With the industry market valued globally at an estimated $752 billion in 2024 and forecast annual revenues this year of $2.7 billion, cloud technology is big business. But is it wise for top financiers to put their eggs in a basket they don’t own or hold themselves?
Cloud technology is undoubtedly useful. An organization can use it to store large volumes of data on a third-party platform such as Amazon Web Services (AWS) or Microsoft Azure. Businesses using cloud technologies can scale up at lower costs thanks to not having to maintain bulky physical assets like data centres and in-house hardware.
Business Heads Are In The Cloud
Capgemini published a report in late 2023 that revealed nine in ten banks and insurers had begun migrating their data over to cloud-based platforms. This is a marked rise from 2020, when it reported just a third doing so. Meanwhile PwC published a client survey in 2024 indicating that 17% of financial institutions were “all in” on the technology.
Amazon Web Services (AWS) is the biggest player in the cloud market, holding an estimated 29% of the global share as at the first quarter of 2025. Microsoft Azure (22%) and Google Cloud (12%) hold second and third place. Together these “big three” players control almost two-thirds of the global market, but Alibaba (4%) is also worth bearing in mind as it is the largest provider in China.
Storm Clouds Gather
But a recent AWS outage highlighted the weaknesses inherent in a centralized approach to third-party infrastructure. The lights went out for just an hour, but that forced major cryptocurrency exchanges like Binance, MEXC and KuCoin to cease trading during that period. Given that the estimated daily crypto trading volume is around $45 billion, it isn’t unreasonable to suppose that the AWS glitch cost millions.
The April outage wasn’t the first incident of its kind to rattle AWS and its users, and if a cybersecurity report from SentinelOne is anything to go by, chances are it won’t be the last. The firm says just under half (45%) of security incidents under its purview “originated from cloud environments”.
SentinelOne puts the average cost of a data breach at $4.8 million thanks to stolen files and tarnished reputation – a cloud-based incident is not something you want on your resume, especially if your business is looking after other people’s money.
Cybersecurity Rains on Cloud’s Parade
“As businesses store more data and run applications in the cloud, they open up more potential entry points for cyberattacks,” says SentinelOne. “Each cloud service, application, and integration adds to the number of potential vulnerabilities that attackers can exploit. Without strong security measures, this broader attack surface increases the chances of unauthorized access, data breaches, and system compromises.”
Of course, being a cybersecurity company, SentinelOne would say that – but it also says it has the stats to back up its claim, with four in five data breaches in 2023 due to “data stored in the cloud”.
The Horror, the Horror…
Other observers seem to agree that over-reliance on cloud technology is rendering major financiers vulnerable. In March, the Financial Times described the European banking system’s third-party IT infrastructure as “Lovecraftian”.
Admittedly, likening big banks’ dependence on cloud technology to the work of a horror fiction author might be a tad harsh. But the FT cited a European Central Bank (ECB) report that found “significant dependencies on critical services” from external providers – of which about 82% would be “difficult or impossible to substitute and reintegrate” if something went wrong.
Cloud Has More Silver Linings Than You Think
Not everyone shares this pessimism, however. Bain & Company, which specializes in troubleshooting on behalf of tech and finance clients, believes that regulatory and security fears around cloud technology amount to little more than “myths”, Lovecraftian or otherwise.
Bain assesses that “state-of-the-art encryption” means data stored in the cloud is “at least as secure as most on-premises data”. Together with pseudonymization services offered by major providers including Google and IBM Cloud – whereby data is separated from personally identifying information – this makes cloud security more robust than many executives seem to think it is.
Furthermore, Bain also claims that regulatory compliance – something a business will want to be on top of to avoid any hefty fines – is easier in the cloud.
“Failure in cloud security results in heavy fines, expensive legal penalties, and loss of customer trust due to non-compliance,” cautions SentinelOne. Not a problem, according to Bain. “Cloud services are designed to comply with a large number of regulatory requirements right out of the box,” it says, “including third-party validation and regular updates that reflect the latest regulatory changes.”
Are We Exclusive Now?
Over-centralization, or dependency on one exclusive provider, is another false fear, adds Bain: “While cloud transformation may involve reducing the number of suppliers and even committing to a preferred partner, vendor lock-in does not attach a firm to only one cloud provider.”
Bain adds that larger organizations tend to operate in a “multi-cloud environment”, with bigger firms including financial institutions using on average almost one and a half times the number of public cloud platforms as smaller companies. This diversification, it claims, should allay fears of over-centralization.
A Bad Workman Blames His Tools
A key drawback of the cloud might not lie in the technology itself – but be down to companies not adopting it correctly. Digital business consultancy Solita recently warned that organizations migrating to the cloud must be prepared to change their mindset and not simply expect the technology to take care of everything by itself.
Failure to do so means that many players in the finance sector might miss out on the technology’s best features.
“Cloud isn’t merely a technical migration,” says Solita. “It’s a fundamental rethinking of how services are built, delivered and secured. And in the financial sector, where regulation, security and trust are everything, this change is even more profound.”
Companies investing in the cloud should solicit providers who take a hands-on approach to advising clients on how best to use the technology. They cannot simply expect to let someone else “run the cloud” for them.
Fantasy vs. Reality
In further evidence that talking a good cloud game and making it a reality are far from the same thing, there are signs that financial decision-makers are struggling to implement the new technology despite being fans of the concept.
Capgemini found 89% of executives it surveyed in 2023 believed the technology was “crucial for delivering the agility, flexibility, innovation, and productivity necessary to meet escalating business demands”. But it also found that more than half of firms had “only moved a minimal portion” of their core functions to the cloud.
Teamwork Required
SentinelOne echoes the advice given by Solita, stressing that contracting a cloud supplier is not a simplistic top-down process – it means entering into a partnership with shared responsibility.
“The [cloud] provider is in charge of the security of the infrastructure, while the customer is responsible for their data, applications, and access management,” says SentinelOne, adding that all the usual cybersecurity caveats therefore apply.
“Business firms should encrypt, make sure multi-factor authentication is in place, run regular security audits, and maintain strict access controls to prevent data breaches,” it says, “scanning the configurations of the cloud for any security weaknesses and patching any vulnerability as soon as it is discovered.”
Buyer Beware
Companies investing in cloud services will also want to keep an eye on costs – AWS caught a lot of clients off-guard when it hiked its rates in the first quarter of 2025, which saw prices for its flagship Elastic Compute Cloud (EC2) service increase by 15-38%. This and other unwelcome price hikes led firms across industries to report a 50-100% surge in AWS spending since January.
Again this is where the human factor, albeit at expert level, can play a part. Computing and coding tutorial hub Mark Ai Code recommends that developers look at downsizing their EC2 instances. It claims that more than six in ten AWS accounts it reviewed recently were oversized, and that it helped clients cut their cloud costs with Amazon by at least a quarter through downsizing. One tech startup’s monthly bill was reduced by 41%, from $28,500 to $16,900.
Whatever the risks involved, it’s hard to see financial institutions backing out of the cloud now – with tens of thousands of organizations using it in at least basic form, a mass exodus looks unlikely. Though of course, when it comes the world of fintec, (almost) anything is possible.
#cloud #finance #fintec #DigitalAssets #DeFi
Author: Damien Black
See Also:
AWS Outage Disrupts Crypto Exchanges, Exposing Centralized Risks | Disruption Banking
IPC now supports hybrid network connections to Google Cloud | Disruption Banking
Follow: @DisruptionBank on X for more insights.
