Cloud computing titans like Google, Amazon, and Microsoft are on the radar of banking regulators in the U.K. over growing concerns about how much data they handle and the dire consequences of what would happen if they were simultaneously hit by a cyberattack.
The Bank of England’s (BoE) Prudential Regulation Authority (PRA) wants to access more of the data from the top three companies that dominate cloud computing — Amazon Web Services, Microsoft Azure, and Google Cloud — as more financial services companies transfer their data to third-party services, Financial Times (FT) reported on Monday (Jan. 10), citing sources.
The move comes amid increases in service outages and hacks as more companies worldwide transfer data and IT services to third-party big tech companies. The three dominant firms have all signed contracts with British banks and concerns are growing over how a hack could derail the financial system.
Amazon Web Services signed with Barclays and HSBC; Lloyds Banking Group contracted with both Google Cloud and Microsoft Azure.
The move also follows a December Amazon Web Services outage that crippled a wide network of companies, including the robot vacuum maker Roomba and dating app Tinder. That service outage prompted regulators worldwide to turn their attention the cloud, an executive at a large U.S. bank with U.K. operations told FT.
PRA regulators are also weighing the possibility of conducting outage and disaster recovery drills, the sources told FT.
“We are looking at cloud providers in terms of operational resilience,” said one source familiar with the PRAs plans. “Do we need to go further, how can we build confidence in them? We are beginning to see them as important third parties who need more oversight.”
With a growing number of financial institutions sharing the same cloud providers, it’s anticipated that the PRA will devise a model that encompasses Amazon Web Services and Azure failing at the same time.
“This is a thorny issue, [regulators] are really nervous about it and we’ve spent a lot of time on it in recent discussions,” a senior U.K. banker told FT. “The seven biggest banks in the U.K. are all heavily using the cloud, and we are all invariably going to the same three or four suppliers that they don’t directly regulate.”