Bank of England to crack down on 'secretive' cloud computing services

That scary thing called the cloud, better shut it down! :joy:

1 Like

It’s a correct take. Everything is on AWS these days.

Bezos could turn AWS off and shut down half a dozen governmental websites as well as a bunch of other stuff in the process.

Cloud needs more competition. Not just Amazon, Google and Microsoft running the show.


That’s just not going to happen though.

AWS use banks relying on them as an advertisement.

Got to be vigilant against supply chain attacks, though. Just look at the recent Kaseya hack - not only were their customers affected, but their customers’ customers were also hit!


One bank can rely on them, not half of them :slight_smile:

Every bank can rely on them if they want to. Why not? :joy:

I’m not going to explain something with such obvious ramifications

How they’re doing it now isn’t exactly going well for them so it might be a good idea :+1:

It might inform some of us if you do. It’s what the forum’s for.

No one needs it explained that the sun rises tomorrow

Yet we often use the forum to ask what some might consider blindingly obvious questions……don’t we?

Interesting one, and it feels like this could have a larger impact on fintechs than traditional banks for obvious reasons.

I would think that enforcing banks not to have all their eggs in one basket would be sufficient - so don’t just have everything on AWS, be able to spin stuff up on Azure or Google Cloud too.

1 Like

Actually, big banks sign deals with these guys too. For example Lloyds signed one with Google, iirc

They’re not interchangeable though from a tech perspective, if using them in the most efficient way there is a good amount of platform lock-in and you do introduce potentially double the bugs trying to port between them (although if you do run them on standard servers just on the cloud then this wouldn’t be an issue, I guess, but defeats the purpose imo)

I think the generic advice to the public should be: have a credit card or second bank account

I also think banks and payment companies in general should have to publish details of their cloud provider if they’re not managing their own infrastructure AND the government should provide some grants or investment for a domestic cloud provider to be able to offer a similar basket to the giants (just so we don’t have all our eggs in a single basket of massive tech conglomerates)

1 Like

This sounds like sensible contingency planning and risk management. Outsourcing risk is nothing new, though obviously the scale has changed.

If your cloud provider goes down or is hacked or is exploited to hack you, what do you do? Right now, as the Kaseya hack has demonstrated, the answer is “switch everything off as quickly as possible and hope for the best”.

There’s no ‘actually’ point to be had there, there is a difference between using them for peripheral services and literally having your entire banking platform based on a cloud platform. Hence why there would be a larger impact on fintech banks - I didn’t say there would be no impact on traditional banks.

It’s not an insurmountable problem, I never suggested building in resiliency this way would be zero effort or cost. In the non-cloud world you’re talking about spinning up multiple physical data centres for resiliency, that also isn’t zero effort or cost. Basing everything in the cloud frees you from those worries, but adds others - such as this. They can’t just be ignored because it’s a bit difficult or inconvenient.


Smaller banks buy in their core banking systems, but that means the software, not hardware (I think…).

Theoretically ay least, fintech banks have to meet the same risk standards, recovery and contingency requirements etc., so I’m not sure it’s a bigger problem than for traditional banks. Imo, the attack vectors on traditional banks are probably greater day to day, just because of outdated processes being exploited - and garnering greater returns from a larger customer base.

The issue boils down to the near monopoly in cloud computing, which is finally recognised as a structural problem governments are going to have to tackle, or else lots of sectors are going to struggle with attacks. From the perspective of Revil or whoever, the rewards are worth the significant effort, because monopolisation gives them access to great rewards from a single attack.

You might have actually just worked out my university dissertation topic, security concerns and remedies of a monopoly in cloud computing

Shouldn’t you be in hiding?


Not sure how we got here, but let’s not, eh?