Financial Big Tech Problem | Financial Times

The International Settlements Bank thinks Big Tech is too big to fail.

In a paper published on Tuesday, the central bank argued that the dependence of a few companies on cloud computing software, which is growing among financial institutions, could have “strategic implications for the financial system.”

The cloud computing software market is moving and moving like Olugopol, with Amazon Web Services, Microsoft Azure, Google Cloud and Alibaba Cloud accounting for 70% of global revenue.

Today, eight out of ten financial institutions around the world use cloud computing to improve computer performance, better identify fraud, or improve security.

The results, however, are far from guaranteed. The Shanghai Police Database, which has personal information on 1 billion people, has been hacked, according to an EFT Tuesday report from a private cloud service in Alibaba.

Reiterating warnings from the Bank of England and others, BIS said the growing reliance on cloud computing is “creating single drop points, creating new concentration hazards at the technology service level.”

The BIS paper was taken from a separate study released in May by the European Securities and Markets Authority, in which authors Carolina Asensio, Antoine Buverett and Alexander Harris explain:

In terms of a certain number [cloud service providers] It is plausible that financial institutions are dependent on micro-CSPs with sufficient numbers to meet the high resilience requirements. This indicates that the performance may be more closely related to the financial institutions that provide critical or important functions to the joint CSP. Although cloud computing can significantly affect data security and performance recovery, it can increase simultaneous risks between different companies and have negative consequences for financial stability (Danielsson and Macrae, 2019; FSB, 2019). The danger of gathering in this context is a kind of systemic threat.

For example, what happens if a CSP leader suddenly loses?

Cyber ​​attacks also pose an obvious threat. 2020 SolarWinds Microsoft Cloud Service Hacking is a case in point. The company admitted at the time that simply installing “a few good-looking code lines” in the Microsoft operating system allowed hackers to “work without interruption” on damaged networks.

The Federal Reserve Bank of New York said last year that cyber-attacks, which undermine banking remittance capacity, are rapidly evolving (we focus on ourselves).

“If several small or medium-sized banks are exposed to mutual risk, As a significant service provider, This can lead to shocking transmission throughout the network. Similarly, banks with relatively small assets but high flow rates have the potential to damage the system. ”

To prevent such interference, the European Securities and Exchange Commission recommends that financial institutions use multiple CSPs for each of their services. “Multiple cloud solutions can“ significantly reduce system risk, ”he says. But. . .

. . . . This can only happen if different CSPs or resource groups have a low level of vulnerability (ie, can be rationally considered neutral) and the services in question are rapidly moving between them. In fact, the first of these assumptions (CSP interrupt freedom) may not be available in some cases, especially in a cloud provider, and the second estimate (backup mobility) may not apply specifically to different backup strategies. Suppliers.

It should be noted that policy makers provide a lot of confidential information to any CSP.