The cloud is here to stay, especially in the payments space. Yet, many organizations still hold lingering doubts. We’re here to dispel the ones around security.
The payments industry is the latest to embrace cloud technology, following success across the sales, HR, and enterprise markets. Larger banks are adopting cloud at a breakneck pace: HSBC partnered with AWS while Google became the cloud provider of Goldman Sachs and Deutsche Bank — all within days of each other, last year. As the need for more agile infrastructure grows, payment companies of all kinds are modernizing their tech stack.
The source of this shift can be closely tracked to the larger change in consumer behavior towards digital solutions. In all areas of business, digital services are growing in popularity, with Salesforce reporting that 88% of customers expect brands to accelerate digital initiatives following the pandemic. This emphasis is particularly true when it comes to purchasing; a Harvard Business Review study found that 73% of consumers use multiple channels during their shopping journey, making digital payments a must-have.
Today’s companies understand the value of modern technology infrastructure, but many don’t have the capabilities to support the tools they need. Cloud has emerged as the most affordable and efficient option for payments companies today, due to its ability to support and scale multiple applications without the need for on-premise servers. Yet deciding to migrate to the cloud is not always as clear as it sounds.
As with any major corporate overhaul, investing in new cloud infrastructure can be expensive. There is the option to move to the cloud in a step-by-step approach, but that requires a strategy to maintain workflow efficiency and department collaboration even as teams start using different tools. More broadly, businesses that have been using existing legacy technology for years may be reluctant to adopt a new way of working, particularly if the migration impacts operations.
These concerns affect all industries but perhaps the biggest concern with using the cloud for payments services is that of security. While security is critical to many businesses, it is especially important when dealing with sensitive information like personal and financial data. When companies operate their own infrastructures, using physical on-site servers can feel more secure than trusting a third-party’s private cloud network — let alone a public one.
Fortunately, these concerns are misplaced. Although the idea of a public network suggests that it is accessible to everyone — including hackers — this is a misconception. A public network simply means that multiple companies are utilizing a private area of a larger shared infrastructure; there are still access restrictions in place, which each company can select in accordance with its internal requirements.
Potential customers may worry about entrusting a third party with their data, but the right cloud provider will be able to offer more security investment than can be achieved alone. Public cloud providers work on behalf of multiple customers, who all benefit from a more comprehensive infrastructure. This results in faster identification of fraud or breach; the ability to participate in InfraGard — a partnership between the FBI and U.S. businesses; and the investment power of thousands of companies for future innovation.
There is also the benefit of deploying an expert in its field. In-house security must often be run by an IT team whose priority is building product software. With a cloud provider, network security is a critical piece of the product and therefore more advanced. The best public cloud infrastructures will support automated detection and attack responses, perform regular vulnerability scanning and penetration testing and encrypt sensitive data.
Security may be the biggest concern of many payments companies, but other myths can delay cloud adoption. Regulation is critical for the payments industry and is only becoming more complicated, as governments around the world continue to enact requirements like GDPR and PSD2. Some businesses may worry about trusting a public cloud to maintain compliance with these regulations.
In reality, the public cloud can make regulatory compliance much easier due to improved transparency. Data privacy is a key piece of the cloud’s value offering, so customers can focus on meeting other regulations while safe in the knowledge their data is secure. While it is not the responsibility of the cloud provider to ensure compliance, operating on a public cloud alleviates some regulatory pressure as data is not stored on-premise, limiting the scope of PCI audits.
Lastly, some businesses might worry they will cede control to the cloud provider. In practice, this is mostly perception. The variety of cloud providers in the market ensures that customers will be able to vote with their wallets and select the partner that is right for their needs. Instead of giving away power, migrating to the cloud involves delegating some responsibility to an expert in the field.
This reluctance to trust in the cloud’s security is likely impeding many companies from receiving its multiple benefits — the flexibility to scale operations, such as to support sudden volume spikes around major shopping holidays; the ability to integrate new applications that emerge on the market, without draining operational bandwidth; and the transparency to make regulatory compliance a simpler affair.
We’re giving you a fresh dose of insights, perspectives and the latest trends from the world of payments.