There are three types of cloud platforms:
- Public clouds: Brands such as Amazon Web Services, Microsoft Azure and Rackspace are examples of public cloud platforms, which are owned and managed by providers supplying cloud tools to multiple external clients on a pay-as-you-go basis. Firms that use public clouds lower the costs of buying and maintaining their own infrastructure because their cloud providers use economies of scale to take care of those responsibilities.
However, public cloud providers offer the exact same services, including security, availability and configurations, for every customer — and their standard offerings don’t include full IT management, troubleshooting and cybersecurity services. As a result, public cloud platforms may not be the best option for wealth management firms that require system flexibility to implement security and compliance controls around their data.
- Private clouds: Private cloud platforms offer greater data security and compliance functionality, enabling wealth managers to always remain aware of exactly where their data is located and apply the necessary security controls. Wealth managers that can prove their sensitive client information is properly safeguarded will be in the best position to meet evolving cybersecurity regulations.
Private clouds can also accommodate legacy software with little programming alterations, and enable RIAs and broker-dealers to configure desktop views and access controls to their liking.
While private clouds offer greater customization and security capabilities, building and maintaining their infrastructure require significant financial and manpower commitments that can put small or mid-size firms at risk of becoming distracted from their core competencies.
- Hybrid clouds: Hybrid cloud platforms are increasingly viewed as solutions that can give wealth management firms the best of private and public clouds — enabling them to utilize proprietary applications that require the highest level of security, while saving money on services over which they can tolerate relinquishing control. However, like private clouds, hybrid clouds require RIAs and broker-dealers to have a strong IT team that can manage the infrastructure, anticipate configuration challenges and maximize firm-wide platform use.
Wealth management practices that lack the in-house IT resources to build and manage a cloud platform over the long term can engage outside IT specialists that possess expertise in both technology and financial services. These specialists should be well-versed in SEC and FINRA policies as well as developments at large banks that may affect independent financial advisors — and they should also adhere to stringent internal audits of their own procedures.
Checklist of Criteria for Cloud Providers
After taking the time to understand the different types of cloud platforms, and their various benefits and drawbacks for their practices, wealth managers can begin the process of choosing a cloud provider. When performing due diligence, advisors should evaluate prospective cloud partners according to the following five criteria:
- Established customer base and references: Potential cloud providers should be able to offer client references to verify the reliability and quality of their services, customer support and network performance.
- Industry and technical expertise: Providers should understand the technology products that wealth management firms require, as well as the consistently evolving needs of the overall industry.
- Security and compliance requirements: Prospective cloud partners should have comprehensive security and disaster recovery plans in place that meet or exceed all requirements from wealth managers’ regulators and clients.
- Support: A potential cloud provider should offer technical support 24 hours a day and 365 days a year. Its support team should be staffed with knowledgeable engineers who understand wealth managers and their individual technology setups.
- Third-Party Validation and Accreditation: Wealth managers should check that cloud providers conduct periodic SSAE 16 audits of their security procedures to ensure they safely process and host data — and ask for results of past audits.
Every wealth management practice is unique. In order to make sure their firm can properly utilize the cloud to streamline and grow their business — while meeting evolving cybersecurity and regulatory requirements — over the long term, wealth managers must first be able to identify the right cloud solution and service provider.