s very rare that generic public cloud services are aligned with the needs of a specialized vendor in the financial sector. Our customers are frustrated dealing with it. When we do technology partnerships between our customers, AWS, Microsoft, and Google, it’s always the cloud vendors that are the bottleneck, the underperformers, the ones pushing back. We build our technology services at a far higher standard and continually refine and optimize for the financial vertical we serve.”
Eric Parusel, Lead Architect at Global Relay, is particularly conscious of the risks around moving data into, and between, public cloud micro-services. “How are you going to decrypt data and move it into a new service?” he asks. “You have exposure at every switch, every transfer, every hop. If you are working with your organization’s most sensitive data, that should be a serious concern. Use of the cloud relies on a high degree of trust about what’s going on within that cloud with things over which you have no control or visibility.
“We’ve seen many examples over the years of breaches with commoditized cloud services. You need to look hard at scalability, security, the record on lost data.”
Roy says: “A technology company is highly dependent on the scalability and performance of its core technology stack, on top of which it builds its APIs, mobile, web and desktop applications. Our approach is to learn from the best when looking at each piece of technology, and then to optimize each one to perform at scale.” He adds: “We have always understood our technology stack had to outperform our direct competitors by a factor of ten. That’s why we created our own architecture. It is the foundation upon which we build our services – hundreds of data connectors and systems operating on top of our own compute platform, which we developed with HP.”
That tailored systems architecture, combined with a hardware security module (HSM) that generates and manages the digital keys and encryption processes so vital in financial services, enables Global Relay to provide what Roy calls “bullet-proof security”.
Parusel elaborates a little on the technical explanation. In 2003, Google published a File System Paper that in 2006 would spawn Hadoop, a collection of open-source software utilities that enabled use of a network of computers to solve problems involving enormous amounts of data. But to locate any particular data element, the Hadoop Distributed File System (HDFS) required specialized nodes, which created performance bottlenecks.
“We targeted a different method of distributing and looking up the data within our architecture,” says Parusel. “We used the distributed hash table concept.” This provided Global Relay with a significant advantage in terms of scalability and reliability.
“When you deploy thousands of storage nodes, it can present a scaling and a performance challenge,” says Parusel. “As the system scales, data will need to be moved to maintain uniform distribution. Consistent hashing using data ranges helps with performance and gives us the ability to scale.”
Roy and Parusel believe this gives the company a key way of differentiating itself from its competitors. “They are disadvantaged from the get-go,” says Roy, “because they will never have parity with us on scalability, performance or reliability”. And that, he stresses, is important. “Customers in this vertical expect these systems to be fast, reliable and scalable. So comparing what we offer and what Amazon, Google and Microsoft offer is like comparing apples with oranges.”
Parusel emphasizes the point, explaining the importance of a system that can extract all the necessary data, present it in a consistent and scalable way, and offer fast, accurate search on demand. Being able to provide that, says Roy, “is why we are trusted by our customers and by the regulators”.
Specialised functions for financial services
This all takes us back to Global Relay’s ability to offer the kind of specialized functions for the financial vertical that are not taken into account when making crude price comparisons between generalized service offerings. “We have built things that have not been replicated by our competitors,” says Roy. “Can they ensure that, no matter what you’ve sent them as a file, that you can retrieve it, that they still have it, that through all their systems crashes and software upgrades that it’s still intact and has integrity?
“The indexing model we’ve got was optimized for that ability to get data very, very quickly into its usable state. With Amazon indexing, for example, they don’t have a concept of short, medium or long-term indexing so queries get queued back at scale. Our customers can find their data when they want to find their data. Instantly. We incorporate a Constant Integrity Check that measures the quality, accuracy and completeness of the service we are providing. It’s an audit that means you can verify what we are giving you.”
The story highlights an innovative approach. Global Relay is unashamedly passionate about its offering because of the demanding sector that it first set out to serve. “The financial sector has the highest regulatory requirements in the business world in terms of performance and reliability,” says Roy. “We built our own business to serve a sector that has the highest level of regulatory sophistication. We welcome competitors because that helps us to show the uniqueness of what we offer, and why it is better suited to particular businesses. It’s part of a long-term vision and a commitment to the sector we serve.”
Reframing the discussion about how a multibillion dollar industry operates isn’t going to be easy, but it’s increasingly necessary to understand what the right questions to ask are, and how to judge the answers received.
Corporate history is littered with instances where herd mentality has proven misguided, often with terrible consequences. It is high time that enterprises take stock of the current mix of public and private cloud provision, and question at the outset if the current thinking is really the best tailored fit for their own business in the long term from a security, performance and scale perspective.
Roy and Parusel firmly believe power needs to be put into the hands of the companies buying the service, rather than resting with those providing it. “The big vendors think they can shape this world, but there are lots of Global Relays out there,” says Roy. “This business model is not going away.”
Orbit TRC, offers a unique blend of perspectives for corporates and regulated entities on the latest developments that impact technology, risk and compliance.