That scary thing called the cloud, better shut it down! 
1 Like
Itâs a correct take. Everything is on AWS these days.
Bezos could turn AWS off and shut down half a dozen governmental websites as well as a bunch of other stuff in the process.
Cloud needs more competition. Not just Amazon, Google and Microsoft running the show.
2 Likes
Thatâs just not going to happen though.
AWS use banks relying on them as an advertisement.
Got to be vigilant against supply chain attacks, though. Just look at the recent Kaseya hack - not only were their customers affected, but their customersâ customers were also hit!
3 Likes
One bank can rely on them, not half of them 
Every bank can rely on them if they want to. Why not? 
Iâm not going to explain something with such obvious ramifications
How theyâre doing it now isnât exactly going well for them so it might be a good idea 
It might inform some of us if you do. Itâs what the forumâs for.
No one needs it explained that the sun rises tomorrow
Yet we often use the forum to ask what some might consider blindingly obvious questionsâŚâŚdonât we?
Interesting one, and it feels like this could have a larger impact on fintechs than traditional banks for obvious reasons.
I would think that enforcing banks not to have all their eggs in one basket would be sufficient - so donât just have everything on AWS, be able to spin stuff up on Azure or Google Cloud too.
1 Like
Actually, big banks sign deals with these guys too. For example Lloyds signed one with Google, iirc
Theyâre not interchangeable though from a tech perspective, if using them in the most efficient way there is a good amount of platform lock-in and you do introduce potentially double the bugs trying to port between them (although if you do run them on standard servers just on the cloud then this wouldnât be an issue, I guess, but defeats the purpose imo)
I think the generic advice to the public should be: have a credit card or second bank account
I also think banks and payment companies in general should have to publish details of their cloud provider if theyâre not managing their own infrastructure AND the government should provide some grants or investment for a domestic cloud provider to be able to offer a similar basket to the giants (just so we donât have all our eggs in a single basket of massive tech conglomerates)
1 Like
This sounds like sensible contingency planning and risk management. Outsourcing risk is nothing new, though obviously the scale has changed.
If your cloud provider goes down or is hacked or is exploited to hack you, what do you do? Right now, as the Kaseya hack has demonstrated, the answer is âswitch everything off as quickly as possible and hope for the bestâ.
Thereâs no âactuallyâ point to be had there, there is a difference between using them for peripheral services and literally having your entire banking platform based on a cloud platform. Hence why there would be a larger impact on fintech banks - I didnât say there would be no impact on traditional banks.
Itâs not an insurmountable problem, I never suggested building in resiliency this way would be zero effort or cost. In the non-cloud world youâre talking about spinning up multiple physical data centres for resiliency, that also isnât zero effort or cost. Basing everything in the cloud frees you from those worries, but adds others - such as this. They canât just be ignored because itâs a bit difficult or inconvenient.
2 Likes
Smaller banks buy in their core banking systems, but that means the software, not hardware (I thinkâŚ).
Theoretically ay least, fintech banks have to meet the same risk standards, recovery and contingency requirements etc., so Iâm not sure itâs a bigger problem than for traditional banks. Imo, the attack vectors on traditional banks are probably greater day to day, just because of outdated processes being exploited - and garnering greater returns from a larger customer base.
The issue boils down to the near monopoly in cloud computing, which is finally recognised as a structural problem governments are going to have to tackle, or else lots of sectors are going to struggle with attacks. From the perspective of Revil or whoever, the rewards are worth the significant effort, because monopolisation gives them access to great rewards from a single attack.
You might have actually just worked out my university dissertation topic, security concerns and remedies of a monopoly in cloud computing
Shouldnât you be in hiding?
2 Likes
Not sure how we got here, but letâs not, eh?
2 Likes